diff --git a/apis/civo/firewall/v1alpha1/doc.go b/apis/civo/firewall/v1alpha1/doc.go new file mode 100644 index 0000000..89a3fb9 --- /dev/null +++ b/apis/civo/firewall/v1alpha1/doc.go @@ -0,0 +1,21 @@ +/* +Copyright 2024 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1alpha1 contains the v1alpha1 group Sample resources of the Template provider. +// +kubebuilder:object:generate=true +// +groupName=firewall.civo.crossplane.io +// +versionName=v1alpha1 +package v1alpha1 diff --git a/apis/civo/firewall/v1alpha1/register.go b/apis/civo/firewall/v1alpha1/register.go new file mode 100644 index 0000000..cb0a6b2 --- /dev/null +++ b/apis/civo/firewall/v1alpha1/register.go @@ -0,0 +1,50 @@ +/* +Copyright 2020 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + "reflect" + + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +// Package type metadata. +const ( + Group = "firewall.civo.crossplane.io" + Version = "v1alpha1" +) + +var ( + // SchemeGroupVersion is group version used to register these objects + SchemeGroupVersion = schema.GroupVersion{Group: Group, Version: Version} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} +) + +// CivoFirewall type metadata. +var ( + CivoFirewallKind = reflect.TypeOf(CivoFirewall{}).Name() + CivoFirewallGroupKind = schema.GroupKind{Group: Group, Kind: CivoFirewallKind}.String() + CivoFirewallKindAPIVersion = CivoFirewallKind + "." + SchemeGroupVersion.String() + CivoFirewallGroupVersionKind = SchemeGroupVersion.WithKind(CivoFirewallKind) +) + +func init() { + SchemeBuilder.Register(&CivoFirewall{}, &CivoFirewallList{}) +} diff --git a/apis/civo/firewall/v1alpha1/types.go b/apis/civo/firewall/v1alpha1/types.go new file mode 100644 index 0000000..a0eec49 --- /dev/null +++ b/apis/civo/firewall/v1alpha1/types.go @@ -0,0 +1,126 @@ +package v1alpha1 + +import ( + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// CivoFirewallSpec defines the desired state of a Firewall. +type CivoFirewallSpec struct { + xpv1.ResourceSpec `json:",inline"` + + // Name is the name of the Firewall within Civo. + // +kubebuilder:validation:Required + // +immutable + Name string `json:"name"` + + // NetworkID is the identifier for the network associated with the Firewall. + // +kubebuilder:validation:Required + // +immutable + NetworkID string `json:"networkId"` + + // Region is the identifier for the region in which the Firewall is deployed. + // +kubebuilder:validation:Required + Region string `json:"region"` + + // Rules are the set of rules applied to the firewall. + // +optional + Rules []FirewallRule `json:"rules,omitempty"` + + // ProviderReference holds configs (region, API key etc) for the crossplane provider that is being used. + ProviderReference *xpv1.Reference `json:"providerReference"` +} + +// FirewallRule defines the rules applied to the Firewall. +type FirewallRule struct { + // Protocol used by the rule (TCP, UDP, ICMP). + // +kubebuilder:validation:Enum=TCP;UDP;ICMP + // +kubebuilder:validation:Required + Protocol string `json:"protocol"` + + // StartPort is the starting port of the range. + // +kubebuilder:validation:Required + StartPort int `json:"startPort"` + + // EndPort is the ending port of the range. + // +optional + EndPort *int `json:"endPort,omitempty"` + + // CIDR is the IP address range that is applicable for the rule. + // +kubebuilder:validation:Required + CIDR string `json:"cidr"` + + // Direction indicates whether the rule is for inbound or outbound traffic. + // +kubebuilder:validation:Enum=ingress;egress + // +kubebuilder:validation:Required + Direction string `json:"direction"` + + // Label is an optional identifier for the rule. + // +optional + Label string `json:"label,omitempty"` +} + +// CivoFirewallStatus defines the observed state of CivoFirewall. +type CivoFirewallStatus struct { + xpv1.ResourceStatus `json:",inline"` + AtProvider CivoFirewallObservation `json:"atProvider,omitempty"` +} + +// CivoFirewallObservation is used to reflect the observed state of the firewall. +type CivoFirewallObservation struct { + // ID is the Civo ID of the Firewall. + ID string `json:"id,omitempty"` + + // InstanceCount shows how many instances are using this firewall. + InstanceCount *int `json:"instanceCount,omitempty"` + + // RulesCount shows how many rules are associated with this firewall. + RulesCount int `json:"rulesCount"` +} + +// +kubebuilder:object:root=true + +// CivoFirewall is the Schema for the CivoFirewalls API +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="MESSAGE",type="string",JSONPath=".status.atProvider.state" +// Please replace `PROVIDER-NAME` with your actual provider name, like `aws`, `azure`, `gcp`, `alibaba` +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,civo} +// +kubebuilder:subresource:status +type CivoFirewall struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec CivoFirewallSpec `json:"spec"` + Status CivoFirewallStatus `json:"status,omitempty"` +} + +// SetManagementPolicies sets up management