networkfirewall.oracle.com/v1beta1¶
APIVersion: networkfirewall.oracle.com/v1beta1
This content is generated from the checked-in CRD schemas in config/crd/bases/. If a description is missing or incorrect, fix the source comments or generator inputs and rerun make generate manifests; do not hand-edit config/crd/bases/*.yaml.
Packages¶
No customer-visible package currently exposes networkfirewall.oracle.com/v1beta1.
Resources¶
| Kind | Scope | Sample | Packages |
|---|---|---|---|
| AddressList | Namespaced | Sample | - |
| Application | Namespaced | Sample | - |
| ApplicationGroup | Namespaced | Sample | - |
| DecryptionProfile | Namespaced | Sample | - |
| DecryptionRule | Namespaced | Sample | - |
| MappedSecret | Namespaced | Sample | - |
| NatRule | Namespaced | Sample | - |
| NetworkFirewall | Namespaced | Sample | - |
| NetworkFirewallPolicy | Namespaced | Sample | - |
| SecurityRule | Namespaced | Sample | - |
| Service | Namespaced | Sample | - |
| ServiceList | Namespaced | Sample | - |
| TunnelInspectionRule | Namespaced | Sample | - |
| UrlList | Namespaced | Sample | - |
AddressList¶
AddressList is the Schema for the addresslists API.
Plural:addresslistsScope:NamespacedAPIVersion:networkfirewall.oracle.com/v1beta1Sample: Sample (config/samples/networkfirewall_v1beta1_addresslist.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
AddressListSpec defines the desired state of AddressList.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
addresses |
List of addresses. | list[string] |
Yes | - | - |
description |
The description of the address list. This field can be used to add additional info. | string |
No | - | - |
jsonData |
- | string |
No | - | - |
name |
Unique name to identify the group of addresses to be used in the policy rules. | string |
Yes | - | - |
type |
Type of address List. The accepted values are - * FQDN * IP | string |
Yes | - | - |
Status¶
AddressListStatus defines the observed state of AddressList.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
addresses |
List of addresses. | list[string] |
No | - | - |
description |
The description of the address list. This field can be used to add additional info. | string |
No | - | - |
name |
Unique name to identify the group of addresses to be used in the policy rules. | string |
No | - | - |
parentResourceId |
OCID of the Network Firewall Policy this Address List belongs to. | string |
No | - | - |
status |
- | object |
Yes | - | - |
totalAddresses |
Count of total Addresses in the AddressList | integer |
No | - | - |
type |
Type of address List. The accepted values are - * FQDN * IP | string |
No | - | - |
Status.status¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
Application¶
Application is the Schema for the applications API.
Plural:applicationsScope:NamespacedAPIVersion:networkfirewall.oracle.com/v1beta1Sample: Sample (config/samples/networkfirewall_v1beta1_application.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
ApplicationSpec defines the desired state of Application.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
description |
The description of the application. This field can be used to add additional info. | string |
No | - | - |
icmpCode |
The value of the ICMP message Code (subtype) field as defined by RFC 792 (https://www.rfc-editor.org/rfc/rfc792.html). | integer |
No | - | - |
icmpType |
The value of the ICMP message Type field as defined by RFC 792 (https://www.rfc-editor.org/rfc/rfc792.html). | integer |
No | - | - |
jsonData |
- | string |
No | - | - |
name |
Name of the application | string |
Yes | - | - |
type |
- | string |
No | - | - |
Status¶
ApplicationStatus defines the observed state of Application.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
description |
The description of the application. This field can be used to add additional info. | string |
No | - | - |
icmpCode |
The value of the ICMP message Code (subtype) field as defined by RFC 792 (https://www.rfc-editor.org/rfc/rfc792.html). | integer |
No | - | - |
icmpType |
The value of the ICMP message Type field as defined by RFC 792 (https://www.rfc-editor.org/rfc/rfc792.html). | integer |
No | - | - |
jsonData |
- | string |
No | - | - |
name |
Name of the application. | string |
No | - | - |
parentResourceId |
OCID of the Network Firewall Policy this application belongs to. | string |
No | - | - |
status |
- | object |
Yes | - | - |
type |
- | string |
No | - | - |
Status.status¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
ApplicationGroup¶
ApplicationGroup is the Schema for the applicationgroups API.
Plural:applicationgroupsScope:NamespacedAPIVersion:networkfirewall.oracle.com/v1beta1Sample: Sample (config/samples/networkfirewall_v1beta1_applicationgroup.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
ApplicationGroupSpec defines the desired state of ApplicationGroup.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
apps |
Collection of application names. | list[string] |
Yes | - | - |
description |
The description of the application list. This field can be used to add additional info. | string |
No | - | - |
name |
Name of the application Group. | string |
Yes | - | - |
Status¶
ApplicationGroupStatus defines the observed state of ApplicationGroup.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
apps |
List of apps in the group. | list[string] |
No | - | - |
description |
The description of the application list. This field can be used to add additional info. | string |
No | - | - |
name |
Name of the application Group. | string |
No | - | - |
parentResourceId |
OCID of the Network Firewall Policy this application group belongs to. | string |
No | - | - |
status |
- | object |
Yes | - | - |
totalApps |
Count of total applications in the given application group. | integer |
No | - | - |
Status.status¶
Back to ApplicationGroup status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to ApplicationGroup status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to ApplicationGroup status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to ApplicationGroup status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
DecryptionProfile¶
DecryptionProfile is the Schema for the decryptionprofiles API.
Plural:decryptionprofilesScope:NamespacedAPIVersion:networkfirewall.oracle.com/v1beta1Sample: Sample (config/samples/networkfirewall_v1beta1_decryptionprofile.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
DecryptionProfileSpec defines the desired state of DecryptionProfile.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
areCertificateExtensionsRestricted |
Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage. | boolean |
No | - | - |
description |
The description of the decryption profile. This field can be used to add additional info. | string |
No | - | - |
isAutoIncludeAltName |
Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN. | boolean |
No | - | - |
isExpiredCertificateBlocked |
Whether to block sessions if server's certificate is expired. | boolean |
No | - | - |
isOutOfCapacityBlocked |
Whether to block sessions if the firewall is temporarily unable to decrypt their traffic. | boolean |
No | - | - |
isRevocationStatusTimeoutBlocked |
Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds). | boolean |
No | - | - |
isUnknownRevocationStatusBlocked |
Whether to block sessions if the revocation status check for server's certificate results in "unknown". | boolean |
No | - | - |
isUnsupportedCipherBlocked |
Whether to block sessions if SSL cipher suite is not supported. | boolean |
No | - | - |
isUnsupportedVersionBlocked |
Whether to block sessions if SSL version is not supported. | boolean |
No | - | - |
isUntrustedIssuerBlocked |
Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA). | boolean |
No | - | - |
jsonData |
- | string |
No | - | - |
name |
Name of the decryption profile. | string |
Yes | - | - |
type |
- | string |
No | - | - |
Status¶
DecryptionProfileStatus defines the observed state of DecryptionProfile.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
areCertificateExtensionsRestricted |
Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage. | boolean |
No | - | - |
description |
The description of the decryption profile. This field can be used to add additional info. | string |
No | - | - |
isAutoIncludeAltName |
Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN. | boolean |
No | - | - |
isExpiredCertificateBlocked |
Whether to block sessions if server's certificate is expired. | boolean |
No | - | - |
isOutOfCapacityBlocked |
Whether to block sessions if the firewall is temporarily unable to decrypt their traffic. | boolean |
No | - | - |
isRevocationStatusTimeoutBlocked |
Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds). | boolean |
No | - | - |
isUnknownRevocationStatusBlocked |
Whether to block sessions if the revocation status check for server's certificate results in "unknown". | boolean |
No | - | - |
isUnsupportedCipherBlocked |
Whether to block sessions if SSL cipher suite is not supported. | boolean |
No | - | - |
isUnsupportedVersionBlocked |
Whether to block sessions if SSL version is not supported. | boolean |
No | - | - |
isUntrustedIssuerBlocked |
Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA). | boolean |
No | - | - |
jsonData |
- | string |
No | - | - |
name |
Unique Name of the decryption profile. | string |
No | - | - |
parentResourceId |
OCID of the Network Firewall Policy this decryption profile belongs to. | string |
No | - | - |
status |
- | object |
Yes | - | - |
type |
- | string |
No | - | - |
Status.status¶
Back to DecryptionProfile status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to DecryptionProfile status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to DecryptionProfile status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to DecryptionProfile status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
DecryptionRule¶
DecryptionRule is the Schema for the decryptionrules API.
Plural:decryptionrulesScope:NamespacedAPIVersion:networkfirewall.oracle.com/v1beta1Sample: Sample (config/samples/networkfirewall_v1beta1_decryptionrule.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
DecryptionRuleSpec defines the desired state of DecryptionRule.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
action |
Action: * NO_DECRYPT - Matching traffic is not decrypted. * DECRYPT - Matching traffic is decrypted with the specified secret according to the specified decryptionProfile. |
string |
Yes | - | - |
condition |
DecryptionRuleCondition defines nested fields for DecryptionRule.Condition. | object |
Yes | - | - |
decryptionProfile |
The name of the decryption profile to use. | string |
No | - | - |
description |
The description of the decryption rule. This field can be used to add additional info. | string |
No | - | - |
name |
Name for the decryption rule, must be unique within the policy. | string |
Yes | - | - |
position |
DecryptionRulePosition defines nested fields for DecryptionRule.Position. | object |
No | - | - |
secret |
The name of a mapped secret. Its type must match that of the specified decryption profile. |
string |
No | - | - |
Spec.condition¶
DecryptionRuleCondition defines nested fields for DecryptionRule.Condition.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
destinationAddress |
An array of IP address list names to be evaluated against the traffic destination address. | list[string] |
No | - | - |
sourceAddress |
An array of IP address list names to be evaluated against the traffic source address. | list[string] |
No | - | - |
Spec.position¶
DecryptionRulePosition defines nested fields for DecryptionRule.Position.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
afterRule |
Identifier for rule after which this rule lies. | string |
No | - | - |
beforeRule |
Identifier for rule before which this rule lies. | string |
No | - | - |
Status¶
DecryptionRuleStatus defines the observed state of DecryptionRule.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
action |
Action: * NO_DECRYPT - Matching traffic is not decrypted. * DECRYPT - Matching traffic is decrypted with the specified secret according to the specified decryptionProfile. |
string |
No | - | - |
condition |
DecryptionRuleCondition defines nested fields for DecryptionRule.Condition. | object |
No | - | - |
decryptionProfile |
The name of the decryption profile to use. | string |
No | - | - |
description |
The description of the decryption rule. This field can be used to add additional info. | string |
No | - | - |
name |
Name for the decryption rule, must be unique within the policy. | string |
No | - | - |
parentResourceId |
OCID of the Network Firewall Policy this decryption rule belongs to. | string |
No | - | - |
position |
DecryptionRulePosition defines nested fields for DecryptionRule.Position. | object |
No | - | - |
priorityOrder |
The priority order in which this rule should be evaluated. | integer (int64) |
No | - | - |
status |
- | object |
Yes | - | - |
Status.condition¶
DecryptionRuleCondition defines nested fields for DecryptionRule.Condition.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
destinationAddress |
An array of IP address list names to be evaluated against the traffic destination address. | list[string] |
No | - | - |
sourceAddress |
An array of IP address list names to be evaluated against the traffic source address. | list[string] |
No | - | - |
Status.position¶
DecryptionRulePosition defines nested fields for DecryptionRule.Position.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
afterRule |
Identifier for rule after which this rule lies. | string |
No | - | - |
beforeRule |
Identifier for rule before which this rule lies. | string |
No | - | - |
Status.status¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
MappedSecret¶
MappedSecret is the Schema for the mappedsecrets API.
Plural:mappedsecretsScope:NamespacedAPIVersion:networkfirewall.oracle.com/v1beta1Sample: Sample (config/samples/networkfirewall_v1beta1_mappedsecret.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
MappedSecretSpec defines the desired state of MappedSecret.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
description |
The description of the mapped secret. This field can be used to add additional info. | string |
No | - | - |
jsonData |
- | string |
No | - | - |
name |
Unique name to identify the group of urls to be used in the policy rules. | string |
Yes | - | - |
source |
- | string |
No | - | - |
type |
Type of the secrets mapped based on the policy. * SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic. * SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection. |
string |
Yes | - | - |
vaultSecretId |
OCID for the Vault Secret to be used. | string |
No | - | - |
versionNumber |
Version number of the secret to be used. | integer |
No | - | - |
Status¶
MappedSecretStatus defines the observed state of MappedSecret.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
description |
The description of the mapped secret. This field can be used to add additional info. | string |
No | - | - |
jsonData |
- | string |
No | - | - |
name |
Name of the secret. | string |
No | - | - |
parentResourceId |
OCID of the Network Firewall Policy this Mapped Secret belongs to. | string |
No | - | - |
source |
- | string |
No | - | - |
status |
- | object |
Yes | - | - |
type |
Type of the secrets mapped based on the policy. * SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic. * SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection. |
string |
No | - | - |
vaultSecretId |
OCID for the Vault Secret to be used. | string |
No | - | - |
versionNumber |
Version number of the secret to be used. | integer |
No | - | - |
Status.status¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
NatRule¶
NatRule is the Schema for the natrules API.
Plural:natrulesScope:NamespacedAPIVersion:networkfirewall.oracle.com/v1beta1Sample: Sample (config/samples/networkfirewall_v1beta1_natrule.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
NatRuleSpec defines the desired state of NatRule.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
action |
action: * DIPP_SRC_NAT - Dynamic-ip-port source NAT. | string |
No | - | - |
condition |
NatRuleCondition defines nested fields for NatRule.Condition. | object |
No | - | - |
description |
Description of a NAT rule. This field can be used to add additional info. | string |
No | - | - |
jsonData |
- | string |
No | - | - |
name |
Name for the NAT rule, must be unique within the policy. | string |
Yes | - | - |
position |
NatRulePosition defines nested fields for NatRule.Position. | object |
No | - | - |
type |
- | string |
No | - | - |
Spec.condition¶
NatRuleCondition defines nested fields for NatRule.Condition.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
destinationAddress |
An array of IP address list names to be evaluated against the traffic destination address. | list[string] |
No | - | - |
service |
A Service name to be evaluated against the traffic protocol and protocol-specific parameters. | string |
No | - | - |
sourceAddress |
An array of IP address list names to be evaluated against the traffic source address. | list[string] |
No | - | - |
Spec.position¶
NatRulePosition defines nested fields for NatRule.Position.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
afterRule |
Identifier for rule after which this rule lies. | string |
No | - | - |
beforeRule |
Identifier for rule before which this rule lies. | string |
No | - | - |
Status¶
NatRuleStatus defines the observed state of NatRule.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
action |
action: * DIPP_SRC_NAT - Dynamic-ip-port source NAT. | string |
No | - | - |
condition |
NatRuleCondition defines nested fields for NatRule.Condition. | object |
No | - | - |
description |
Description of a NAT rule. This field can be used to add additional info. | string |
No | - | - |
jsonData |
- | string |
No | - | - |
name |
Name for the NAT rule, must be unique within the policy. | string |
No | - | - |
parentResourceId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the Network Firewall policy this NAT rule belongs to. | string |
No | - | - |
position |
NatRulePosition defines nested fields for NatRule.Position. | object |
No | - | - |
priorityOrder |
The priority order in which this rule should be evaluated | integer (int64) |
No | - | - |
status |
- | object |
Yes | - | - |
type |
- | string |
No | - | - |
Status.condition¶
NatRuleCondition defines nested fields for NatRule.Condition.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
destinationAddress |
An array of IP address list names to be evaluated against the traffic destination address. | list[string] |
No | - | - |
service |
A Service name to be evaluated against the traffic protocol and protocol-specific parameters. | string |
No | - | - |
sourceAddress |
An array of IP address list names to be evaluated against the traffic source address. | list[string] |
No | - | - |
Status.position¶
NatRulePosition defines nested fields for NatRule.Position.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
afterRule |
Identifier for rule after which this rule lies. | string |
No | - | - |
beforeRule |
Identifier for rule before which this rule lies. | string |
No | - | - |
Status.status¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
NetworkFirewall¶
NetworkFirewall is the Schema for the networkfirewalls API.
Plural:networkfirewallsScope:NamespacedAPIVersion:networkfirewall.oracle.com/v1beta1Sample: Sample (config/samples/networkfirewall_v1beta1_networkfirewall.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
NetworkFirewallSpec defines the desired state of NetworkFirewall.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
availabilityDomain |
Availability Domain where Network Firewall instance is created. To get a list of availability domains for a tenancy, use ListAvailabilityDomains operation. Example: kIdk:PHX-AD-1 |
string |
No | - | - |
compartmentId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment containing the Network Firewall. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
displayName |
A user-friendly name for the Network Firewall. Does not have to be unique, and it's changeable. Avoid entering confidential information. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
ipv4Address |
IPv4 address for the Network Firewall. | string |
No | - | - |
ipv6Address |
IPv6 address for the Network Firewall. | string |
No | - | - |
natConfiguration |
NetworkFirewallNatConfiguration defines nested fields for NetworkFirewall.NatConfiguration. | object |
No | - | - |
networkFirewallPolicyId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the Network Firewall Policy. | string |
Yes | - | - |
networkSecurityGroupIds |
An array of network security groups OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) associated with the Network Firewall. | list[string] |
No | - | - |
shape |
The shape of a firewall to determine the bandwidth that the firewall allows. | string |
No | - | - |
subnetId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the subnet associated with the Network Firewall. | string |
Yes | - | - |
Spec.natConfiguration¶
NetworkFirewallNatConfiguration defines nested fields for NetworkFirewall.NatConfiguration.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
mustEnablePrivateNat |
The value of this field must be set to true if the network firewall policy being applied contains NAT rules. The value of this field can be set to false if the network firewall policy being applied or the currently attached firewall policy doesn't contain NAT rules. | boolean |
Yes | - | - |
Status¶
NetworkFirewallStatus defines the observed state of NetworkFirewall.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
availabilityDomain |
Availability Domain where Network Firewall instance is created. To get a list of availability domains for a tenancy, use the ListAvailabilityDomains operation. Example: kIdk:PHX-AD-1 |
string |
No | - | - |
compartmentId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment containing the Network Firewall. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
displayName |
A user-friendly name for the Network Firewall. Does not have to be unique, and it's changeable. Avoid entering confidential information. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the Network Firewall resource. | string |
No | - | - |
ipv4Address |
IPv4 address for the Network Firewall. | string |
No | - | - |
ipv6Address |
IPv6 address for the Network Firewall. | string |
No | - | - |
lifecycleDetails |
A message describing the current state in more detail. For example, it can be used to provide actionable information for a resource in 'FAILED' state. | string |
No | - | - |
lifecycleState |
The current state of the Network Firewall. | string |
No | - | - |
natConfiguration |
NetworkFirewallNatConfiguration defines nested fields for NetworkFirewall.NatConfiguration. | object |
No | - | - |
networkFirewallPolicyId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the Network Firewall Policy. | string |
No | - | - |
networkSecurityGroupIds |
An array of network security groups OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) associated with the Network Firewall. | list[string] |
No | - | - |
shape |
The shape of a firewall to determine the bandwidth that the firewall allows. | string |
No | - | - |
status |
- | object |
Yes | - | - |
subnetId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the subnet associated with the Network Firewall. | string |
No | - | - |
systemTags |
Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
timeCreated |
The time at which the Network Firewall was created in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). Example: 2016-08-25T21:10:29.600Z |
string |
No | - | - |
timeUpdated |
The time at which the Network Firewall was updated in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). Example: 2016-08-25T21:10:29.600Z |
string |
No | - | - |
Status.natConfiguration¶
Back to NetworkFirewall status
NetworkFirewallNatConfiguration defines nested fields for NetworkFirewall.NatConfiguration.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
mustEnablePrivateNat |
The value of this field must be set to true if the network firewall policy being applied contains NAT rules. The value of this field can be set to false if the network firewall policy being applied or the currently attached firewall policy doesn't contain NAT rules. | boolean |
Yes | - | - |
Status.status¶
Back to NetworkFirewall status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to NetworkFirewall status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to NetworkFirewall status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to NetworkFirewall status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
NetworkFirewallPolicy¶
NetworkFirewallPolicy is the Schema for the networkfirewallpolicies API.
Plural:networkfirewallpoliciesScope:NamespacedAPIVersion:networkfirewall.oracle.com/v1beta1Sample: Sample (config/samples/networkfirewall_v1beta1_networkfirewallpolicy.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
NetworkFirewallPolicySpec defines the desired state of NetworkFirewallPolicy.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
compartmentId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment containing the NetworkFirewall Policy. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the network firewall policy. This field can be used to add additional info. | string |
No | - | - |
displayName |
A user-friendly optional name for the firewall policy. Avoid entering confidential information. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
Status¶
NetworkFirewallPolicyStatus defines the observed state of NetworkFirewallPolicy.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
attachedNetworkFirewallCount |
Count of number of Network Firewall attached to the Policy. | integer |
No | - | - |
compartmentId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment containing the NetworkFirewall Policy. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No | - | - |
description |
The description of the network firewall policy. This field can be used to add additional info. | string |
No | - | - |
displayName |
A user-friendly optional name for the firewall policy. Avoid entering confidential information. | string |
No | - | - |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Department": "Finance"} |
map[string, string] |
No | - | - |
id |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the resource - Network Firewall Policy. | string |
No | - | - |
lifecycleDetails |
A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state. | string |
No | - | - |
lifecycleState |
The current state of the Network Firewall Policy. | string |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
timeCreated |
The time instant at which the Network Firewall Policy was created in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). Example: 2016-08-25T21:10:29.600Z |
string |
No | - | - |
timeUpdated |
The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339 (https://tools.ietf.org/html/rfc3339). Example: 2016-08-25T21:10:29.600Z |
string |
No | - | - |
Status.status¶
Back to NetworkFirewallPolicy status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to NetworkFirewallPolicy status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to NetworkFirewallPolicy status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to NetworkFirewallPolicy status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
SecurityRule¶
SecurityRule is the Schema for the securityrules API.
