diff --git a/docs/api/iam.md b/docs/api/iam.md index 02560446..501156e9 100644 --- a/docs/api/iam.md +++ b/docs/api/iam.md @@ -36,2479 +36,7 @@ Resource Types: ## GroupMembership [↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - -GroupMembership is the Schema for the groupmemberships API - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
apiVersionstringiam.miloapis.com/v1alpha1true
kindstringGroupMembershiptrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
specobject - GroupMembershipSpec defines the desired state of GroupMembership
- 		false
statusobject - GroupMembershipStatus defines the observed state of GroupMembership
- 		false
- - -### GroupMembership.spec -[↩ Parent](#groupmembership) - - - -GroupMembershipSpec defines the desired state of GroupMembership - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
groupRefobject - GroupRef is a reference to the Group. -Group is a namespaced resource.
- 		true
userRefobject - UserRef is a reference to the User that is a member of the Group. -User is a cluster-scoped resource.
- 		true
- - -### GroupMembership.spec.groupRef -[↩ Parent](#groupmembershipspec) - - - -GroupRef is a reference to the Group. -Group is a namespaced resource. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
namestring - Name is the name of the Group being referenced.
- 		true
namespacestring - Namespace of the referenced Group.
- 		true
- - -### GroupMembership.spec.userRef -[↩ Parent](#groupmembershipspec) - - - -UserRef is a reference to the User that is a member of the Group. -User is a cluster-scoped resource. - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
namestring - Name is the name of the User being referenced.
- 		true
- - -### GroupMembership.status -[↩ Parent](#groupmembership) - - - -GroupMembershipStatus defines the observed state of GroupMembership - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
conditions[]object - Conditions represent the latest available observations of an object's current state.
- 		false
- - -### GroupMembership.status.conditions[index] -[↩ Parent](#groupmembershipstatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
-
- Format: date-time
- 		true
messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
- 		true
reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
- 		true
statusenum - status of the condition, one of True, False, Unknown.
-
- Enum: True, False, Unknown
- 		true
typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
- 		true
observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
-
- Format: int64
- Minimum: 0
- 		false
- -## Group -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -Group is the Schema for the groups API - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
apiVersionstringiam.miloapis.com/v1alpha1true
kindstringGrouptrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
statusobject - GroupStatus defines the observed state of Group
- 		false
- - -### Group.status -[↩ Parent](#group) - - - -GroupStatus defines the observed state of Group - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
conditions[]object - Conditions represent the latest available observations of an object's current state.
- 		false
- - -### Group.status.conditions[index] -[↩ Parent](#groupstatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
-
- Format: date-time
- 		true
messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
- 		true
reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
- 		true
statusenum - status of the condition, one of True, False, Unknown.
-
- Enum: True, False, Unknown
- 		true
typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
- 		true
observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
-
- Format: int64
- Minimum: 0
- 		false
- -## MachineAccountKey -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -MachineAccountKey is the Schema for the machineaccountkeys API - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
apiVersionstringiam.miloapis.com/v1alpha1true
kindstringMachineAccountKeytrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
specobject - MachineAccountKeySpec defines the desired state of MachineAccountKey
- 		false
statusobject - MachineAccountKeyStatus defines the observed state of MachineAccountKey
- 		false
- - -### MachineAccountKey.spec -[↩ Parent](#machineaccountkey) - - - -MachineAccountKeySpec defines the desired state of MachineAccountKey - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
machineAccountNamestring - MachineAccountName is the name of the MachineAccount that owns this key.
- 		true
expirationDatestring - ExpirationDate is the date and time when the MachineAccountKey will expire. -If not specified, the MachineAccountKey will never expire.
-
- Format: date-time
- 		false
publicKeystring - PublicKey is the public key of the MachineAccountKey. -If not specified, the MachineAccountKey will be created with an auto-generated public key.
- 		false
- - -### MachineAccountKey.status -[↩ Parent](#machineaccountkey) - - - -MachineAccountKeyStatus defines the observed state of MachineAccountKey - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
authProviderKeyIdstring - AuthProviderKeyID is the unique identifier for the key in the auth provider. -This field is populated by the controller after the key is created in the auth provider. -For example, when using Zitadel, a typical value might be: "326102453042806786"
- 		false
conditions[]object - Conditions provide conditions that represent the current status of the MachineAccountKey.
