apiaccesscontrol.oracle.com/v1beta1¶
APIVersion: apiaccesscontrol.oracle.com/v1beta1
This content is generated from the checked-in CRD schemas in config/crd/bases/. If a description is missing or incorrect, fix the source comments or generator inputs and rerun make generate manifests; do not hand-edit config/crd/bases/*.yaml.
Packages¶
No customer-visible package currently exposes apiaccesscontrol.oracle.com/v1beta1.
Resources¶
| Kind | Scope | Sample | Packages |
|---|---|---|---|
| PrivilegedApiControl | Namespaced | Sample | - |
PrivilegedApiControl¶
Manage OCI API Access Control privileged API controls.
Plural:privilegedapicontrolsScope:NamespacedAPIVersion:apiaccesscontrol.oracle.com/v1beta1Sample: Sample (config/samples/apiaccesscontrol_v1beta1_privilegedapicontrol.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
PrivilegedApiControlSpec defines the desired state of PrivilegedApiControl.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
approverGroupIdList |
List of user IAM group ids who can approve an privilegedApi request associated with a resource governed by this operator control. | list[string] |
Yes | - | - |
compartmentId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment to create the PrivilegedApiControl in. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
Description of the privilegedApi control. | string |
No | - | - |
displayName |
Name of the privilegedApi control It has to be unique. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
notificationTopicId |
The OCID of the OCI Notification topic to publish messages related to this Delegation Control. | string |
Yes | - | - |
numberOfApprovers |
Number of approvers required to approve an privilegedApi request. | integer |
No | - | - |
privilegedOperationList |
List of privileged operator operations. If Privileged API Managment is enabled for a resource it will be validated whether the operation done by the operator is a part of privileged operation. | list[object] |
Yes | - | - |
resourceType |
resourceType for which the PrivilegedApiControl is applicable | string |
Yes | - | - |
resources |
contains Resource details | list[string] |
Yes | - | - |
Spec.privilegedOperationList[]¶
Back to PrivilegedApiControl spec
PrivilegedApiControlPrivilegedOperationList defines nested fields for PrivilegedApiControl.PrivilegedOperationList.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
apiName |
name of the api which needs to be protected. | string |
Yes | - | - |
attributeNames |
list of attributes belonging to the above api which needs to be protected. | list[string] |
No | - | - |
entityType |
type of the entity which needs to be protected. | string |
No | - | - |
Status¶
PrivilegedApiControlStatus defines the observed state of PrivilegedApiControl.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
approverGroupIdList |
List of IAM user group ids who can approve an privilegedApi request associated with a target resource under the governance of this operator control. | list[string] |
No | - | - |
compartmentId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
Description of privilegedApi control. | string |
No | - | - |
displayName |
Name of the privilegedApi control. The name must be unique. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the PrivilegedApiControl. | string |
No | - | - |
lifecycleDetails |
A message that describes the current state of the PrivilegedApiControl in more detail. For example, can be used to provide actionable information for a resource in the Failed state. | string |
No | - | - |
lifecycleState |
The current state of the PrivilegedApiControl. | string |
No | - | - |
notificationTopicId |
The OCID of the OCI Notification topic to publish messages related to this Privileged Api Control. | string |
No | - | - |
numberOfApprovers |
Number of approvers required to approve an privilegedApi request. | integer |
No | - | - |
privilegedOperationList |
List of privileged operations/apis. These operations/apis will be treaated as secured, once enabled by the Privileged API Managment for a resource. Any of these operations, if needs to be executed, needs to be raised as a PrivilegedApi Request which needs to be approved by customers or it can be pre-approved. | list[object] |
No | - | - |
resourceType |
resourceType for which the PrivilegedApiControl is applicable | string |
No | - | - |
resources |
contains Resource details | list[string] |
No | - | - |
state |
The current state of the PrivilegedApiControl. | string |
No | - | - |
stateDetails |
A message that describes the current state of the PrivilegedApiControl in more detail. For example, can be used to provide actionable information for a resource in the Failed state. | string |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
timeCreated |
The date and time the PrivilegedApiControl was created, in the format defined by RFC 3339 (https://tools.ietf.org/html/rfc3339). Example: 2016-08-25T21:10:29.600Z |
string |
No | - | - |
timeDeleted |
The date and time the PrivilegedApiControl was marked for delete, in the format defined by RFC 3339 (https://tools.ietf.org/html/rfc3339). Example: 2016-08-25T21:10:29.600Z |
string |
No | - | - |
timeUpdated |
The date and time the PrivilegedApiControl was updated, in the format defined by RFC 3339 (https://tools.ietf.org/html/rfc3339). Example: 2016-08-25T21:10:29.600Z |
string |
No | - | - |
Status.privilegedOperationList[]¶
Back to PrivilegedApiControl status
PrivilegedApiControlPrivilegedOperationList defines nested fields for PrivilegedApiControl.PrivilegedOperationList.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
apiName |
name of the api which needs to be protected. | string |
Yes | - | - |
attributeNames |
list of attributes belonging to the above api which needs to be protected. | list[string] |
No | - | - |
entityType |
type of the entity which needs to be protected. | string |
No | - | - |
Status.status¶
Back to PrivilegedApiControl status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to PrivilegedApiControl status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to PrivilegedApiControl status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to PrivilegedApiControl status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |