--- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (devel) creationTimestamp: null name: workspaceroles.iam.kubesphere.io spec: additionalPrinterColumns: - JSONPath: .metadata.labels.kubesphere\.io/workspace name: Workspace type: string - JSONPath: .metadata.labels.kubesphere\.io/alias-name name: Alias type: string group: iam.kubesphere.io names: categories: - iam kind: WorkspaceRole listKind: WorkspaceRoleList plural: workspaceroles singular: workspacerole scope: Cluster subresources: {} validation: openAPIV3Schema: properties: aggregationRule: description: AggregationRule is an optional field that describes how to build the Rules for this WorkspaceRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller. properties: roleSelectors: description: ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. If any of the selectors match, then the ClusterRole's permissions will be added items: description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object type: array type: object apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: description: Standard object's metadata. type: object rules: description: Rules holds all the PolicyRules for this ClusterRole items: description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to. properties: apiGroups: description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. items: type: string type: array nonResourceURLs: description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. items: type: string type: array resourceNames: description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. items: type: string type: array resources: description: Resources is a list of resources this rule applies to. ResourceAll represents all resources. items: type: string type: array verbs: description: Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds. items: type: string type: array required: - verbs type: object type: array required: - rules type: object version: v1alpha2 versions: - name: v1alpha2 served: true storage: true status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: []