-
- Default: [map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]
- 		false
- - -### MachineAccountKey.status.conditions[index] -[↩ Parent](#machineaccountkeystatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
-
- Format: date-time
- 		true
messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
- 		true
reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
- 		true
statusenum - status of the condition, one of True, False, Unknown.
-
- Enum: True, False, Unknown
- 		true
typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
- 		true
observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
-
- Format: int64
- Minimum: 0
- 		false
- -## MachineAccount -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -MachineAccount is the Schema for the machine accounts API - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
apiVersionstringiam.miloapis.com/v1alpha1true
kindstringMachineAccounttrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
specobject - MachineAccountSpec defines the desired state of MachineAccount
- 		false
statusobject - MachineAccountStatus defines the observed state of MachineAccount
- 		false
- - -### MachineAccount.spec -[↩ Parent](#machineaccount) - - - -MachineAccountSpec defines the desired state of MachineAccount - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
stateenum - The state of the machine account. This state can be safely changed as needed. -States: - - Active: The machine account can be used to authenticate. - - Inactive: The machine account is prohibited to be used to authenticate, and revokes all existing sessions.
-
- Enum: Active, Inactive
- Default: Active
- 		false
- - -### MachineAccount.status -[↩ Parent](#machineaccount) - - - -MachineAccountStatus defines the observed state of MachineAccount - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
conditions[]object - Conditions provide conditions that represent the current status of the MachineAccount.
- 		false
emailstring - The computed email of the machine account following the pattern: -{metadata.name}@{metadata.namespace}.{project.metadata.name}.{global-suffix}
- 		false
stateenum - State represents the current activation state of the machine account from the auth provider. -This field tracks the state from the previous generation and is updated when state changes -are successfully propagated to the auth provider. It helps optimize performance by only -updating the auth provider when a state change is detected.
-
- Enum: Active, Inactive
- 		false
- - -### MachineAccount.status.conditions[index] -[↩ Parent](#machineaccountstatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
-
- Format: date-time
- 		true
messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
- 		true
reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
- 		true
statusenum - status of the condition, one of True, False, Unknown.
-
- Enum: True, False, Unknown
- 		true
typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
- 		true
observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
-
- Format: int64
- Minimum: 0
- 		false
- -## PolicyBinding -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -PolicyBinding is the Schema for the policybindings API - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
apiVersionstringiam.miloapis.com/v1alpha1true
kindstringPolicyBindingtrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
specobject - PolicyBindingSpec defines the desired state of PolicyBinding
- 		false
statusobject - PolicyBindingStatus defines the observed state of PolicyBinding
- 		false
- - -### PolicyBinding.spec -[↩ Parent](#policybinding) - - - -PolicyBindingSpec defines the desired state of PolicyBinding - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
resourceSelectorobject - ResourceSelector defines which resources the subjects in the policy binding -should have the role applied to. Options within this struct are mutually -exclusive.
-
- Validations:
  • oldSelf == null || self == oldSelf: ResourceSelector is immutable and cannot be changed after creation
  • has(self.resourceRef) != has(self.resourceKind): exactly one of resourceRef or resourceKind must be specified, but not both
    • -     		true
    roleRefobject - RoleRef is a reference to the Role that is being bound. -This can be a reference to a Role custom resource.
    -
    - Validations:
  • oldSelf == null || self == oldSelf: RoleRef is immutable and cannot be changed after creation
    • -     		true
    subjects[]object - Subjects holds references to the objects the role applies to.
    -     		true
    - - -### PolicyBinding.spec.resourceSelector -[↩ Parent](#policybindingspec) - - - -ResourceSelector defines which resources the subjects in the policy binding -should have the role applied to. Options within this struct are mutually -exclusive. - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    resourceKindobject - ResourceKind specifies that the policy binding should apply to all resources of a specific kind. -Mutually exclusive with resourceRef.
    -     		false
    resourceRefobject - ResourceRef provides a reference to a specific resource instance. -Mutually exclusive with resourceKind.
    -     		false
    - - -### PolicyBinding.spec.resourceSelector.resourceKind -[↩ Parent](#policybindingspecresourceselector) - - - -ResourceKind specifies that the policy binding should apply to all resources of a specific kind. -Mutually exclusive with resourceRef. - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    kindstring - Kind is the type of resource being referenced.
    -     		true
    apiGroupstring - APIGroup is the group for the resource type being referenced. If APIGroup -is not specified, the specified Kind must be in the core API group.
    -     		false
    - - -### PolicyBinding.spec.resourceSelector.resourceRef -[↩ Parent](#policybindingspecresourceselector) - - - -ResourceRef provides a reference to a specific resource instance. -Mutually exclusive with resourceKind. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    kindstring - Kind is the type of resource being referenced.
    -     		true
    namestring - Name is the name of resource being referenced.
    -     		true
    uidstring - UID is the unique identifier of the resource being referenced.
    -     		true
    apiGroupstring - APIGroup is the group for the resource being referenced. -If APIGroup is not specified, the specified Kind must be in the core API group. -For any other third-party types, APIGroup is required.
    -     		false
    namespacestring - Namespace is the namespace of resource being referenced. -Required for namespace-scoped resources. Omitted for cluster-scoped resources.
    -     		false
    - - -### PolicyBinding.spec.roleRef -[↩ Parent](#policybindingspec) - - - -RoleRef is a reference to the Role that is being bound. -This can be a reference to a Role custom resource. - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the name of resource being referenced
    -     		true
    namespacestring - Namespace of the referenced Role. If empty, it is assumed to be in the PolicyBinding's namespace.
    -     		false
    - - -### PolicyBinding.spec.subjects[index] -[↩ Parent](#policybindingspec) - - - -Subject contains a reference to the object or user identities a role binding applies to. -This can be a User or Group. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    kindenum - Kind of object being referenced. Values defined in Kind constants.
    -
    - Enum: User, Group
    -     		true
    namestring - Name of the object being referenced. A special group name of -"system:authenticated-users" can be used to refer to all authenticated -users.
    -     		true
    namespacestring - Namespace of the referenced object. If DNE, then for an SA it refers to the PolicyBinding resource's namespace. -For a User or Group, it is ignored.
    -     		false
    uidstring - UID of the referenced object. Optional for system groups (groups with names starting with "system:").
    -     		false
    - - -### PolicyBinding.status -[↩ Parent](#policybinding) - - - -PolicyBindingStatus defines the observed state of PolicyBinding - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    conditions[]object - Conditions provide conditions that represent the current status of the PolicyBinding.
    -
    - Default: [map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]
    -     		false
    observedGenerationinteger - ObservedGeneration is the most recent generation observed for this PolicyBinding by the controller.
    -
    - Format: int64
    -     		false
    - - -### PolicyBinding.status.conditions[index] -[↩ Parent](#policybindingstatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
    -
    - Format: date-time
    -     		true
    messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
    -     		true
    reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
    -     		true
    statusenum - status of the condition, one of True, False, Unknown.
    -
    - Enum: True, False, Unknown
    -     		true
    typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
    -     		true
    observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
    -
    - Format: int64
    - Minimum: 0
    -     		false
    - -## ProtectedResource -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -ProtectedResource is the Schema for the protectedresources API - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    apiVersionstringiam.miloapis.com/v1alpha1true
    kindstringProtectedResourcetrue
    metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
    specobject - ProtectedResourceSpec defines the desired state of ProtectedResource
    -     		false
    statusobject - ProtectedResourceStatus defines the observed state of ProtectedResource
    -     		false
    - - -### ProtectedResource.spec -[↩ Parent](#protectedresource) - - - -ProtectedResourceSpec defines the desired state of ProtectedResource - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    kindstring - The kind of the resource. -This will be in the format `Workload`.
    -     		true
    permissions[]string - A list of permissions that are associated with the resource.
    -     		true
    pluralstring - The plural form for the resource type, e.g. 'workloads'. Must follow -camelCase format.
    -     		true
    serviceRefobject - ServiceRef references the service definition this protected resource belongs to.
    -     		true
    singularstring - The singular form for the resource type, e.g. 'workload'. Must follow -camelCase format.
