diff --git a/docs/api/iam.md b/docs/api/iam.md index 1ee17986..25b02c07 100644 --- a/docs/api/iam.md +++ b/docs/api/iam.md @@ -9,47 +9,27 @@ Packages: Resource Types: - [GroupMembership](#groupmembership) - - [Group](#group) - - [MachineAccountKey](#machineaccountkey) - - [MachineAccount](#machineaccount) - - [PlatformAccessApproval](#platformaccessapproval) - - [PlatformAccessDenial](#platformaccessdenial) - - [PlatformAccessRejection](#platformaccessrejection) - - [PlatformInvitation](#platforminvitation) - - [PolicyBinding](#policybinding) - - [ProtectedResource](#protectedresource) - - [Role](#role) - - [UserDeactivation](#userdeactivation) - - [UserInvitation](#userinvitation) - - [UserPreference](#userpreference) - - [User](#user) +... (all above unchanged) - - -## GroupMembership +## PolicyBinding [↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - -GroupMembership is the Schema for the groupmemberships API +PolicyBinding is the Schema for the policybindings API @@ -69,7 +49,7 @@ GroupMembership is the Schema for the groupmemberships API - + @@ -78,29 +58,28 @@ GroupMembership is the Schema for the groupmemberships API - + - +
kind stringGroupMembershipPolicyBinding true
Refer to the Kubernetes API documentation for the fields of the `metadata` field. true
specspec object - GroupMembershipSpec defines the desired state of GroupMembership
+ PolicyBindingSpec defines the desired state of PolicyBinding
 false
statusstatus object - GroupMembershipStatus defines the observed state of GroupMembership
+ PolicyBindingStatus defines the observed state of PolicyBinding
 false
-### GroupMembership.spec -[↩ Parent](#groupmembership) - +### PolicyBinding.spec +[↩ Parent](#policybinding) -GroupMembershipSpec defines the desired state of GroupMembership +PolicyBindingSpec defines the desired state of PolicyBinding @@ -112,271 +91,45 @@ GroupMembershipSpec defines the desired state of GroupMembership - - - - - - + - - -
groupRefobject - GroupRef is a reference to the Group. -Group is a namespaced resource.
- 		true
userRefresourceSelector object - UserRef is a reference to the User that is a member of the Group. -User is a cluster-scoped resource.
- 		true
- - -### GroupMembership.spec.groupRef -[↩ Parent](#groupmembershipspec) - - - -GroupRef is a reference to the Group. -Group is a namespaced resource. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
namestring - Name is the name of the Group being referenced.
- 		true
namespacestring - Namespace of the referenced Group.
- 		true
- - -### GroupMembership.spec.userRef -[↩ Parent](#groupmembershipspec) - - - -UserRef is a reference to the User that is a member of the Group. -User is a cluster-scoped resource. - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
namestring - Name is the name of the User being referenced.
- 		true
- - -### GroupMembership.status -[↩ Parent](#groupmembership) - - - -GroupMembershipStatus defines the observed state of GroupMembership - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
conditions[]object - Conditions represent the latest available observations of an object's current state.
- 		false
- - -### GroupMembership.status.conditions[index] -[↩ Parent](#groupmembershipstatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - + + - - - - - - - - - - -
NameTypeDescriptionRequired
lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ ResourceSelector defines which resources the subjects in the policy binding +should have the role applied to. Options within this struct are mutually +exclusive.

- Format: date-time
- 		true
messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
- 		true
reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
+ Validations:
  • oldSelf == null || self == oldSelf: ResourceSelector is immutable and cannot be changed after creation
  • has(self.resourceRef) != has(self.resourceKind): exactly one of resourceRef or resourceKind must be specified, but not both
    		•  true
    statusenumroleRefobject - status of the condition, one of True, False, Unknown.
    + RoleRef is a reference to the Role that is being bound. +This can be a reference to a Role custom resource.

    - Enum: True, False, Unknown
    -     		true
    typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
    + Validations:
  • oldSelf == null || self == oldSelf: RoleRef is immutable and cannot be changed after creation
    		•  true
    observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
    -
    - Format: int64
    - Minimum: 0
    -     		false
    - -## Group -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -Group is the Schema for the groups API - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    apiVersionstringiam.miloapis.com/v1alpha1true
    kindstringGrouptrue
    metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
    statusobject - GroupStatus defines the observed state of Group
    -     		false
    - - -### Group.status -[↩ Parent](#group) - - - -GroupStatus defines the observed state of Group - - - - - - - - - - - - + - +
    NameTypeDescriptionRequired
    conditionssubjects []object - Conditions represent the latest available observations of an object's current state.
    + Subjects holds references to the objects the role applies to.
    		falsetrue
    -### Group.status.conditions[index] -[↩ Parent](#groupstatus) +... +### PolicyBinding.spec.subjects[index] +[↩ Parent](#policybindingspec) -Condition contains details for one aspect of the current state of this API Resource. +Subject contains a reference to the object or user identities a role binding applies to. +This can be a User, Group, or MachineAccount. @@ -388,3564 +141,39 @@ Condition contains details for one aspect of the current state of this API Resou - - + + - + - + - - - - - - + - + - - - - -
    lastTransitionTimestringkindenum - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
    + Kind of object being referenced. Values defined in Kind constants.