Plural:securityrulesScope:NamespacedAPIVersion:networkfirewall.oracle.com/v1beta1Sample: Sample (config/samples/networkfirewall_v1beta1_securityrule.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
SecurityRuleSpec defines the desired state of SecurityRule.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
action |
Types of Action on the Traffic flow. * ALLOW - Allows the traffic. * DROP - Silently drops the traffic, e.g. without sending a TCP reset. * REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable. * INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection. |
string |
Yes | - | - |
condition |
SecurityRuleCondition defines nested fields for SecurityRule.Condition. | object |
Yes | - | - |
description |
The description of the security rule. This field can be used to add additional info. | string |
No | - | - |
inspection |
Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT. * INTRUSION_DETECTION - Intrusion Detection. * INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type. |
string |
No | - | - |
name |
Name for the Security rule, must be unique within the policy. | string |
Yes | - | - |
position |
SecurityRulePosition defines nested fields for SecurityRule.Position. | object |
No | - | - |
Spec.condition¶
SecurityRuleCondition defines nested fields for SecurityRule.Condition.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
application |
An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters. | list[string] |
No | - | - |
destinationAddress |
An array of IP address list names to be evaluated against the traffic destination address. | list[string] |
No | - | - |
service |
An array of service list names to be evaluated against the traffic protocol and protocol-specific parameters. | list[string] |
No | - | - |
sourceAddress |
An array of IP address list names to be evaluated against the traffic source address. | list[string] |
No | - | - |
url |
An array of URL pattern list names to be evaluated against the HTTP(S) request target. | list[string] |
No | - | - |
Spec.position¶
SecurityRulePosition defines nested fields for SecurityRule.Position.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
afterRule |
Identifier for rule after which this rule lies. | string |
No | - | - |
beforeRule |
Identifier for rule before which this rule lies. | string |
No | - | - |
Status¶
SecurityRuleStatus defines the observed state of SecurityRule.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
action |
Types of Action on the Traffic flow. * ALLOW - Allows the traffic. * DROP - Silently drops the traffic, e.g. without sending a TCP reset. * REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable. * INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection. |
string |
No | - | - |
condition |
SecurityRuleCondition defines nested fields for SecurityRule.Condition. | object |
No | - | - |
description |
The description of the security rule. This field can be used to add additional info. | string |
No | - | - |
inspection |
Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT. * INTRUSION_DETECTION - Intrusion Detection. * INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type. |
string |
No | - | - |
name |
Name for the Security rule, must be unique within the policy. | string |
No | - | - |
parentResourceId |
OCID of the Network Firewall Policy this security rule belongs to. | string |
No | - | - |
position |
SecurityRulePosition defines nested fields for SecurityRule.Position. | object |
No | - | - |
priorityOrder |
The priority order in which this rule should be evaluated. | integer (int64) |
No | - | - |
status |
- | object |
Yes | - | - |
Status.condition¶
SecurityRuleCondition defines nested fields for SecurityRule.Condition.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
application |
An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters. | list[string] |
No | - | - |
destinationAddress |
An array of IP address list names to be evaluated against the traffic destination address. | list[string] |
No | - | - |
service |
An array of service list names to be evaluated against the traffic protocol and protocol-specific parameters. | list[string] |
No | - | - |
sourceAddress |
An array of IP address list names to be evaluated against the traffic source address. | list[string] |
No | - | - |
url |
An array of URL pattern list names to be evaluated against the HTTP(S) request target. | list[string] |
No | - | - |
Status.position¶
SecurityRulePosition defines nested fields for SecurityRule.Position.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
afterRule |
Identifier for rule after which this rule lies. | string |
No | - | - |
beforeRule |
Identifier for rule before which this rule lies. | string |
No | - | - |
Status.status¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
Service¶
Service is the Schema for the services API.
Plural:servicesScope:NamespacedAPIVersion:networkfirewall.oracle.com/v1beta1Sample: Sample (config/samples/networkfirewall_v1beta1_service.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
ServiceSpec defines the desired state of Service.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
description |
The description of the service. This field can be used to add additional info. | string |
No | - | - |
jsonData |
- | string |
No | - | - |
name |
Name of the service | string |
Yes | - | - |
portRanges |
List of port-ranges to be used. | list[object] |
No | - | - |
type |
- | string |
No | - | - |
Spec.portRanges[]¶
ServicePortRange defines nested fields for Service.PortRange.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
maximumPort |
The maximum port in the range (inclusive), which may be absent for a single-port range. | integer |
No | - | - |
minimumPort |
The minimum port in the range (inclusive), or the sole port of a single-port range. | integer |
Yes | - | - |
Status¶
ServiceStatus defines the observed state of Service.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
description |
The description of the service. This field can be used to add additional info. | string |
No | - | - |
jsonData |
- | string |
No | - | - |
name |
Name of the service. | string |
No | - | - |
parentResourceId |
OCID of the Network Firewall Policy this service belongs to. | string |
No | - | - |
portRanges |
List of port-ranges used. | list[object] |
No | - | - |
status |
- | object |
Yes | - | - |
type |
- | string |
No | - | - |
Status.portRanges[]¶
ServicePortRange defines nested fields for Service.PortRange.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
maximumPort |
The maximum port in the range (inclusive), which may be absent for a single-port range. | integer |
No | - | - |
minimumPort |
The minimum port in the range (inclusive), or the sole port of a single-port range. | integer |
Yes | - | - |
Status.status¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
ServiceList¶
ServiceList is the Schema for the servicelists API.
Plural:servicelistsScope:NamespacedAPIVersion:networkfirewall.oracle.com/v1beta1Sample: Sample (config/samples/networkfirewall_v1beta1_servicelist.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
ServiceListSpec defines the desired state of ServiceList.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
description |
The description of the service list. This field can be used to add additional info. | string |
No | - | - |
name |
Name of the service Group. | string |
Yes | - | - |
services |
Collection of service names. | list[string] |
Yes | - | - |
Status¶
ServiceListStatus defines the observed state of ServiceList.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
description |
The description of the service list. This field can be used to add additional info. | string |
No | - | - |
name |
Name of the service Group. | string |
No | - | - |
parentResourceId |
OCID of the Network Firewall Policy this serviceList belongs to. | string |
No | - | - |
services |
List of services in the group. | list[string] |
No | - | - |
status |
- | object |
Yes | - | - |
totalServices |
Count of total services in the given service List. | integer |
No | - | - |
Status.status¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
TunnelInspectionRule¶
TunnelInspectionRule is the Schema for the tunnelinspectionrules API.
Plural:tunnelinspectionrulesScope:NamespacedAPIVersion:networkfirewall.oracle.com/v1beta1Sample: Sample (config/samples/networkfirewall_v1beta1_tunnelinspectionrule.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
TunnelInspectionRuleSpec defines the desired state of TunnelInspectionRule.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
action |
Types of Inspect Action on the traffic flow. * INSPECT - Inspect the traffic. * INSPECT_AND_CAPTURE_LOG - Inspect and capture logs for the traffic. | string |
No | - | - |
condition |
TunnelInspectionRuleCondition defines nested fields for TunnelInspectionRule.Condition. | object |
No | - | - |
description |
The description of the tunnel inspect rule. This field can be used to add additional info. | string |
No | - | - |
jsonData |
- | string |
No | - | - |
name |
Name for the Tunnel Inspection Rule, must be unique within the policy. | string |
Yes | - | - |
position |
TunnelInspectionRulePosition defines nested fields for TunnelInspectionRule.Position. | object |
No | - | - |
profile |
TunnelInspectionRuleProfile defines nested fields for TunnelInspectionRule.Profile. | object |
No | - | - |
protocol |
- | string |
No | - | - |
Spec.condition¶
Back to TunnelInspectionRule spec
TunnelInspectionRuleCondition defines nested fields for TunnelInspectionRule.Condition.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
destinationAddress |
An array of address list names to be evaluated against the traffic destination address. | list[string] |
No | - | - |
sourceAddress |
An array of address list names to be evaluated against the traffic source address. | list[string] |
No | - | - |
Spec.position¶
Back to TunnelInspectionRule spec
TunnelInspectionRulePosition defines nested fields for TunnelInspectionRule.Position.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
afterRule |
Identifier for rule after which this rule lies. | string |
No | - | - |
beforeRule |
Identifier for rule before which this rule lies. | string |
No | - | - |
Spec.profile¶
Back to TunnelInspectionRule spec
TunnelInspectionRuleProfile defines nested fields for TunnelInspectionRule.Profile.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
mustReturnTrafficToSource |
Return scanned VXLAN tunnel traffic to source. | boolean |
No | - | - |
Status¶
TunnelInspectionRuleStatus defines the observed state of TunnelInspectionRule.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
action |
Types of Inspect Action on the Traffic flow. * INSPECT - Inspect the traffic. * INSPECT_AND_CAPTURE_LOG - Inspect and capture logs for the traffic. | string |
No | - | - |
condition |
TunnelInspectionRuleCondition defines nested fields for TunnelInspectionRule.Condition. | object |
No | - | - |
description |
The description of the tunnel inspect rule. This field can be used to add additional info. | string |
No | - | - |
jsonData |
- | string |
No | - | - |
name |
Name for the Tunnel Inspection Rule, must be unique within the policy. | string |
No | - | - |
parentResourceId |
OCID of the Network Firewall Policy this Tunnel Inspection Rule belongs to. | string |
No | - | - |
position |
TunnelInspectionRulePosition defines nested fields for TunnelInspectionRule.Position. | object |
No | - | - |
priorityOrder |
The priority order in which this rule should be evaluated | integer (int64) |
No | - | - |
profile |
TunnelInspectionRuleProfile defines nested fields for TunnelInspectionRule.Profile. | object |
No | - | - |
protocol |
- | string |
No | - | - |
status |
- | object |
Yes | - | - |
Status.condition¶
Back to TunnelInspectionRule status
TunnelInspectionRuleCondition defines nested fields for TunnelInspectionRule.Condition.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
destinationAddress |
An array of address list names to be evaluated against the traffic destination address. | list[string] |
No | - | - |
sourceAddress |
An array of address list names to be evaluated against the traffic source address. | list[string] |
No | - | - |
Status.position¶
Back to TunnelInspectionRule status
TunnelInspectionRulePosition defines nested fields for TunnelInspectionRule.Position.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
afterRule |
Identifier for rule after which this rule lies. | string |
No | - | - |
beforeRule |
Identifier for rule before which this rule lies. | string |
No | - | - |
Status.profile¶
Back to TunnelInspectionRule status
TunnelInspectionRuleProfile defines nested fields for TunnelInspectionRule.Profile.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
mustReturnTrafficToSource |
Return scanned VXLAN tunnel traffic to source. | boolean |
No | - | - |
Status.status¶
Back to TunnelInspectionRule status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to TunnelInspectionRule status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to TunnelInspectionRule status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to TunnelInspectionRule status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
UrlList¶
UrlList is the Schema for the urllists API.
Plural:urllistsScope:NamespacedAPIVersion:networkfirewall.oracle.com/v1beta1Sample: Sample (config/samples/networkfirewall_v1beta1_urllist.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
UrlListSpec defines the desired state of UrlList.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
description |
The description of the Url list. This field can be used to add additional info. | string |
No | - | - |
name |
Unique name to identify the group of urls to be used in the policy rules. | string |
Yes | - | - |
urls |
List of urls. | list[object] |
Yes | - | - |
Spec.urls[]¶
UrlListUrl defines nested fields for UrlList.Url.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
jsonData |
- | string |
No | - | - |
pattern |
A string consisting of a concatenation of optional host component and optional path component. The host component may start with *. to match the case-insensitive domain and all its subdomains. The path component must start with a /, and may end with * to match all paths of which it is a case-sensitive prefix. A missing host component matches all request domains, and a missing path component matches all request paths. An empty value matches all requests. |
string |
No | - | - |
type |
- | string |
No | - | - |
Status¶
UrlListStatus defines the observed state of UrlList.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
description |
The description of the Url list. This field can be used to add additional info. | string |
No | - | - |
name |
Unique name identifier for the URL list. | string |
No | - | - |
parentResourceId |
OCID of the Network Firewall Policy this URL List belongs to. | string |
No | - | - |
status |
- | object |
Yes | - | - |
totalUrls |
Total count of URLs in the URL List | integer |
No | - | - |
urls |
List of urls. | list[object] |
No | - | - |
Status.status¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
Status.urls[]¶
UrlListUrl defines nested fields for UrlList.Url.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
jsonData |
- | string |
No | - | - |
pattern |
A string consisting of a concatenation of optional host component and optional path component. The host component may start with *. to match the case-insensitive domain and all its subdomains. The path component must start with a /, and may end with * to match all paths of which it is a case-sensitive prefix. A missing host component matches all request domains, and a missing path component matches all request paths. An empty value matches all requests. |
string |
No | - | - |
type |
- | string |
No | - | - |