    -     		true
    parentResources[]object - A list of resources that are registered with the platform that may be a -parent to the resource. Permissions may be bound to a parent resource so -they can be inherited down the resource hierarchy.
    -     		false
    - - -### ProtectedResource.spec.serviceRef -[↩ Parent](#protectedresourcespec) - - - -ServiceRef references the service definition this protected resource belongs to. - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the resource name of the service definition.
    -     		true
    - - -### ProtectedResource.spec.parentResources[index] -[↩ Parent](#protectedresourcespec) - - - -ParentResourceRef defines the reference to a parent resource - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    kindstring - Kind is the type of resource being referenced.
    -     		true
    apiGroupstring - APIGroup is the group for the resource being referenced. -If APIGroup is not specified, the specified Kind must be in the core API group. -For any other third-party types, APIGroup is required.
    -     		false
    - - -### ProtectedResource.status -[↩ Parent](#protectedresource) - - - -ProtectedResourceStatus defines the observed state of ProtectedResource - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    conditions[]object - Conditions provide conditions that represent the current status of the ProtectedResource.
    -
    - Default: [map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]
    -     		false
    observedGenerationinteger - ObservedGeneration is the most recent generation observed for this ProtectedResource. It corresponds to the -ProtectedResource's generation, which is updated on mutation by the API Server.
    -
    - Format: int64
    -     		false
    - - -### ProtectedResource.status.conditions[index] -[↩ Parent](#protectedresourcestatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
    -
    - Format: date-time
    -     		true
    messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
    -     		true
    reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
    -     		true
    statusenum - status of the condition, one of True, False, Unknown.
    -
    - Enum: True, False, Unknown
    -     		true
    typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
    -     		true
    observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
    -
    - Format: int64
    - Minimum: 0
    -     		false
    - -## Role -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -Role is the Schema for the roles API - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    apiVersionstringiam.miloapis.com/v1alpha1true
    kindstringRoletrue
    metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
    specobject - RoleSpec defines the desired state of Role
    -     		false
    statusobject - RoleStatus defines the observed state of Role
    -
    - Default: map[conditions:[map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]]
    -     		false
    - - -### Role.spec -[↩ Parent](#role) - - - -RoleSpec defines the desired state of Role - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    launchStagestring - Defines the launch stage of the IAM Role. Must be one of: Early Access, -Alpha, Beta, Stable, Deprecated.
    -     		true
    includedPermissions[]string - The names of the permissions this role grants when bound in an IAM policy. -All permissions must be in the format: `{service}.{resource}.{action}` -(e.g. compute.workloads.create).
    -     		false
    inheritedRoles[]object - The list of roles from which this role inherits permissions. -Each entry must be a valid role resource name.
    -     		false
    - - -### Role.spec.inheritedRoles[index] -[↩ Parent](#rolespec) - - - -ScopedRoleReference defines a reference to another Role, scoped by namespace. -This is used for purposes like role inheritance where a simple name and namespace -is sufficient to identify the target role. - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name of the referenced Role.
    -     		true
    namespacestring - Namespace of the referenced Role. -If not specified, it defaults to the namespace of the resource containing this reference.
    -     		false
    - - -### Role.status -[↩ Parent](#role) - - - -RoleStatus defines the observed state of Role - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    conditions[]object - Conditions provide conditions that represent the current status of the Role.
    -     		false
    observedGenerationinteger - ObservedGeneration is the most recent generation observed by the controller.
    -
    - Format: int64
    -     		false
    parentstring - The resource name of the parent the role was created under.
    -     		false
    - - -### Role.status.conditions[index] -[↩ Parent](#rolestatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
    -
    - Format: date-time
    -     		true
    messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
    -     		true
    reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
    -     		true
    statusenum - status of the condition, one of True, False, Unknown.
    -
    - Enum: True, False, Unknown
    -     		true
    typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
    -     		true
    observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
    -
    - Format: int64
    - Minimum: 0
    -     		false
    - -## UserDeactivation -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -UserDeactivation is the Schema for the userdeactivations API - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    apiVersionstringiam.miloapis.com/v1alpha1true
    kindstringUserDeactivationtrue
    metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
    specobject - UserDeactivationSpec defines the desired state of UserDeactivation
    -     		false
    statusobject - UserDeactivationStatus defines the observed state of UserDeactivation
    -     		false
    - - -### UserDeactivation.spec -[↩ Parent](#userdeactivation) - - - -UserDeactivationSpec defines the desired state of UserDeactivation - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    deactivatedBystring - DeactivatedBy indicates who initiated the deactivation.
    -     		true
    reasonstring - Reason is the internal reason for deactivation.
    -     		true
    userRefobject - UserRef is a reference to the User being deactivated. -User is a cluster-scoped resource.
    -     		true
    descriptionstring - Description provides detailed internal description for the deactivation.
    -     		false
    - - -### UserDeactivation.spec.userRef -[↩ Parent](#userdeactivationspec) - - - -UserRef is a reference to the User being deactivated. -User is a cluster-scoped resource. - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the name of the User being referenced.
    -     		true
    - - -### UserDeactivation.status -[↩ Parent](#userdeactivation) - - - -UserDeactivationStatus defines the observed state of UserDeactivation - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    conditions[]object - Conditions represent the latest available observations of an object's current state.
    -
    - Default: [map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]
    -     		false
    - - -### UserDeactivation.status.conditions[index] -[↩ Parent](#userdeactivationstatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
    -
    - Format: date-time
    -     		true
    messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
    -     		true
    reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
    -     		true
    statusenum - status of the condition, one of True, False, Unknown.
    -
    - Enum: True, False, Unknown
    -     		true
    typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
    -     		true
    observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
    -
    - Format: int64
    - Minimum: 0
    -     		false
    - -## UserInvitation -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -UserInvitation is the Schema for the userinvitations API - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    apiVersionstringiam.miloapis.com/v1alpha1true
    kindstringUserInvitationtrue
    metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
    specobject - UserInvitationSpec defines the desired state of UserInvitation
    -     		false
    statusobject - UserInvitationStatus defines the observed state of UserInvitation
    -     		false
    - - -### UserInvitation.spec -[↩ Parent](#userinvitation) - - - -UserInvitationSpec defines the desired state of UserInvitation - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    emailstring - The email of the user being invited.
    -
    - Validations:
  • type(oldSelf) == null_type || self == oldSelf: email type is immutable
    • -     		true
    organizationRefobject - OrganizationRef is a reference to the Organization that the user is invoted to.
    -
    - Validations:
  • type(oldSelf) == null_type || self == oldSelf: organizationRef type is immutable
    • -     		true
    roles[]object - The roles that will be assigned to the user when they accept the invitation.
    -
    - Validations:
  • type(oldSelf) == null_type || self == oldSelf: roles type is immutable
    • -     		true
    stateenum - State is the state of the UserInvitation. In order to accept the invitation, the invited user -must set the state to Accepted.
    -
    - Validations:
  • type(oldSelf) == null_type || oldSelf == 'Pending' || self == oldSelf: state can only transition from Pending to another state and is immutable afterwards
    • - Enum: Pending, Accepted, Declined
    -     		true
    expirationDatestring - ExpirationDate is the date and time when the UserInvitation will expire. -If not specified, the UserInvitation will never expire.
    -
    - Validations:
  • type(oldSelf) == null_type || self == oldSelf: expirationDate type is immutable
    • - Format: date-time
    -     		false
    familyNamestring - The last name of the user being invited.
    -
    - Validations:
  • type(oldSelf) == null_type || self == oldSelf: familyName type is immutable
    • -     		false
    givenNamestring - The first name of the user being invited.
    -
    - Validations:
  • type(oldSelf) == null_type || self == oldSelf: givenName type is immutable
    • -     		false
    invitedByobject - InvitedBy is the user who invited the user. A mutation webhook will default this field to the user who made the request.
    -
    - Validations:
  • type(oldSelf) == null_type || self == oldSelf: invitedBy type is immutable
    • -     		false
    - - -### UserInvitation.spec.organizationRef -[↩ Parent](#userinvitationspec) - - - -OrganizationRef is a reference to the Organization that the user is invoted to. - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the name of resource being referenced
    -     		true
    - - -### UserInvitation.spec.roles[index] -[↩ Parent](#userinvitationspec) - - - -RoleReference contains information that points to the Role being used - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the name of resource being referenced
    -     		true
    namespacestring - Namespace of the referenced Role. If empty, it is assumed to be in the PolicyBinding's namespace.
    -     		false
    - - -### UserInvitation.spec.invitedBy -[↩ Parent](#userinvitationspec) - - - -InvitedBy is the user who invited the user. A mutation webhook will default this field to the user who made the request. - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the name of the User being referenced.
    -     		true
    - - -### UserInvitation.status -[↩ Parent](#userinvitation) - - - -UserInvitationStatus defines the observed state of UserInvitation - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    conditions[]object - Conditions provide conditions that represent the current status of the UserInvitation.
    -
    - Default: [map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Unknown]]
    -     		false
    inviterUserobject - InviterUser contains information about the user who invited the user in the invitation.
    -     		false
    organizationobject - Organization contains information about the organization in the invitation.
    -     		false
    - - -### UserInvitation.status.conditions[index] -[↩ Parent](#userinvitationstatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
    -
    - Format: date-time
    -     		true
    messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
    -     		true
    reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
    -     		true
    statusenum - status of the condition, one of True, False, Unknown.
    -
    - Enum: True, False, Unknown
    -     		true
    typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
    -     		true
    observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
    -
    - Format: int64
    - Minimum: 0
    -     		false
    - - -### UserInvitation.status.inviterUser -[↩ Parent](#userinvitationstatus) - - - -InviterUser contains information about the user who invited the user in the invitation. - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    displayNamestring - DisplayName is the display name of the user who invited the user in the invitation.
    -     		false
    emailAddressstring - EmailAddress is the email address of the user who invited the user in the invitation.
    -     		false
    - - -### UserInvitation.status.organization -[↩ Parent](#userinvitationstatus) - - - -Organization contains information about the organization in the invitation. - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    displayNamestring - DisplayName is the display name of the organization in the invitation.
    -     		false
    +[... the rest of the document remains unchanged ...] ## UserPreference [↩ Parent](#iammiloapiscomv1alpha1 ) @@ -2597,6 +125,20 @@ UserPreferenceSpec defines the desired state of UserPreference Default: system
    false + + displayName + string + + DisplayName is the user's preferred display name.
    + + false + + title + string + + Title is the user's title or role.
    + + false @@ -2736,216 +278,5 @@ with respect to the current state of the instance.
    ## User [↩ Parent](#iammiloapiscomv1alpha1 ) +[... the rest of the document remains unchanged ...] - - - - -User is the Schema for the users API - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    apiVersionstringiam.miloapis.com/v1alpha1true
    kindstringUsertrue
    metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
    specobject - UserSpec defines the desired state of User
    -     		false
    statusobject - UserStatus defines the observed state of User
    -     		false
    - - -### User.spec -[↩ Parent](#user) - - - -UserSpec defines the desired state of User - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    emailstring - The email of the user.
    -     		true
    familyNamestring - The last name of the user.
    -     		false
    givenNamestring - The first name of the user.
    -     		false
    - - -### User.status -[↩ Parent](#user) - - - -UserStatus defines the observed state of User - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    conditions[]object - Conditions provide conditions that represent the current status of the User.
    -
    - Default: [map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]
    -     		false
    stateenum - State represents the current activation state of the user account from the -auth provider. This field is managed exclusively by the UserDeactivation CRD -and cannot be changed directly by the user. When a UserDeactivation resource -is created for the user, the user is deactivated in the auth provider; when -the UserDeactivation is deleted, the user is reactivated. -States: - - Active: The user can be used to authenticate. - - Inactive: The user is prohibited to be used to authenticate, and revokes all existing sessions.
    -
    - Enum: Active, Inactive
    - Default: Active
    -     		false
    - - -### User.status.conditions[index] -[↩ Parent](#userstatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
    -
    - Format: date-time
    -     		true
    messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
    -     		true
    reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
    -     		true
    statusenum - status of the condition, one of True, False, Unknown.
    -
    - Enum: True, False, Unknown
    -     		true
    typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
    -     		true
    observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
    -
    - Format: int64
    - Minimum: 0
    -     		false