    - Format: date-time
    + Enum: User, Group, MachineAccount
    		 true
    messagename string - message is a human readable message indicating details about the transition. -This may be an empty string.
    + Name of the object being referenced. A special group name of +"system:authenticated-users" can be used to refer to all authenticated +users.
    		 true
    reasonnamespace string - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
    -     		true
    statusenum - status of the condition, one of True, False, Unknown.
    -
    - Enum: True, False, Unknown
    + Namespace of the referenced object. Required for MachineAccount subjects. +If not specified for a Group or User, it is ignored.
    		truefalse
    typeuid string - type of condition in CamelCase or in foo.example.com/CamelCase.
    -     		true
    observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
    -
    - Format: int64
    - Minimum: 0
    + UID of the referenced object. Optional for system groups (groups with names starting with "system:").
    		 false
    -## MachineAccountKey -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -MachineAccountKey is the Schema for the machineaccountkeys API - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    apiVersionstringiam.miloapis.com/v1alpha1true
    kindstringMachineAccountKeytrue
    metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
    specobject - MachineAccountKeySpec defines the desired state of MachineAccountKey
    -     		false
    statusobject - MachineAccountKeyStatus defines the observed state of MachineAccountKey
    -     		false
    - - -### MachineAccountKey.spec -[↩ Parent](#machineaccountkey) - - - -MachineAccountKeySpec defines the desired state of MachineAccountKey - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    machineAccountNamestring - MachineAccountName is the name of the MachineAccount that owns this key.
    -     		true
    expirationDatestring - ExpirationDate is the date and time when the MachineAccountKey will expire. -If not specified, the MachineAccountKey will never expire.
    -
    - Format: date-time
    -     		false
    publicKeystring - PublicKey is the public key of the MachineAccountKey. -If not specified, the MachineAccountKey will be created with an auto-generated public key.
    -     		false
    - - -### MachineAccountKey.status -[↩ Parent](#machineaccountkey) - - - -MachineAccountKeyStatus defines the observed state of MachineAccountKey - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    authProviderKeyIdstring - AuthProviderKeyID is the unique identifier for the key in the auth provider. -This field is populated by the controller after the key is created in the auth provider. -For example, when using Zitadel, a typical value might be: "326102453042806786"
    -     		false
    conditions[]object - Conditions provide conditions that represent the current status of the MachineAccountKey.
    -
    - Default: [map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]
    -     		false
    - - -### MachineAccountKey.status.conditions[index] -[↩ Parent](#machineaccountkeystatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
    -
    - Format: date-time
    -     		true
    messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
    -     		true
    reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
    -     		true
    statusenum - status of the condition, one of True, False, Unknown.
    -
    - Enum: True, False, Unknown
    -     		true
    typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
    -     		true
    observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
    -
    - Format: int64
    - Minimum: 0
    -     		false
    - -## MachineAccount -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -MachineAccount is the Schema for the machine accounts API - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    apiVersionstringiam.miloapis.com/v1alpha1true
    kindstringMachineAccounttrue
    metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
    specobject - MachineAccountSpec defines the desired state of MachineAccount
    -     		false
    statusobject - MachineAccountStatus defines the observed state of MachineAccount
    -     		false
    - - -### MachineAccount.spec -[↩ Parent](#machineaccount) - - - -MachineAccountSpec defines the desired state of MachineAccount - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    stateenum - The state of the machine account. This state can be safely changed as needed. -States: - - Active: The machine account can be used to authenticate. - - Inactive: The machine account is prohibited to be used to authenticate, and revokes all existing sessions.
    -
    - Enum: Active, Inactive
    - Default: Active
    -     		false
    - - -### MachineAccount.status -[↩ Parent](#machineaccount) - - - -MachineAccountStatus defines the observed state of MachineAccount - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    conditions[]object - Conditions provide conditions that represent the current status of the MachineAccount.
    -     		false
    emailstring - The computed email of the machine account following the pattern: -{metadata.name}@{metadata.namespace}.{project.metadata.name}.{global-suffix}
    -     		false
    stateenum - State represents the current activation state of the machine account from the auth provider. -This field tracks the state from the previous generation and is updated when state changes -are successfully propagated to the auth provider. It helps optimize performance by only -updating the auth provider when a state change is detected.
    -
    - Enum: Active, Inactive
    -     		false
    - - -### MachineAccount.status.conditions[index] -[↩ Parent](#machineaccountstatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
    -
    - Format: date-time
    -     		true
    messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
    -     		true
    reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
    -     		true
    statusenum - status of the condition, one of True, False, Unknown.
    -
    - Enum: True, False, Unknown
    -     		true
    typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
    -     		true
    observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
    -
    - Format: int64
    - Minimum: 0
    -     		false
    - -## PlatformAccessApproval -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -PlatformAccessApproval is the Schema for the platformaccessapprovals API. -It represents a platform access approval for a user. Once the platform access approval is created, an email will be sent to the user. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    apiVersionstringiam.miloapis.com/v1alpha1true
    kindstringPlatformAccessApprovaltrue
    metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
    specobject - PlatformAccessApprovalSpec defines the desired state of PlatformAccessApproval.