policies. +func (mg *CivoFirewall) SetManagementPolicies(r xpv1.ManagementPolicies) {} + +// GetManagementPolicies gets management policies. +func (mg *CivoFirewall) GetManagementPolicies() xpv1.ManagementPolicies { + // Note: Crossplane runtime reconciler should leave handling of + // ManagementPolicies to the provider controller. This is a temporary hack + // until we remove the ManagementPolicy field from the Provider Kubernetes + // Object in favor of the one in the ResourceSpec. + return []xpv1.ManagementAction{xpv1.ManagementActionAll} +} + +// SetPublishConnectionDetailsTo sets up connection details. +func (mg *CivoFirewall) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// GetPublishConnectionDetailsTo gets publish connection details. +func (mg *CivoFirewall) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// +kubebuilder:object:root=true + +// CivoFirewallList contains a list of CivoFirewall. +type CivoFirewallList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []CivoFirewall `json:"items"` +} diff --git a/apis/civo/firewall/v1alpha1/zz_generated.deepcopy.go b/apis/civo/firewall/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 0000000..8865372 --- /dev/null +++ b/apis/civo/firewall/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,170 @@ +//go:build !ignore_autogenerated + +/* +Copyright 2020 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "github.com/crossplane/crossplane-runtime/apis/common/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CivoFirewall) DeepCopyInto(out *CivoFirewall) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CivoFirewall. +func (in *CivoFirewall) DeepCopy() *CivoFirewall { + if in == nil { + return nil + } + out := new(CivoFirewall) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CivoFirewall) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CivoFirewallList) DeepCopyInto(out *CivoFirewallList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]CivoFirewall, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CivoFirewallList. +func (in *CivoFirewallList) DeepCopy() *CivoFirewallList { + if in == nil { + return nil + } + out := new(CivoFirewallList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CivoFirewallList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CivoFirewallObservation) DeepCopyInto(out *CivoFirewallObservation) { + *out = *in + if in.InstanceCount != nil { + in, out := &in.InstanceCount, &out.InstanceCount + *out = new(int) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CivoFirewallObservation. +func (in *CivoFirewallObservation) DeepCopy() *CivoFirewallObservation { + if in == nil { + return nil + } + out := new(CivoFirewallObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CivoFirewallSpec) DeepCopyInto(out *CivoFirewallSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + if in.Rules != nil { + in, out := &in.Rules, &out.Rules + *out = make([]FirewallRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ProviderReference != nil { + in, out := &in.ProviderReference, &out.ProviderReference + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CivoFirewallSpec. +func (in *CivoFirewallSpec) DeepCopy() *CivoFirewallSpec { + if in == nil { + return nil + } + out := new(CivoFirewallSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CivoFirewallStatus) DeepCopyInto(out *CivoFirewallStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CivoFirewallStatus. +func (in *CivoFirewallStatus) DeepCopy() *CivoFirewallStatus { + if in == nil { + return nil + } + out := new(CivoFirewallStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FirewallRule) DeepCopyInto(out *FirewallRule) { + *out = *in + if in.EndPort != nil { + in, out := &in.EndPort, &out.EndPort + *out = new(int) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FirewallRule. +func (in *FirewallRule) DeepCopy() *FirewallRule { + if in == nil { + return nil + } + out := new(FirewallRule) + in.DeepCopyInto(out) + return out +} diff --git a/apis/civo/firewall/v1alpha1/zz_generated.managed.go b/apis/civo/firewall/v1alpha1/zz_generated.managed.go new file mode 100644 index 0000000..f8af0fc --- /dev/null +++ b/apis/civo/firewall/v1alpha1/zz_generated.managed.go @@ -0,0 +1,76 @@ +/* +Copyright 2020 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by angryjet. DO NOT EDIT. + +package v1alpha1 + +import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + +// GetCondition of this CivoFirewall. +func (mg *CivoFirewall) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this CivoFirewall. +func (mg *CivoFirewall) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetProviderConfigReference of this CivoFirewall. +func (mg *CivoFirewall) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +/* +GetProviderReference of this CivoFirewall. +Deprecated: Use GetProviderConfigReference. +*/ +func (mg *CivoFirewall) GetProviderReference() *xpv1.Reference { + return mg.Spec.ProviderReference +} + +// GetWriteConnectionSecretToReference of this CivoFirewall. +func (mg *CivoFirewall) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this CivoFirewall. +func (mg *CivoFirewall) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this CivoFirewall. +func (mg *CivoFirewall) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetProviderConfigReference of this CivoFirewall. +func (mg *CivoFirewall) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +/* +SetProviderReference of this CivoFirewall. +Deprecated: Use SetProviderConfigReference. +*/ +func (mg *CivoFirewall) SetProviderReference(r *xpv1.Reference) { + mg.Spec.ProviderReference = r +} + +// SetWriteConnectionSecretToReference of this CivoFirewall. +func (mg *CivoFirewall) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} diff --git a/apis/civo/firewall/v1alpha1/zz_generated.managedlist.go b/apis/civo/firewall/v1alpha1/zz_generated.managedlist.go new file mode 100644 index 0000000..89f14fc --- /dev/null +++ b/apis/civo/firewall/v1alpha1/zz_generated.managedlist.go @@ -0,0 +1,29 @@ +/* +Copyright 2020 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by angryjet. DO NOT EDIT. + +package v1alpha1 + +import resource "github.com/crossplane/crossplane-runtime/pkg/resource" + +// GetItems of this CivoFirewallList. +func (l *CivoFirewallList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} diff --git a/package/crds/firewall.civo.crossplane.io_civofirewalls.yaml b/package/crds/firewall.civo.crossplane.io_civofirewalls.yaml new file mode 100644 index 0000000..adf37ea --- /dev/null +++ b/package/crds/firewall.civo.crossplane.io_civofirewalls.yaml @@ -0,0 +1,391 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: civofirewalls.firewall.civo.crossplane.io +spec: + group: firewall.civo.crossplane.io + names: + categories: + - crossplane + - managed + - civo + kind: CivoFirewall + listKind: CivoFirewallList + plural: civofirewalls + singular: civofirewall + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.atProvider.state + name: MESSAGE + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + CivoFirewall is the Schema for the CivoFirewalls API + Please replace `PROVIDER-NAME` with your actual provider name, like `aws`, `azure`, `gcp`, `alibaba` + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CivoFirewallSpec defines the desired state of a Firewall. + properties: + deletionPolicy: + default: Delete + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + enum: + - Orphan + - Delete + type: string + managementPolicies: + default: + - '*' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + items: + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + name: + description: Name is the name of the Firewall within Civo. + type: string + networkId: + description: NetworkID is the identifier for the network associated + with the Firewall. + type: string + providerConfigRef: + default: + name: default + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + providerReference: + description: ProviderReference holds configs (region, API key etc) + for the crossplane provider that is being used. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. + type: object + type: + description: |- + Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + region: + description: Region is the identifier for the region in which the + Firewall is deployed. + type: string + rules: + description: Rules are the set of rules applied to the firewall. + items: + description: FirewallRule defines the rules applied to the Firewall. + properties: + cidr: + description: CIDR is the IP address range that is applicable + for the rule. + type: string + direction: + description: Direction indicates whether the rule is for inbound + or outbound traffic. + enum: + - ingress + - egress + type: string + endPort: + description: EndPort is the ending port of the range. + type: integer + label: + description: Label is an optional identifier for the rule. + type: string + protocol: + description: Protocol used by the rule (TCP, UDP, ICMP). + enum: + - TCP + - UDP + - ICMP + type: string + startPort: + description: StartPort is the starting port of the range. + type: integer + required: + - cidr + - direction + - protocol + - startPort + type: object + type: array + writeConnectionSecretToRef: + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - name + - networkId + - providerReference + - region + type: object + status: + description: CivoFirewallStatus defines the observed state of CivoFirewall. + properties: + atProvider: + description: CivoFirewallObservation is used to reflect the observed + state of the firewall. + properties: + id: + description: ID is the Civo ID of the Firewall. + type: string + instanceCount: + description: InstanceCount shows how many instances are using + this firewall. + type: integer + rulesCount: + description: RulesCount shows how many rules are associated with + this firewall. + type: integer + required: + - rulesCount + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {}