A RepositoryPolicy is a managed resource that represents an Elastic Container Repository Policy
Type
CRD
Group
ecr.aws.crossplane.io
Version
apiVersion: ecr.aws.crossplane.io/v1beta1
kind: RepositoryPolicy
A RepositoryPolicySpec defines the desired state of a Elastic Container Repository.
RepositoryPolicyParameters define the desired state of an AWS Elastic Container Repository
Policy is a well defined type which can be parsed into an JSON Repository Policy either policy or rawPolicy must be specified in the policy
Statements is the list of statement this policy applies either jsonStatements or statements must be specified in the policy
Each element of the PolicyAction array describes the specific action or actions that will be allowed or denied with this PolicyStatement.
Condition specifies where conditions for policy are in effect. https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelasticcontainerregistry.html#amazonelasticcontainerregistry-policy-keys
Conditions represents each of the key/value pairs for the operator key
ConditionListValue is the list value of the key from the parent condition
Each element of the NotPolicyAction array will allow the property to match all but the listed actions.
Used with the Repository policy to specify the users which are not included in this policy
This list contains the all of the AWS IAM users which are affected by the policy statement.
IAMRoleARNRef contains the reference to an IAMRole
Policies for referencing.
IAMRoleARNSelector queries for an IAM role to retrieve its userName
Policies for selection.
UserARNRef contains the reference to an User
Policies for referencing.
UserARNSelector queries for an User to retrieve its userName
Policies for selection.
Service define the services which can have access to this bucket
This will explicitly match all resource paths except the ones specified in this array
Used with the Repository policy to specify the principal that is allowed or denied access to a resource.
This list contains the all of the AWS IAM users which are affected by the policy statement.
IAMRoleARNRef contains the reference to an IAMRole
Policies for referencing.
IAMRoleARNSelector queries for an IAM role to retrieve its userName
Policies for selection.
UserARNRef contains the reference to an User
Policies for referencing.
UserARNSelector queries for an User to retrieve its userName
Policies for selection.
Service define the services which can have access to this bucket
The paths on which this resource will apply
A referencer to retrieve the name of a repository One of RepositoryName, RepositoryNameRef, or RepositoryNameSelector is required.
Policies for referencing.
A selector to select a referencer to retrieve the name of a repository One of RepositoryName, RepositoryNameRef, or RepositoryNameSelector is required.
Policies for selection.
THIS IS A BETA FIELD. It is on by default but can be opted out through a Crossplane feature flag. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
Policies for referencing.
PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
A RepositoryPolicyStatus represents the observed state of a repository policy
Conditions of the resource.
example
apiVersion: ecr.aws.crossplane.io/v1beta1
kind: RepositoryPolicy
metadata:
labels:
region: us-east-1
name: example
spec:
forProvider:
rawPolicy: |
{
"Statement": [
{
"Action":"ecr:DescribeImages",
"Effect":"Allow",
"Principal":"*",
}
],
"Version":"2012-10-17"
}
region: us-east-1
repositoryName: example
providerConfigRef:
name: example
example
apiVersion: ecr.aws.crossplane.io/v1beta1
kind: RepositoryPolicy
metadata:
labels:
region: us-east-1
name: example
spec:
forProvider:
policy:
statements:
- action:
- ecr:DescribeRepositories
- ecr:DescribeImages
effect: Allow
principal:
awsPrincipals:
- iamUserArnRef:
name: someuser
version: 2012-10-17
region: us-east-1
repositoryNameRef:
name: example
providerConfigRef:
name: example