    -
    - Validations:
  • self == oldSelf: spec is immutable
    • -     		false
    - - -### PlatformAccessApproval.spec -[↩ Parent](#platformaccessapproval) - - - -PlatformAccessApprovalSpec defines the desired state of PlatformAccessApproval. - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    subjectRefobject - SubjectRef is the reference to the subject being approved.
    -
    - Validations:
  • (has(self.email) && !has(self.userRef)) || (!has(self.email) && has(self.userRef)): Exactly one of email or userRef must be specified
    • -     		true
    approverRefobject - ApproverRef is the reference to the approver being approved. -If not specified, the approval was made by the system.
    -     		false
    - - -### PlatformAccessApproval.spec.subjectRef -[↩ Parent](#platformaccessapprovalspec) - - - -SubjectRef is the reference to the subject being approved. - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    emailstring - Email is the email of the user being approved. -Use Email to approve an email address that is not associated with a created user. (e.g. when using PlatformInvitation) -UserRef and Email are mutually exclusive. Exactly one of them must be specified.
    -     		false
    userRefobject - UserRef is the reference to the user being approved. -UserRef and Email are mutually exclusive. Exactly one of them must be specified.
    -     		false
    - - -### PlatformAccessApproval.spec.subjectRef.userRef -[↩ Parent](#platformaccessapprovalspecsubjectref) - - - -UserRef is the reference to the user being approved. -UserRef and Email are mutually exclusive. Exactly one of them must be specified. - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the name of the User being referenced.
    -     		true
    - - -### PlatformAccessApproval.spec.approverRef -[↩ Parent](#platformaccessapprovalspec) - - - -ApproverRef is the reference to the approver being approved. -If not specified, the approval was made by the system. - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the name of the User being referenced.
    -     		true
    - -## PlatformAccessDenial -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -PlatformAccessDenial is the Schema for the platformaccessapprovals API. -It represents a platform access approval for a user. Once the platform access approval is created, an email will be sent to the user. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    apiVersionstringiam.miloapis.com/v1alpha1true
    kindstringPlatformAccessDenialtrue
    metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
    specobject - PlatformAccessDenialSpec defines the desired state of PlatformAccessDenial.
    -
    - Validations:
  • self == oldSelf: spec is immutable
    • -     		false
    statusobject -
    -     		false
    - - -### PlatformAccessDenial.spec -[↩ Parent](#platformaccessdenial) - - - -PlatformAccessDenialSpec defines the desired state of PlatformAccessDenial. - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    subjectRefobject - SubjectRef is the reference to the subject being approved.
    -
    - Validations:
  • (has(self.email) && !has(self.userRef)) || (!has(self.email) && has(self.userRef)): Exactly one of email or userRef must be specified
    • -     		true
    approverRefobject - ApproverRef is the reference to the approver being approved. -If not specified, the approval was made by the system.
    -     		false
    - - -### PlatformAccessDenial.spec.subjectRef -[↩ Parent](#platformaccessdenialspec) - - - -SubjectRef is the reference to the subject being approved. - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    emailstring - Email is the email of the user being approved. -Use Email to approve an email address that is not associated with a created user. (e.g. when using PlatformInvitation) -UserRef and Email are mutually exclusive. Exactly one of them must be specified.
    -     		false
    userRefobject - UserRef is the reference to the user being approved. -UserRef and Email are mutually exclusive. Exactly one of them must be specified.
    -     		false
    - - -### PlatformAccessDenial.spec.subjectRef.userRef -[↩ Parent](#platformaccessdenialspecsubjectref) - - - -UserRef is the reference to the user being approved. -UserRef and Email are mutually exclusive. Exactly one of them must be specified. - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the name of the User being referenced.
    -     		true
    - - -### PlatformAccessDenial.spec.approverRef -[↩ Parent](#platformaccessdenialspec) - - - -ApproverRef is the reference to the approver being approved. -If not specified, the approval was made by the system. - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the name of the User being referenced.
    -     		true
    - - -### PlatformAccessDenial.status -[↩ Parent](#platformaccessdenial) - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    conditions[]object - Conditions provide conditions that represent the current status of the PlatformAccessDenial.
    -
    - Default: [map[lastTransitionTime:1970-01-01T00:00:00Z message:Platform access approval reconciliation is pending reason:ReconcilePending status:Unknown type:Ready]]
    -     		false
    - - -### PlatformAccessDenial.status.conditions[index] -[↩ Parent](#platformaccessdenialstatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
    -
    - Format: date-time
    -     		true
    messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
    -     		true
    reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
    -     		true
    statusenum - status of the condition, one of True, False, Unknown.
    -
    - Enum: True, False, Unknown
    -     		true
    typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
    -     		true
    observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
    -
    - Format: int64
    - Minimum: 0
    -     		false
    - -## PlatformAccessRejection -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -PlatformAccessRejection is the Schema for the platformaccessrejections API. -It represents a formal denial of platform access for a user. Once the rejection is created, a notification can be sent to the user. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    apiVersionstringiam.miloapis.com/v1alpha1true
    kindstringPlatformAccessRejectiontrue
    metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
    specobject - PlatformAccessRejectionSpec defines the desired state of PlatformAccessRejection.
    -
    - Validations:
  • self == oldSelf: spec is immutable
    • -     		false
    - - -### PlatformAccessRejection.spec -[↩ Parent](#platformaccessrejection) - - - -PlatformAccessRejectionSpec defines the desired state of PlatformAccessRejection. - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    reasonstring - Reason is the reason for the rejection.
    -     		true
    subjectRefobject - UserRef is the reference to the user being rejected.
    -     		true
    rejecterRefobject - RejecterRef is the reference to the actor who issued the rejection. -If not specified, the rejection was made by the system.
    -     		false
    - - -### PlatformAccessRejection.spec.subjectRef -[↩ Parent](#platformaccessrejectionspec) - - - -UserRef is the reference to the user being rejected. - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the name of the User being referenced.
    -     		true
    - - -### PlatformAccessRejection.spec.rejecterRef -[↩ Parent](#platformaccessrejectionspec) - - - -RejecterRef is the reference to the actor who issued the rejection. -If not specified, the rejection was made by the system. - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the name of the User being referenced.
    -     		true
    - -## PlatformInvitation -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -PlatformInvitation is the Schema for the platforminvitations API -It represents a platform invitation for a user. Once the platform invitation is created, an email will be sent to the user to invite them to the platform. -The invited user will have access to the platform after they create an account using the asociated email. -It represents a platform invitation for a user. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    apiVersionstringiam.miloapis.com/v1alpha1true
    kindstringPlatformInvitationtrue
    metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
    specobject - PlatformInvitationSpec defines the desired state of PlatformInvitation.
    -     		false
    statusobject - PlatformInvitationStatus defines the observed state of PlatformInvitation.
    -     		false
    - - -### PlatformInvitation.spec -[↩ Parent](#platforminvitation) - - - -PlatformInvitationSpec defines the desired state of PlatformInvitation. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    emailstring - The email of the user being invited.
    -
    - Validations:
  • type(oldSelf) == null_type || self == oldSelf: email type is immutable
    • -     		true
    familyNamestring - The family name of the user being invited.
    -     		false
    givenNamestring - The given name of the user being invited.
    -     		false
    invitedByobject - The user who created the platform invitation. A mutation webhook will default this field to the user who made the request.
    -
    - Validations:
  • type(oldSelf) == null_type || self == oldSelf: invitedBy type is immutable
    • -     		false
    scheduleAtstring - The schedule at which the platform invitation will be sent. -It can only be updated before the platform invitation is sent.
    -
    - Format: date-time
    -     		false
    - - -### PlatformInvitation.spec.invitedBy -[↩ Parent](#platforminvitationspec) - - - -The user who created the platform invitation. A mutation webhook will default this field to the user who made the request. - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the name of the User being referenced.
    -     		true
    - - -### PlatformInvitation.status -[↩ Parent](#platforminvitation) - - - -PlatformInvitationStatus defines the observed state of PlatformInvitation. - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    conditions[]object - Conditions provide conditions that represent the current status of the PlatformInvitation.
    -
    - Default: [map[lastTransitionTime:1970-01-01T00:00:00Z message:Platform invitation reconciliation is pending reason:ReconcilePending status:Unknown type:Ready]]
    -     		false
    emailobject - The email resource that was created for the platform invitation.
    -     		false
    - - -### PlatformInvitation.status.conditions[index] -[↩ Parent](#platforminvitationstatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
    -
    - Format: date-time
    -     		true
    messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
    -     		true
    reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
    -     		true
    statusenum - status of the condition, one of True, False, Unknown.
    -
    - Enum: True, False, Unknown
    -     		true
    typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
    -     		true
    observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
    -
    - Format: int64
    - Minimum: 0
    -     		false
    - - -### PlatformInvitation.status.email -[↩ Parent](#platforminvitationstatus) - - - -The email resource that was created for the platform invitation. - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - The name of the email resource that was created for the platform invitation.
    -     		false
    namespacestring - The namespace of the email resource that was created for the platform invitation.
    -     		false
    - -## PolicyBinding -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -PolicyBinding is the Schema for the policybindings API - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    apiVersionstringiam.miloapis.com/v1alpha1true
    kindstringPolicyBindingtrue
    metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
    specobject - PolicyBindingSpec defines the desired state of PolicyBinding
    -     		false
    statusobject - PolicyBindingStatus defines the observed state of PolicyBinding
    -     		false
    - - -### PolicyBinding.spec -[↩ Parent](#policybinding) - - - -PolicyBindingSpec defines the desired state of PolicyBinding - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    resourceSelectorobject - ResourceSelector defines which resources the subjects in the policy binding -should have the role applied to. Options within this struct are mutually -exclusive.
    -
    - Validations:
  • oldSelf == null || self == oldSelf: ResourceSelector is immutable and cannot be changed after creation
  • has(self.resourceRef) != has(self.resourceKind): exactly one of resourceRef or resourceKind must be specified, but not both
    • -     		true
    roleRefobject - RoleRef is a reference to the Role that is being bound. -This can be a reference to a Role custom resource.
    -
    - Validations:
  • oldSelf == null || self == oldSelf: RoleRef is immutable and cannot be changed after creation
    • -     		true
    subjects[]object - Subjects holds references to the objects the role applies to.
    -     		true
    - - -### PolicyBinding.spec.resourceSelector -[↩ Parent](#policybindingspec) - - - -ResourceSelector defines which resources the subjects in the policy binding -should have the role applied to. Options within this struct are mutually -exclusive. - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    resourceKindobject - ResourceKind specifies that the policy binding should apply to all resources of a specific kind. -Mutually exclusive with resourceRef.
    -     		false
    resourceRefobject - ResourceRef provides a reference to a specific resource instance. -Mutually exclusive with resourceKind.
    -     		false
    - - -### PolicyBinding.spec.resourceSelector.resourceKind -[↩ Parent](#policybindingspecresourceselector) - - - -ResourceKind specifies that the policy binding should apply to all resources of a specific kind. -Mutually exclusive with resourceRef. - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    kindstring - Kind is the type of resource being referenced.
    -     		true
    apiGroupstring - APIGroup is the group for the resource type being referenced. If APIGroup -is not specified, the specified Kind must be in the core API group.
    -     		false
    - - -### PolicyBinding.spec.resourceSelector.resourceRef -[↩ Parent](#policybindingspecresourceselector) - - - -ResourceRef provides a reference to a specific resource instance. -Mutually exclusive with resourceKind. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    kindstring - Kind is the type of resource being referenced.
    -     		true
    namestring - Name is the name of resource being referenced.
    -     		true
    uidstring - UID is the unique identifier of the resource being referenced.
    -     		true
    apiGroupstring - APIGroup is the group for the resource being referenced. -If APIGroup is not specified, the specified Kind must be in the core API group. -For any other third-party types, APIGroup is required.
    -     		false
    namespacestring - Namespace is the namespace of resource being referenced. -Required for namespace-scoped resources. Omitted for cluster-scoped resources.
    -     		false
    - - -### PolicyBinding.spec.roleRef -[↩ Parent](#policybindingspec) - - - -RoleRef is a reference to the Role that is being bound. -This can be a reference to a Role custom resource. - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the name of resource being referenced
    -     		true
    namespacestring - Namespace of the referenced Role. If empty, it is assumed to be in the PolicyBinding's namespace.
    -     		false
    - - -### PolicyBinding.spec.subjects[index] -[↩ Parent](#policybindingspec) - - - -Subject contains a reference to the object or user identities a role binding applies to. -This can be a User or Group. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    kindenum - Kind of object being referenced. Values defined in Kind constants.
    -
    - Enum: User, Group
    -     		true
    namestring - Name of the object being referenced. A special group name of -"system:authenticated-users" can be used to refer to all authenticated -users.
    -     		true
    namespacestring - Namespace of the referenced object. If DNE, then for an SA it refers to the PolicyBinding resource's namespace. -For a User or Group, it is ignored.
    -     		false
    uidstring - UID of the referenced object. Optional for system groups (groups with names starting with "system:").
    -     		false
    - - -### PolicyBinding.status -[↩ Parent](#policybinding) - - - -PolicyBindingStatus defines the observed state of PolicyBinding - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    conditions[]object - Conditions provide conditions that represent the current status of the PolicyBinding.
    -
    - Default: [map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]
    -     		false
    observedGenerationinteger - ObservedGeneration is the most recent generation observed for this PolicyBinding by the controller.
    -
    - Format: int64
    -     		false
    - - -### PolicyBinding.status.conditions[index] -[↩ Parent](#policybindingstatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
    -
    - Format: date-time
    -     		true
    messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
    -     		true
    reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
    -     		true
    statusenum - status of the condition, one of True, False, Unknown.
    -
    - Enum: True, False, Unknown
    -     		true
    typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
    -     		true
    observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
    -
    - Format: int64
    - Minimum: 0
    -     		false
    - -## ProtectedResource -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -ProtectedResource is the Schema for the protectedresources API - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    apiVersionstringiam.miloapis.com/v1alpha1true
    kindstringProtectedResourcetrue
    metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
    specobject - ProtectedResourceSpec defines the desired state of ProtectedResource
    -     		false
    statusobject - ProtectedResourceStatus defines the observed state of ProtectedResource
    -     		false
    - - -### ProtectedResource.spec -[↩ Parent](#protectedresource) - - - -ProtectedResourceSpec defines the desired state of ProtectedResource - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    kindstring - The kind of the resource. -This will be in the format `Workload`.
    -     		true
    permissions[]string - A list of permissions that are associated with the resource.
    -     		true
    pluralstring - The plural form for the resource type, e.g. 'workloads'. Must follow -camelCase format.
    -     		true
    serviceRefobject - ServiceRef references the service definition this protected resource belongs to.
    -     		true
    singularstring - The singular form for the resource type, e.g. 'workload'. Must follow -camelCase format.
    -     		true
    parentResources[]object - A list of resources that are registered with the platform that may be a -parent to the resource. Permissions may be bound to a parent resource so -they can be inherited down the resource hierarchy.
    -     		false
    - - -### ProtectedResource.spec.serviceRef -[↩ Parent](#protectedresourcespec) - - - -ServiceRef references the service definition this protected resource belongs to. - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the resource name of the service definition.
    -     		true
    - - -### ProtectedResource.spec.parentResources[index] -[↩ Parent](#protectedresourcespec) - - - -ParentResourceRef defines the reference to a parent resource - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    kindstring - Kind is the type of resource being referenced.
    -     		true
    apiGroupstring - APIGroup is the group for the resource being referenced. -If APIGroup is not specified, the specified Kind must be in the core API group. -For any other third-party types, APIGroup is required.
    -     		false
    - - -### ProtectedResource.status -[↩ Parent](#protectedresource) - - - -ProtectedResourceStatus defines the observed state of ProtectedResource - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    conditions[]object - Conditions provide conditions that represent the current status of the ProtectedResource.
    -
    - Default: [map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]
    -     		false
    observedGenerationinteger - ObservedGeneration is the most recent generation observed for this ProtectedResource. It corresponds to the -ProtectedResource's generation, which is updated on mutation by the API Server.
    -
    - Format: int64
    -     		false
    - - -### ProtectedResource.status.conditions[index] -[↩ Parent](#protectedresourcestatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
    -
    - Format: date-time
    -     		true
    messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
    -     		true
    reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
    -     		true
    statusenum - status of the condition, one of True, False, Unknown.
    -
    - Enum: True, False, Unknown
    -     		true
    typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
    -     		true
    observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
    -
    - Format: int64
    - Minimum: 0
    -     		false
    - -## Role -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -Role is the Schema for the roles API - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    apiVersionstringiam.miloapis.com/v1alpha1true
    kindstringRoletrue
    metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
    specobject - RoleSpec defines the desired state of Role
    -     		false
    statusobject - RoleStatus defines the observed state of Role
    -
    - Default: map[conditions:[map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]]
    -     		false
    - - -### Role.spec -[↩ Parent](#role) - - - -RoleSpec defines the desired state of Role - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    launchStagestring - Defines the launch stage of the IAM Role. Must be one of: Early Access, -Alpha, Beta, Stable, Deprecated.
    -     		true
    includedPermissions[]string - The names of the permissions this role grants when bound in an IAM policy. -All permissions must be in the format: `{service}.{resource}.{action}` -(e.g. compute.workloads.create).
    -     		false
    inheritedRoles[]object - The list of roles from which this role inherits permissions. -Each entry must be a valid role resource name.
    -     		false
    - - -### Role.spec.inheritedRoles[index] -[↩ Parent](#rolespec) - - - -ScopedRoleReference defines a reference to another Role, scoped by namespace. -This is used for purposes like role inheritance where a simple name and namespace -is sufficient to identify the target role. - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name of the referenced Role.
    -     		true
    namespacestring - Namespace of the referenced Role. -If not specified, it defaults to the namespace of the resource containing this reference.
    -     		false
    - - -### Role.status -[↩ Parent](#role) - - - -RoleStatus defines the observed state of Role - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    conditions[]object - Conditions provide conditions that represent the current status of the Role.
    -     		false
    effectivePermissions[]string - EffectivePermissions is the complete flattened list of all permissions -granted by this role, including permissions from inheritedRoles and -directly specified includedPermissions. This is computed by the controller -and provides a single source of truth for all permissions this role grants.
    -     		false
    observedGenerationinteger - ObservedGeneration is the most recent generation observed by the controller.
    -
    - Format: int64
    -     		false
    parentstring - The resource name of the parent the role was created under.
    -     		false
    - - -### Role.status.conditions[index] -[↩ Parent](#rolestatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
    -
    - Format: date-time
    -     		true
    messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
    -     		true
    reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
    -     		true
    statusenum - status of the condition, one of True, False, Unknown.
    -
    - Enum: True, False, Unknown
    -     		true
    typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
    -     		true
    observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
    -
    - Format: int64
    - Minimum: 0
    -     		false
    - -## UserDeactivation -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -UserDeactivation is the Schema for the userdeactivations API - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    apiVersionstringiam.miloapis.com/v1alpha1true
    kindstringUserDeactivationtrue
    metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
    specobject - UserDeactivationSpec defines the desired state of UserDeactivation
    -     		false
    statusobject - UserDeactivationStatus defines the observed state of UserDeactivation
    -     		false
    - - -### UserDeactivation.spec -[↩ Parent](#userdeactivation) - - - -UserDeactivationSpec defines the desired state of UserDeactivation - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    deactivatedBystring - DeactivatedBy indicates who initiated the deactivation.
    -     		true
    reasonstring - Reason is the internal reason for deactivation.
    -     		true
    userRefobject - UserRef is a reference to the User being deactivated. -User is a cluster-scoped resource.
    -     		true
    descriptionstring - Description provides detailed internal description for the deactivation.
    -     		false
    - - -### UserDeactivation.spec.userRef -[↩ Parent](#userdeactivationspec) - - - -UserRef is a reference to the User being deactivated. -User is a cluster-scoped resource. - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the name of the User being referenced.
    -     		true
    - - -### UserDeactivation.status -[↩ Parent](#userdeactivation) - - - -UserDeactivationStatus defines the observed state of UserDeactivation - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    conditions[]object - Conditions represent the latest available observations of an object's current state.
    -
    - Default: [map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]
    -     		false
    - - -### UserDeactivation.status.conditions[index] -[↩ Parent](#userdeactivationstatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
    -
    - Format: date-time
    -     		true
    messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
    -     		true
    reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
    -     		true
    statusenum - status of the condition, one of True, False, Unknown.
    -
    - Enum: True, False, Unknown
    -     		true
    typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
    -     		true
    observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
    -
    - Format: int64
    - Minimum: 0
    -     		false
    - -## UserInvitation -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -UserInvitation is the Schema for the userinvitations API - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    apiVersionstringiam.miloapis.com/v1alpha1true
    kindstringUserInvitationtrue
    metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
    specobject - UserInvitationSpec defines the desired state of UserInvitation
    -     		false
    statusobject - UserInvitationStatus defines the observed state of UserInvitation
    -     		false
    - - -### UserInvitation.spec -[↩ Parent](#userinvitation) - - - -UserInvitationSpec defines the desired state of UserInvitation - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    emailstring - The email of the user being invited.
    -
    - Validations:
  • type(oldSelf) == null_type || self == oldSelf: email type is immutable
    • -     		true
    organizationRefobject - OrganizationRef is a reference to the Organization that the user is invoted to.
    -
    - Validations:
  • type(oldSelf) == null_type || self == oldSelf: organizationRef type is immutable
    • -     		true
    roles[]object - The roles that will be assigned to the user when they accept the invitation.
    -
    - Validations:
  • type(oldSelf) == null_type || self == oldSelf: roles type is immutable
    • -     		true
    stateenum - State is the state of the UserInvitation. In order to accept the invitation, the invited user -must set the state to Accepted.
    -
    - Validations:
  • type(oldSelf) == null_type || oldSelf == 'Pending' || self == oldSelf: state can only transition from Pending to another state and is immutable afterwards
    • - Enum: Pending, Accepted, Declined
    -     		true
    expirationDatestring - ExpirationDate is the date and time when the UserInvitation will expire. -If not specified, the UserInvitation will never expire.
    -
    - Validations:
  • type(oldSelf) == null_type || self == oldSelf: expirationDate type is immutable
    • - Format: date-time
    -     		false
    familyNamestring - The last name of the user being invited.
    -
    - Validations:
  • type(oldSelf) == null_type || self == oldSelf: familyName type is immutable
    • -     		false
    givenNamestring - The first name of the user being invited.
    -
    - Validations:
  • type(oldSelf) == null_type || self == oldSelf: givenName type is immutable
    • -     		false
    invitedByobject - InvitedBy is the user who invited the user. A mutation webhook will default this field to the user who made the request.
    -
    - Validations:
  • type(oldSelf) == null_type || self == oldSelf: invitedBy type is immutable
    • -     		false
    - - -### UserInvitation.spec.organizationRef -[↩ Parent](#userinvitationspec) - - - -OrganizationRef is a reference to the Organization that the user is invoted to. - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the name of resource being referenced
    -     		true
    - - -### UserInvitation.spec.roles[index] -[↩ Parent](#userinvitationspec) - - - -RoleReference contains information that points to the Role being used - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the name of resource being referenced
    -     		true
    namespacestring - Namespace of the referenced Role. If empty, it is assumed to be in the PolicyBinding's namespace.
    -     		false
    - - -### UserInvitation.spec.invitedBy -[↩ Parent](#userinvitationspec) - - - -InvitedBy is the user who invited the user. A mutation webhook will default this field to the user who made the request. - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the name of the User being referenced.
    -     		true
    - - -### UserInvitation.status -[↩ Parent](#userinvitation) - - - -UserInvitationStatus defines the observed state of UserInvitation - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    conditions[]object - Conditions provide conditions that represent the current status of the UserInvitation.
    -
    - Default: [map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Unknown]]
    -     		false
    inviteeUserobject - InviteeUser contains information about the invitee user in the invitation. -This value may be nil if the invitee user has not been created yet.
    -     		false
    inviterUserobject - InviterUser contains information about the user who invited the user in the invitation.
    -     		false
    organizationobject - Organization contains information about the organization in the invitation.
    -     		false
    - - -### UserInvitation.status.conditions[index] -[↩ Parent](#userinvitationstatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
    -
    - Format: date-time
    -     		true
    messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
    -     		true
    reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
    -     		true
    statusenum - status of the condition, one of True, False, Unknown.
    -
    - Enum: True, False, Unknown
    -     		true
    typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
    -     		true
    observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
    -
    - Format: int64
    - Minimum: 0
    -     		false
    - - -### UserInvitation.status.inviteeUser -[↩ Parent](#userinvitationstatus) - - - -InviteeUser contains information about the invitee user in the invitation. -This value may be nil if the invitee user has not been created yet. - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the name of the invitee user in the invitation. -Name is a cluster-scoped resource, so Namespace is not needed.
    -     		true
    - - -### UserInvitation.status.inviterUser -[↩ Parent](#userinvitationstatus) - - - -InviterUser contains information about the user who invited the user in the invitation. - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    displayNamestring - DisplayName is the display name of the user who invited the user in the invitation.
    -     		false
    emailAddressstring - EmailAddress is the email address of the user who invited the user in the invitation.
    -     		false
    - - -### UserInvitation.status.organization -[↩ Parent](#userinvitationstatus) - - - -Organization contains information about the organization in the invitation. - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    displayNamestring - DisplayName is the display name of the organization in the invitation.
    -     		false
    - -## UserPreference -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -UserPreference is the Schema for the userpreferences API - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    apiVersionstringiam.miloapis.com/v1alpha1true
    kindstringUserPreferencetrue
    metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
    specobject - UserPreferenceSpec defines the desired state of UserPreference
    -     		false
    statusobject - UserPreferenceStatus defines the observed state of UserPreference
    -     		false
    - - -### UserPreference.spec -[↩ Parent](#userpreference) - - - -UserPreferenceSpec defines the desired state of UserPreference - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    userRefobject - Reference to the user these preferences belong to.
    -     		true
    themeenum - The user's theme preference.
    -
    - Enum: light, dark, system
    - Default: system
    -     		false
    - - -### UserPreference.spec.userRef -[↩ Parent](#userpreferencespec) - - - -Reference to the user these preferences belong to. - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the name of the User being referenced.
    -     		true
    - - -### UserPreference.status -[↩ Parent](#userpreference) - - - -UserPreferenceStatus defines the observed state of UserPreference - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    conditions[]object - Conditions provide conditions that represent the current status of the UserPreference.
    -
    - Default: [map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]
    -     		false
    - - -### UserPreference.status.conditions[index] -[↩ Parent](#userpreferencestatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
    -
    - Format: date-time
    -     		true
    messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
    -     		true
    reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
    -     		true
    statusenum - status of the condition, one of True, False, Unknown.
    -
    - Enum: True, False, Unknown
    -     		true
    typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
    -     		true
    observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
    -
    - Format: int64
    - Minimum: 0
    -     		false
    - -## User -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -User is the Schema for the users API - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    apiVersionstringiam.miloapis.com/v1alpha1true
    kindstringUsertrue
    metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
    specobject - UserSpec defines the desired state of User
    -     		false
    statusobject - UserStatus defines the observed state of User
    -     		false
    - - -### User.spec -[↩ Parent](#user) - - - -UserSpec defines the desired state of User - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    emailstring - The email of the user.
    -     		true
    familyNamestring - The last name of the user.
    -     		false
    givenNamestring - The first name of the user.
    -     		false
    - - -### User.status -[↩ Parent](#user) - - - -UserStatus defines the observed state of User - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    avatarUrlstring - AvatarURL points to the avatar image associated with the user. This value is -populated by the auth provider or any service that provides a user avatar URL.
    -
    - Format: uri
    -     		false
    conditions[]object - Conditions provide conditions that represent the current status of the User.
    -
    - Default: [map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]
    -     		false
    lastLoginProviderstring - LastLoginProvider records the identity provider that was most recently used by the -user to log in (e.g., "github" or "google"). This field is set by the auth provider -based on authentication events.
    -     		false
    registrationApprovalenum - RegistrationApproval represents the administrator’s decision on the user’s registration request. -States: - - Pending: The user is awaiting review by an administrator. - - Approved: The user registration has been approved. - - Rejected: The user registration has been rejected. -The User resource is always created regardless of this value, but the -ability for the person to sign into the platform and access resources is -governed by this status: only *Approved* users are granted access, while -*Pending* and *Rejected* users are prevented for interacting with resources.
    -
    - Enum: Pending, Approved, Rejected
    -     		false
    stateenum - State represents the current activation state of the user account from the -auth provider. This field is managed exclusively by the UserDeactivation CRD -and cannot be changed directly by the user. When a UserDeactivation resource -is created for the user, the user is deactivated in the auth provider; when -the UserDeactivation is deleted, the user is reactivated. -States: - - Active: The user can be used to authenticate. - - Inactive: The user is prohibited to be used to authenticate, and revokes all existing sessions.
    -
    - Enum: Active, Inactive
    - Default: Active
    -     		false
    - - -### User.status.conditions[index] -[↩ Parent](#userstatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
    -
    - Format: date-time
    -     		true
    messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
    -     		true
    reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
    -     		true
    statusenum - status of the condition, one of True, False, Unknown.
    -
    - Enum: True, False, Unknown
    -     		true
    typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
    -     		true
    observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
    -
    - Format: int64
    - Minimum: 0
    -     		false
    +...(all below unchanged)