diff --git a/crossplane-provider-upjet-github/README.md b/crossplane-provider-upjet-github/README.md
new file mode 100644
index 00000000..81748094
--- /dev/null
+++ b/crossplane-provider-upjet-github/README.md
@@ -0,0 +1,11999 @@
+# crossplane-provider-upjet-github
+
+## Index
+
+- v1alpha1
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretSpec](#actionsgithubupboundiov1alpha1actionssecretspec)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProvider](#actionsgithubupboundiov1alpha1actionssecretspecforprovider)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderEncryptedValueSecretRef](#actionsgithubupboundiov1alpha1actionssecretspecforproviderencryptedvaluesecretref)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderPlaintextValueSecretRef](#actionsgithubupboundiov1alpha1actionssecretspecforproviderplaintextvaluesecretref)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositoryRef](#actionsgithubupboundiov1alpha1actionssecretspecforproviderrepositoryref)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1actionssecretspecforproviderrepositoryrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositorySelector](#actionsgithubupboundiov1alpha1actionssecretspecforproviderrepositoryselector)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1actionssecretspecforproviderrepositoryselectorpolicy)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProvider](#actionsgithubupboundiov1alpha1actionssecretspecinitprovider)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderEncryptedValueSecretRef](#actionsgithubupboundiov1alpha1actionssecretspecinitproviderencryptedvaluesecretref)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderPlaintextValueSecretRef](#actionsgithubupboundiov1alpha1actionssecretspecinitproviderplaintextvaluesecretref)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositoryRef](#actionsgithubupboundiov1alpha1actionssecretspecinitproviderrepositoryref)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1actionssecretspecinitproviderrepositoryrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositorySelector](#actionsgithubupboundiov1alpha1actionssecretspecinitproviderrepositoryselector)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1actionssecretspecinitproviderrepositoryselectorpolicy)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretSpecProviderConfigRef](#actionsgithubupboundiov1alpha1actionssecretspecproviderconfigref)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretSpecProviderConfigRefPolicy](#actionsgithubupboundiov1alpha1actionssecretspecproviderconfigrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsTo](#actionsgithubupboundiov1alpha1actionssecretspecpublishconnectiondetailsto)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsToConfigRef](#actionsgithubupboundiov1alpha1actionssecretspecpublishconnectiondetailstoconfigref)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsToConfigRefPolicy](#actionsgithubupboundiov1alpha1actionssecretspecpublishconnectiondetailstoconfigrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsToMetadata](#actionsgithubupboundiov1alpha1actionssecretspecpublishconnectiondetailstometadata)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretSpecWriteConnectionSecretToRef](#actionsgithubupboundiov1alpha1actionssecretspecwriteconnectionsecrettoref)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretStatus](#actionsgithubupboundiov1alpha1actionssecretstatus)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretStatusAtProvider](#actionsgithubupboundiov1alpha1actionssecretstatusatprovider)
+ - [ActionsGithubUpboundIoV1alpha1ActionsSecretStatusConditionsItems0](#actionsgithubupboundiov1alpha1actionssecretstatusconditionsitems0)
+ - [ActionsGithubUpboundIoV1alpha1ActionsVariableSpec](#actionsgithubupboundiov1alpha1actionsvariablespec)
+ - [ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProvider](#actionsgithubupboundiov1alpha1actionsvariablespecforprovider)
+ - [ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositoryRef](#actionsgithubupboundiov1alpha1actionsvariablespecforproviderrepositoryref)
+ - [ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1actionsvariablespecforproviderrepositoryrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositorySelector](#actionsgithubupboundiov1alpha1actionsvariablespecforproviderrepositoryselector)
+ - [ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1actionsvariablespecforproviderrepositoryselectorpolicy)
+ - [ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProvider](#actionsgithubupboundiov1alpha1actionsvariablespecinitprovider)
+ - [ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositoryRef](#actionsgithubupboundiov1alpha1actionsvariablespecinitproviderrepositoryref)
+ - [ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1actionsvariablespecinitproviderrepositoryrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositorySelector](#actionsgithubupboundiov1alpha1actionsvariablespecinitproviderrepositoryselector)
+ - [ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1actionsvariablespecinitproviderrepositoryselectorpolicy)
+ - [ActionsGithubUpboundIoV1alpha1ActionsVariableSpecProviderConfigRef](#actionsgithubupboundiov1alpha1actionsvariablespecproviderconfigref)
+ - [ActionsGithubUpboundIoV1alpha1ActionsVariableSpecProviderConfigRefPolicy](#actionsgithubupboundiov1alpha1actionsvariablespecproviderconfigrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsTo](#actionsgithubupboundiov1alpha1actionsvariablespecpublishconnectiondetailsto)
+ - [ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsToConfigRef](#actionsgithubupboundiov1alpha1actionsvariablespecpublishconnectiondetailstoconfigref)
+ - [ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsToConfigRefPolicy](#actionsgithubupboundiov1alpha1actionsvariablespecpublishconnectiondetailstoconfigrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsToMetadata](#actionsgithubupboundiov1alpha1actionsvariablespecpublishconnectiondetailstometadata)
+ - [ActionsGithubUpboundIoV1alpha1ActionsVariableSpecWriteConnectionSecretToRef](#actionsgithubupboundiov1alpha1actionsvariablespecwriteconnectionsecrettoref)
+ - [ActionsGithubUpboundIoV1alpha1ActionsVariableStatus](#actionsgithubupboundiov1alpha1actionsvariablestatus)
+ - [ActionsGithubUpboundIoV1alpha1ActionsVariableStatusAtProvider](#actionsgithubupboundiov1alpha1actionsvariablestatusatprovider)
+ - [ActionsGithubUpboundIoV1alpha1ActionsVariableStatusConditionsItems0](#actionsgithubupboundiov1alpha1actionsvariablestatusconditionsitems0)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpec](#actionsgithubupboundiov1alpha1environmentsecretspec)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProvider](#actionsgithubupboundiov1alpha1environmentsecretspecforprovider)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEncryptedValueSecretRef](#actionsgithubupboundiov1alpha1environmentsecretspecforproviderencryptedvaluesecretref)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentRef](#actionsgithubupboundiov1alpha1environmentsecretspecforproviderenvironmentref)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentRefPolicy](#actionsgithubupboundiov1alpha1environmentsecretspecforproviderenvironmentrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentSelector](#actionsgithubupboundiov1alpha1environmentsecretspecforproviderenvironmentselector)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentSelectorPolicy](#actionsgithubupboundiov1alpha1environmentsecretspecforproviderenvironmentselectorpolicy)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderPlaintextValueSecretRef](#actionsgithubupboundiov1alpha1environmentsecretspecforproviderplaintextvaluesecretref)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositoryRef](#actionsgithubupboundiov1alpha1environmentsecretspecforproviderrepositoryref)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1environmentsecretspecforproviderrepositoryrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositorySelector](#actionsgithubupboundiov1alpha1environmentsecretspecforproviderrepositoryselector)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1environmentsecretspecforproviderrepositoryselectorpolicy)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProvider](#actionsgithubupboundiov1alpha1environmentsecretspecinitprovider)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEncryptedValueSecretRef](#actionsgithubupboundiov1alpha1environmentsecretspecinitproviderencryptedvaluesecretref)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentRef](#actionsgithubupboundiov1alpha1environmentsecretspecinitproviderenvironmentref)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentRefPolicy](#actionsgithubupboundiov1alpha1environmentsecretspecinitproviderenvironmentrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentSelector](#actionsgithubupboundiov1alpha1environmentsecretspecinitproviderenvironmentselector)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentSelectorPolicy](#actionsgithubupboundiov1alpha1environmentsecretspecinitproviderenvironmentselectorpolicy)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderPlaintextValueSecretRef](#actionsgithubupboundiov1alpha1environmentsecretspecinitproviderplaintextvaluesecretref)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositoryRef](#actionsgithubupboundiov1alpha1environmentsecretspecinitproviderrepositoryref)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1environmentsecretspecinitproviderrepositoryrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositorySelector](#actionsgithubupboundiov1alpha1environmentsecretspecinitproviderrepositoryselector)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1environmentsecretspecinitproviderrepositoryselectorpolicy)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecProviderConfigRef](#actionsgithubupboundiov1alpha1environmentsecretspecproviderconfigref)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecProviderConfigRefPolicy](#actionsgithubupboundiov1alpha1environmentsecretspecproviderconfigrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsTo](#actionsgithubupboundiov1alpha1environmentsecretspecpublishconnectiondetailsto)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsToConfigRef](#actionsgithubupboundiov1alpha1environmentsecretspecpublishconnectiondetailstoconfigref)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsToConfigRefPolicy](#actionsgithubupboundiov1alpha1environmentsecretspecpublishconnectiondetailstoconfigrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsToMetadata](#actionsgithubupboundiov1alpha1environmentsecretspecpublishconnectiondetailstometadata)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecWriteConnectionSecretToRef](#actionsgithubupboundiov1alpha1environmentsecretspecwriteconnectionsecrettoref)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretStatus](#actionsgithubupboundiov1alpha1environmentsecretstatus)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretStatusAtProvider](#actionsgithubupboundiov1alpha1environmentsecretstatusatprovider)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentSecretStatusConditionsItems0](#actionsgithubupboundiov1alpha1environmentsecretstatusconditionsitems0)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpec](#actionsgithubupboundiov1alpha1environmentvariablespec)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProvider](#actionsgithubupboundiov1alpha1environmentvariablespecforprovider)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentRef](#actionsgithubupboundiov1alpha1environmentvariablespecforproviderenvironmentref)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentRefPolicy](#actionsgithubupboundiov1alpha1environmentvariablespecforproviderenvironmentrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentSelector](#actionsgithubupboundiov1alpha1environmentvariablespecforproviderenvironmentselector)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentSelectorPolicy](#actionsgithubupboundiov1alpha1environmentvariablespecforproviderenvironmentselectorpolicy)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositoryRef](#actionsgithubupboundiov1alpha1environmentvariablespecforproviderrepositoryref)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1environmentvariablespecforproviderrepositoryrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositorySelector](#actionsgithubupboundiov1alpha1environmentvariablespecforproviderrepositoryselector)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1environmentvariablespecforproviderrepositoryselectorpolicy)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProvider](#actionsgithubupboundiov1alpha1environmentvariablespecinitprovider)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentRef](#actionsgithubupboundiov1alpha1environmentvariablespecinitproviderenvironmentref)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentRefPolicy](#actionsgithubupboundiov1alpha1environmentvariablespecinitproviderenvironmentrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentSelector](#actionsgithubupboundiov1alpha1environmentvariablespecinitproviderenvironmentselector)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentSelectorPolicy](#actionsgithubupboundiov1alpha1environmentvariablespecinitproviderenvironmentselectorpolicy)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositoryRef](#actionsgithubupboundiov1alpha1environmentvariablespecinitproviderrepositoryref)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1environmentvariablespecinitproviderrepositoryrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositorySelector](#actionsgithubupboundiov1alpha1environmentvariablespecinitproviderrepositoryselector)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1environmentvariablespecinitproviderrepositoryselectorpolicy)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecProviderConfigRef](#actionsgithubupboundiov1alpha1environmentvariablespecproviderconfigref)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecProviderConfigRefPolicy](#actionsgithubupboundiov1alpha1environmentvariablespecproviderconfigrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsTo](#actionsgithubupboundiov1alpha1environmentvariablespecpublishconnectiondetailsto)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsToConfigRef](#actionsgithubupboundiov1alpha1environmentvariablespecpublishconnectiondetailstoconfigref)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsToConfigRefPolicy](#actionsgithubupboundiov1alpha1environmentvariablespecpublishconnectiondetailstoconfigrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsToMetadata](#actionsgithubupboundiov1alpha1environmentvariablespecpublishconnectiondetailstometadata)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecWriteConnectionSecretToRef](#actionsgithubupboundiov1alpha1environmentvariablespecwriteconnectionsecrettoref)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableStatus](#actionsgithubupboundiov1alpha1environmentvariablestatus)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableStatusAtProvider](#actionsgithubupboundiov1alpha1environmentvariablestatusatprovider)
+ - [ActionsGithubUpboundIoV1alpha1EnvironmentVariableStatusConditionsItems0](#actionsgithubupboundiov1alpha1environmentvariablestatusconditionsitems0)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpec](#actionsgithubupboundiov1alpha1organizationactionssecretspec)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecForProvider](#actionsgithubupboundiov1alpha1organizationactionssecretspecforprovider)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecForProviderEncryptedValueSecretRef](#actionsgithubupboundiov1alpha1organizationactionssecretspecforproviderencryptedvaluesecretref)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecForProviderPlaintextValueSecretRef](#actionsgithubupboundiov1alpha1organizationactionssecretspecforproviderplaintextvaluesecretref)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecInitProvider](#actionsgithubupboundiov1alpha1organizationactionssecretspecinitprovider)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecInitProviderEncryptedValueSecretRef](#actionsgithubupboundiov1alpha1organizationactionssecretspecinitproviderencryptedvaluesecretref)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecInitProviderPlaintextValueSecretRef](#actionsgithubupboundiov1alpha1organizationactionssecretspecinitproviderplaintextvaluesecretref)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecProviderConfigRef](#actionsgithubupboundiov1alpha1organizationactionssecretspecproviderconfigref)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecProviderConfigRefPolicy](#actionsgithubupboundiov1alpha1organizationactionssecretspecproviderconfigrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsTo](#actionsgithubupboundiov1alpha1organizationactionssecretspecpublishconnectiondetailsto)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsToConfigRef](#actionsgithubupboundiov1alpha1organizationactionssecretspecpublishconnectiondetailstoconfigref)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsToConfigRefPolicy](#actionsgithubupboundiov1alpha1organizationactionssecretspecpublishconnectiondetailstoconfigrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsToMetadata](#actionsgithubupboundiov1alpha1organizationactionssecretspecpublishconnectiondetailstometadata)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecWriteConnectionSecretToRef](#actionsgithubupboundiov1alpha1organizationactionssecretspecwriteconnectionsecrettoref)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretStatus](#actionsgithubupboundiov1alpha1organizationactionssecretstatus)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretStatusAtProvider](#actionsgithubupboundiov1alpha1organizationactionssecretstatusatprovider)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretStatusConditionsItems0](#actionsgithubupboundiov1alpha1organizationactionssecretstatusconditionsitems0)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpec](#actionsgithubupboundiov1alpha1organizationactionsvariablespec)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecForProvider](#actionsgithubupboundiov1alpha1organizationactionsvariablespecforprovider)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecInitProvider](#actionsgithubupboundiov1alpha1organizationactionsvariablespecinitprovider)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecProviderConfigRef](#actionsgithubupboundiov1alpha1organizationactionsvariablespecproviderconfigref)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecProviderConfigRefPolicy](#actionsgithubupboundiov1alpha1organizationactionsvariablespecproviderconfigrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsTo](#actionsgithubupboundiov1alpha1organizationactionsvariablespecpublishconnectiondetailsto)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsToConfigRef](#actionsgithubupboundiov1alpha1organizationactionsvariablespecpublishconnectiondetailstoconfigref)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsToConfigRefPolicy](#actionsgithubupboundiov1alpha1organizationactionsvariablespecpublishconnectiondetailstoconfigrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsToMetadata](#actionsgithubupboundiov1alpha1organizationactionsvariablespecpublishconnectiondetailstometadata)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecWriteConnectionSecretToRef](#actionsgithubupboundiov1alpha1organizationactionsvariablespecwriteconnectionsecrettoref)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableStatus](#actionsgithubupboundiov1alpha1organizationactionsvariablestatus)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableStatusAtProvider](#actionsgithubupboundiov1alpha1organizationactionsvariablestatusatprovider)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableStatusConditionsItems0](#actionsgithubupboundiov1alpha1organizationactionsvariablestatusconditionsitems0)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpec](#actionsgithubupboundiov1alpha1organizationpermissionsspec)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecForProvider](#actionsgithubupboundiov1alpha1organizationpermissionsspecforprovider)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecForProviderAllowedActionsConfigItems0](#actionsgithubupboundiov1alpha1organizationpermissionsspecforproviderallowedactionsconfigitems0)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecForProviderEnabledRepositoriesConfigItems0](#actionsgithubupboundiov1alpha1organizationpermissionsspecforproviderenabledrepositoriesconfigitems0)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecInitProvider](#actionsgithubupboundiov1alpha1organizationpermissionsspecinitprovider)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecInitProviderAllowedActionsConfigItems0](#actionsgithubupboundiov1alpha1organizationpermissionsspecinitproviderallowedactionsconfigitems0)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecInitProviderEnabledRepositoriesConfigItems0](#actionsgithubupboundiov1alpha1organizationpermissionsspecinitproviderenabledrepositoriesconfigitems0)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecProviderConfigRef](#actionsgithubupboundiov1alpha1organizationpermissionsspecproviderconfigref)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecProviderConfigRefPolicy](#actionsgithubupboundiov1alpha1organizationpermissionsspecproviderconfigrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsTo](#actionsgithubupboundiov1alpha1organizationpermissionsspecpublishconnectiondetailsto)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsToConfigRef](#actionsgithubupboundiov1alpha1organizationpermissionsspecpublishconnectiondetailstoconfigref)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsToConfigRefPolicy](#actionsgithubupboundiov1alpha1organizationpermissionsspecpublishconnectiondetailstoconfigrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsToMetadata](#actionsgithubupboundiov1alpha1organizationpermissionsspecpublishconnectiondetailstometadata)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecWriteConnectionSecretToRef](#actionsgithubupboundiov1alpha1organizationpermissionsspecwriteconnectionsecrettoref)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatus](#actionsgithubupboundiov1alpha1organizationpermissionsstatus)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusAtProvider](#actionsgithubupboundiov1alpha1organizationpermissionsstatusatprovider)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusAtProviderAllowedActionsConfigItems0](#actionsgithubupboundiov1alpha1organizationpermissionsstatusatproviderallowedactionsconfigitems0)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusAtProviderEnabledRepositoriesConfigItems0](#actionsgithubupboundiov1alpha1organizationpermissionsstatusatproviderenabledrepositoriesconfigitems0)
+ - [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusConditionsItems0](#actionsgithubupboundiov1alpha1organizationpermissionsstatusconditionsitems0)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpec](#actionsgithubupboundiov1alpha1repositoryaccesslevelspec)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProvider](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecforprovider)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositoryRef](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecforproviderrepositoryref)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecforproviderrepositoryrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositorySelector](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecforproviderrepositoryselector)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecforproviderrepositoryselectorpolicy)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProvider](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecinitprovider)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositoryRef](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecinitproviderrepositoryref)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecinitproviderrepositoryrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositorySelector](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecinitproviderrepositoryselector)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecinitproviderrepositoryselectorpolicy)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecProviderConfigRef](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecproviderconfigref)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecProviderConfigRefPolicy](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecproviderconfigrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsTo](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecpublishconnectiondetailsto)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsToConfigRef](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecpublishconnectiondetailstoconfigref)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsToConfigRefPolicy](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecpublishconnectiondetailstoconfigrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsToMetadata](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecpublishconnectiondetailstometadata)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecWriteConnectionSecretToRef](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecwriteconnectionsecrettoref)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelStatus](#actionsgithubupboundiov1alpha1repositoryaccesslevelstatus)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelStatusAtProvider](#actionsgithubupboundiov1alpha1repositoryaccesslevelstatusatprovider)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelStatusConditionsItems0](#actionsgithubupboundiov1alpha1repositoryaccesslevelstatusconditionsitems0)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpec](#actionsgithubupboundiov1alpha1repositorypermissionsspec)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProvider](#actionsgithubupboundiov1alpha1repositorypermissionsspecforprovider)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderAllowedActionsConfigItems0](#actionsgithubupboundiov1alpha1repositorypermissionsspecforproviderallowedactionsconfigitems0)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositoryRef](#actionsgithubupboundiov1alpha1repositorypermissionsspecforproviderrepositoryref)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1repositorypermissionsspecforproviderrepositoryrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositorySelector](#actionsgithubupboundiov1alpha1repositorypermissionsspecforproviderrepositoryselector)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1repositorypermissionsspecforproviderrepositoryselectorpolicy)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProvider](#actionsgithubupboundiov1alpha1repositorypermissionsspecinitprovider)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderAllowedActionsConfigItems0](#actionsgithubupboundiov1alpha1repositorypermissionsspecinitproviderallowedactionsconfigitems0)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositoryRef](#actionsgithubupboundiov1alpha1repositorypermissionsspecinitproviderrepositoryref)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1repositorypermissionsspecinitproviderrepositoryrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositorySelector](#actionsgithubupboundiov1alpha1repositorypermissionsspecinitproviderrepositoryselector)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1repositorypermissionsspecinitproviderrepositoryselectorpolicy)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecProviderConfigRef](#actionsgithubupboundiov1alpha1repositorypermissionsspecproviderconfigref)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecProviderConfigRefPolicy](#actionsgithubupboundiov1alpha1repositorypermissionsspecproviderconfigrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsTo](#actionsgithubupboundiov1alpha1repositorypermissionsspecpublishconnectiondetailsto)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsToConfigRef](#actionsgithubupboundiov1alpha1repositorypermissionsspecpublishconnectiondetailstoconfigref)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsToConfigRefPolicy](#actionsgithubupboundiov1alpha1repositorypermissionsspecpublishconnectiondetailstoconfigrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsToMetadata](#actionsgithubupboundiov1alpha1repositorypermissionsspecpublishconnectiondetailstometadata)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecWriteConnectionSecretToRef](#actionsgithubupboundiov1alpha1repositorypermissionsspecwriteconnectionsecrettoref)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatus](#actionsgithubupboundiov1alpha1repositorypermissionsstatus)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatusAtProvider](#actionsgithubupboundiov1alpha1repositorypermissionsstatusatprovider)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatusAtProviderAllowedActionsConfigItems0](#actionsgithubupboundiov1alpha1repositorypermissionsstatusatproviderallowedactionsconfigitems0)
+ - [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatusConditionsItems0](#actionsgithubupboundiov1alpha1repositorypermissionsstatusconditionsitems0)
+ - [ActionsGithubUpboundIoV1alpha1RunnerGroupSpec](#actionsgithubupboundiov1alpha1runnergroupspec)
+ - [ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProvider](#actionsgithubupboundiov1alpha1runnergroupspecforprovider)
+ - [ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameRef](#actionsgithubupboundiov1alpha1runnergroupspecforprovidernameref)
+ - [ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameRefPolicy](#actionsgithubupboundiov1alpha1runnergroupspecforprovidernamerefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameSelector](#actionsgithubupboundiov1alpha1runnergroupspecforprovidernameselector)
+ - [ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameSelectorPolicy](#actionsgithubupboundiov1alpha1runnergroupspecforprovidernameselectorpolicy)
+ - [ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProvider](#actionsgithubupboundiov1alpha1runnergroupspecinitprovider)
+ - [ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameRef](#actionsgithubupboundiov1alpha1runnergroupspecinitprovidernameref)
+ - [ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameRefPolicy](#actionsgithubupboundiov1alpha1runnergroupspecinitprovidernamerefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameSelector](#actionsgithubupboundiov1alpha1runnergroupspecinitprovidernameselector)
+ - [ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameSelectorPolicy](#actionsgithubupboundiov1alpha1runnergroupspecinitprovidernameselectorpolicy)
+ - [ActionsGithubUpboundIoV1alpha1RunnerGroupSpecProviderConfigRef](#actionsgithubupboundiov1alpha1runnergroupspecproviderconfigref)
+ - [ActionsGithubUpboundIoV1alpha1RunnerGroupSpecProviderConfigRefPolicy](#actionsgithubupboundiov1alpha1runnergroupspecproviderconfigrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsTo](#actionsgithubupboundiov1alpha1runnergroupspecpublishconnectiondetailsto)
+ - [ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsToConfigRef](#actionsgithubupboundiov1alpha1runnergroupspecpublishconnectiondetailstoconfigref)
+ - [ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsToConfigRefPolicy](#actionsgithubupboundiov1alpha1runnergroupspecpublishconnectiondetailstoconfigrefpolicy)
+ - [ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsToMetadata](#actionsgithubupboundiov1alpha1runnergroupspecpublishconnectiondetailstometadata)
+ - [ActionsGithubUpboundIoV1alpha1RunnerGroupSpecWriteConnectionSecretToRef](#actionsgithubupboundiov1alpha1runnergroupspecwriteconnectionsecrettoref)
+ - [ActionsGithubUpboundIoV1alpha1RunnerGroupStatus](#actionsgithubupboundiov1alpha1runnergroupstatus)
+ - [ActionsGithubUpboundIoV1alpha1RunnerGroupStatusAtProvider](#actionsgithubupboundiov1alpha1runnergroupstatusatprovider)
+ - [ActionsGithubUpboundIoV1alpha1RunnerGroupStatusConditionsItems0](#actionsgithubupboundiov1alpha1runnergroupstatusconditionsitems0)
+ - [ActionsSecret](#actionssecret)
+ - [ActionsVariable](#actionsvariable)
+ - [Branch](#branch)
+ - [BranchProtection](#branchprotection)
+ - [BranchProtectionv3](#branchprotectionv3)
+ - [DefaultBranch](#defaultbranch)
+ - [DeployKey](#deploykey)
+ - [EmuGroupMapping](#emugroupmapping)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpec](#enterprisegithubupboundiov1alpha1organizationrulesetspec)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProvider](#enterprisegithubupboundiov1alpha1organizationrulesetspecforprovider)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderBypassActorsItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderbypassactorsitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderConditionsItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderconditionsitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderConditionsItems0RefNameItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderconditionsitems0refnameitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderConditionsItems0RepositoryNameItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderconditionsitems0repositorynameitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderrulesitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0BranchNamePatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderrulesitems0branchnamepatternitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0CommitAuthorEmailPatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderrulesitems0commitauthoremailpatternitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0CommitMessagePatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderrulesitems0commitmessagepatternitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0CommitterEmailPatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderrulesitems0committeremailpatternitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0PullRequestItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderrulesitems0pullrequestitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderrulesitems0requiredstatuschecksitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderrulesitems0requiredstatuschecksitems0requiredcheckitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredWorkflowsItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderrulesitems0requiredworkflowsitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredWorkflowsItems0RequiredWorkflowItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderrulesitems0requiredworkflowsitems0requiredworkflowitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0TagNamePatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderrulesitems0tagnamepatternitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProvider](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitprovider)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderBypassActorsItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderbypassactorsitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderConditionsItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderconditionsitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderConditionsItems0RefNameItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderconditionsitems0refnameitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderConditionsItems0RepositoryNameItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderconditionsitems0repositorynameitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderrulesitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0BranchNamePatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderrulesitems0branchnamepatternitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0CommitAuthorEmailPatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderrulesitems0commitauthoremailpatternitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0CommitMessagePatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderrulesitems0commitmessagepatternitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0CommitterEmailPatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderrulesitems0committeremailpatternitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0PullRequestItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderrulesitems0pullrequestitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderrulesitems0requiredstatuschecksitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderrulesitems0requiredstatuschecksitems0requiredcheckitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredWorkflowsItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderrulesitems0requiredworkflowsitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredWorkflowsItems0RequiredWorkflowItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderrulesitems0requiredworkflowsitems0requiredworkflowitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0TagNamePatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderrulesitems0tagnamepatternitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecProviderConfigRef](#enterprisegithubupboundiov1alpha1organizationrulesetspecproviderconfigref)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecProviderConfigRefPolicy](#enterprisegithubupboundiov1alpha1organizationrulesetspecproviderconfigrefpolicy)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsTo](#enterprisegithubupboundiov1alpha1organizationrulesetspecpublishconnectiondetailsto)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsToConfigRef](#enterprisegithubupboundiov1alpha1organizationrulesetspecpublishconnectiondetailstoconfigref)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsToConfigRefPolicy](#enterprisegithubupboundiov1alpha1organizationrulesetspecpublishconnectiondetailstoconfigrefpolicy)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsToMetadata](#enterprisegithubupboundiov1alpha1organizationrulesetspecpublishconnectiondetailstometadata)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecWriteConnectionSecretToRef](#enterprisegithubupboundiov1alpha1organizationrulesetspecwriteconnectionsecrettoref)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatus](#enterprisegithubupboundiov1alpha1organizationrulesetstatus)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProvider](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatprovider)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderBypassActorsItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderbypassactorsitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderConditionsItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderconditionsitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderConditionsItems0RefNameItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderconditionsitems0refnameitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderConditionsItems0RepositoryNameItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderconditionsitems0repositorynameitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderrulesitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0BranchNamePatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderrulesitems0branchnamepatternitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0CommitAuthorEmailPatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderrulesitems0commitauthoremailpatternitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0CommitMessagePatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderrulesitems0commitmessagepatternitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0CommitterEmailPatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderrulesitems0committeremailpatternitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0PullRequestItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderrulesitems0pullrequestitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderrulesitems0requiredstatuschecksitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderrulesitems0requiredstatuschecksitems0requiredcheckitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredWorkflowsItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderrulesitems0requiredworkflowsitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredWorkflowsItems0RequiredWorkflowItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderrulesitems0requiredworkflowsitems0requiredworkflowitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0TagNamePatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderrulesitems0tagnamepatternitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusConditionsItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusconditionsitems0)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationSpec](#enterprisegithubupboundiov1alpha1organizationspec)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationSpecForProvider](#enterprisegithubupboundiov1alpha1organizationspecforprovider)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationSpecInitProvider](#enterprisegithubupboundiov1alpha1organizationspecinitprovider)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationSpecProviderConfigRef](#enterprisegithubupboundiov1alpha1organizationspecproviderconfigref)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationSpecProviderConfigRefPolicy](#enterprisegithubupboundiov1alpha1organizationspecproviderconfigrefpolicy)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsTo](#enterprisegithubupboundiov1alpha1organizationspecpublishconnectiondetailsto)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsToConfigRef](#enterprisegithubupboundiov1alpha1organizationspecpublishconnectiondetailstoconfigref)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsToConfigRefPolicy](#enterprisegithubupboundiov1alpha1organizationspecpublishconnectiondetailstoconfigrefpolicy)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsToMetadata](#enterprisegithubupboundiov1alpha1organizationspecpublishconnectiondetailstometadata)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationSpecWriteConnectionSecretToRef](#enterprisegithubupboundiov1alpha1organizationspecwriteconnectionsecrettoref)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationStatus](#enterprisegithubupboundiov1alpha1organizationstatus)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationStatusAtProvider](#enterprisegithubupboundiov1alpha1organizationstatusatprovider)
+ - [EnterpriseGithubUpboundIoV1alpha1OrganizationStatusConditionsItems0](#enterprisegithubupboundiov1alpha1organizationstatusconditionsitems0)
+ - [Environment](#environment)
+ - [EnvironmentDeploymentPolicy](#environmentdeploymentpolicy)
+ - [EnvironmentSecret](#environmentsecret)
+ - [EnvironmentVariable](#environmentvariable)
+ - [GithubUpboundIoV1alpha1StoreConfigSpec](#githubupboundiov1alpha1storeconfigspec)
+ - [GithubUpboundIoV1alpha1StoreConfigSpecKubernetes](#githubupboundiov1alpha1storeconfigspeckubernetes)
+ - [GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuth](#githubupboundiov1alpha1storeconfigspeckubernetesauth)
+ - [GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuthEnv](#githubupboundiov1alpha1storeconfigspeckubernetesauthenv)
+ - [GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuthFs](#githubupboundiov1alpha1storeconfigspeckubernetesauthfs)
+ - [GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuthSecretRef](#githubupboundiov1alpha1storeconfigspeckubernetesauthsecretref)
+ - [GithubUpboundIoV1alpha1StoreConfigSpecPlugin](#githubupboundiov1alpha1storeconfigspecplugin)
+ - [GithubUpboundIoV1alpha1StoreConfigSpecPluginConfigRef](#githubupboundiov1alpha1storeconfigspecpluginconfigref)
+ - [GithubUpboundIoV1alpha1StoreConfigStatus](#githubupboundiov1alpha1storeconfigstatus)
+ - [GithubUpboundIoV1alpha1StoreConfigStatusConditionsItems0](#githubupboundiov1alpha1storeconfigstatusconditionsitems0)
+ - [IssueLabels](#issuelabels)
+ - [Members](#members)
+ - [Membership](#membership)
+ - [Organization](#organization)
+ - [OrganizationActionsSecret](#organizationactionssecret)
+ - [OrganizationActionsVariable](#organizationactionsvariable)
+ - [OrganizationPermissions](#organizationpermissions)
+ - [OrganizationRuleset](#organizationruleset)
+ - [PullRequest](#pullrequest)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpec](#repogithubupboundiov1alpha1branchprotectionspec)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProvider](#repogithubupboundiov1alpha1branchprotectionspecforprovider)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDRef](#repogithubupboundiov1alpha1branchprotectionspecforproviderrepositoryidref)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDRefPolicy](#repogithubupboundiov1alpha1branchprotectionspecforproviderrepositoryidrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDSelector](#repogithubupboundiov1alpha1branchprotectionspecforproviderrepositoryidselector)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDSelectorPolicy](#repogithubupboundiov1alpha1branchprotectionspecforproviderrepositoryidselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRequiredPullRequestReviewsItems0](#repogithubupboundiov1alpha1branchprotectionspecforproviderrequiredpullrequestreviewsitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRequiredStatusChecksItems0](#repogithubupboundiov1alpha1branchprotectionspecforproviderrequiredstatuschecksitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRestrictPushesItems0](#repogithubupboundiov1alpha1branchprotectionspecforproviderrestrictpushesitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProvider](#repogithubupboundiov1alpha1branchprotectionspecinitprovider)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDRef](#repogithubupboundiov1alpha1branchprotectionspecinitproviderrepositoryidref)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDRefPolicy](#repogithubupboundiov1alpha1branchprotectionspecinitproviderrepositoryidrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDSelector](#repogithubupboundiov1alpha1branchprotectionspecinitproviderrepositoryidselector)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDSelectorPolicy](#repogithubupboundiov1alpha1branchprotectionspecinitproviderrepositoryidselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRequiredPullRequestReviewsItems0](#repogithubupboundiov1alpha1branchprotectionspecinitproviderrequiredpullrequestreviewsitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRequiredStatusChecksItems0](#repogithubupboundiov1alpha1branchprotectionspecinitproviderrequiredstatuschecksitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRestrictPushesItems0](#repogithubupboundiov1alpha1branchprotectionspecinitproviderrestrictpushesitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecProviderConfigRef](#repogithubupboundiov1alpha1branchprotectionspecproviderconfigref)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1branchprotectionspecproviderconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1branchprotectionspecpublishconnectiondetailsto)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1branchprotectionspecpublishconnectiondetailstoconfigref)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1branchprotectionspecpublishconnectiondetailstoconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1branchprotectionspecpublishconnectiondetailstometadata)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1branchprotectionspecwriteconnectionsecrettoref)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionStatus](#repogithubupboundiov1alpha1branchprotectionstatus)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProvider](#repogithubupboundiov1alpha1branchprotectionstatusatprovider)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProviderRequiredPullRequestReviewsItems0](#repogithubupboundiov1alpha1branchprotectionstatusatproviderrequiredpullrequestreviewsitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProviderRequiredStatusChecksItems0](#repogithubupboundiov1alpha1branchprotectionstatusatproviderrequiredstatuschecksitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProviderRestrictPushesItems0](#repogithubupboundiov1alpha1branchprotectionstatusatproviderrestrictpushesitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionStatusConditionsItems0](#repogithubupboundiov1alpha1branchprotectionstatusconditionsitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3Spec](#repogithubupboundiov1alpha1branchprotectionv3spec)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProvider](#repogithubupboundiov1alpha1branchprotectionv3specforprovider)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositoryRef](#repogithubupboundiov1alpha1branchprotectionv3specforproviderrepositoryref)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1branchprotectionv3specforproviderrepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositorySelector](#repogithubupboundiov1alpha1branchprotectionv3specforproviderrepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1branchprotectionv3specforproviderrepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRequiredPullRequestReviewsItems0](#repogithubupboundiov1alpha1branchprotectionv3specforproviderrequiredpullrequestreviewsitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRequiredPullRequestReviewsItems0BypassPullRequestAllowancesItems0](#repogithubupboundiov1alpha1branchprotectionv3specforproviderrequiredpullrequestreviewsitems0bypasspullrequestallowancesitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRequiredStatusChecksItems0](#repogithubupboundiov1alpha1branchprotectionv3specforproviderrequiredstatuschecksitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRestrictionsItems0](#repogithubupboundiov1alpha1branchprotectionv3specforproviderrestrictionsitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProvider](#repogithubupboundiov1alpha1branchprotectionv3specinitprovider)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositoryRef](#repogithubupboundiov1alpha1branchprotectionv3specinitproviderrepositoryref)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1branchprotectionv3specinitproviderrepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositorySelector](#repogithubupboundiov1alpha1branchprotectionv3specinitproviderrepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1branchprotectionv3specinitproviderrepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRequiredPullRequestReviewsItems0](#repogithubupboundiov1alpha1branchprotectionv3specinitproviderrequiredpullrequestreviewsitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRequiredPullRequestReviewsItems0BypassPullRequestAllowancesItems0](#repogithubupboundiov1alpha1branchprotectionv3specinitproviderrequiredpullrequestreviewsitems0bypasspullrequestallowancesitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRequiredStatusChecksItems0](#repogithubupboundiov1alpha1branchprotectionv3specinitproviderrequiredstatuschecksitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRestrictionsItems0](#repogithubupboundiov1alpha1branchprotectionv3specinitproviderrestrictionsitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecProviderConfigRef](#repogithubupboundiov1alpha1branchprotectionv3specproviderconfigref)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1branchprotectionv3specproviderconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1branchprotectionv3specpublishconnectiondetailsto)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1branchprotectionv3specpublishconnectiondetailstoconfigref)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1branchprotectionv3specpublishconnectiondetailstoconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1branchprotectionv3specpublishconnectiondetailstometadata)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1branchprotectionv3specwriteconnectionsecrettoref)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3Status](#repogithubupboundiov1alpha1branchprotectionv3status)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProvider](#repogithubupboundiov1alpha1branchprotectionv3statusatprovider)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRequiredPullRequestReviewsItems0](#repogithubupboundiov1alpha1branchprotectionv3statusatproviderrequiredpullrequestreviewsitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRequiredPullRequestReviewsItems0BypassPullRequestAllowancesItems0](#repogithubupboundiov1alpha1branchprotectionv3statusatproviderrequiredpullrequestreviewsitems0bypasspullrequestallowancesitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRequiredStatusChecksItems0](#repogithubupboundiov1alpha1branchprotectionv3statusatproviderrequiredstatuschecksitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRestrictionsItems0](#repogithubupboundiov1alpha1branchprotectionv3statusatproviderrestrictionsitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusConditionsItems0](#repogithubupboundiov1alpha1branchprotectionv3statusconditionsitems0)
+ - [RepoGithubUpboundIoV1alpha1BranchSpec](#repogithubupboundiov1alpha1branchspec)
+ - [RepoGithubUpboundIoV1alpha1BranchSpecForProvider](#repogithubupboundiov1alpha1branchspecforprovider)
+ - [RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositoryRef](#repogithubupboundiov1alpha1branchspecforproviderrepositoryref)
+ - [RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1branchspecforproviderrepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositorySelector](#repogithubupboundiov1alpha1branchspecforproviderrepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1branchspecforproviderrepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1BranchSpecInitProvider](#repogithubupboundiov1alpha1branchspecinitprovider)
+ - [RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositoryRef](#repogithubupboundiov1alpha1branchspecinitproviderrepositoryref)
+ - [RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1branchspecinitproviderrepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositorySelector](#repogithubupboundiov1alpha1branchspecinitproviderrepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1branchspecinitproviderrepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1BranchSpecProviderConfigRef](#repogithubupboundiov1alpha1branchspecproviderconfigref)
+ - [RepoGithubUpboundIoV1alpha1BranchSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1branchspecproviderconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1branchspecpublishconnectiondetailsto)
+ - [RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1branchspecpublishconnectiondetailstoconfigref)
+ - [RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1branchspecpublishconnectiondetailstoconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1branchspecpublishconnectiondetailstometadata)
+ - [RepoGithubUpboundIoV1alpha1BranchSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1branchspecwriteconnectionsecrettoref)
+ - [RepoGithubUpboundIoV1alpha1BranchStatus](#repogithubupboundiov1alpha1branchstatus)
+ - [RepoGithubUpboundIoV1alpha1BranchStatusAtProvider](#repogithubupboundiov1alpha1branchstatusatprovider)
+ - [RepoGithubUpboundIoV1alpha1BranchStatusConditionsItems0](#repogithubupboundiov1alpha1branchstatusconditionsitems0)
+ - [RepoGithubUpboundIoV1alpha1DefaultBranchSpec](#repogithubupboundiov1alpha1defaultbranchspec)
+ - [RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProvider](#repogithubupboundiov1alpha1defaultbranchspecforprovider)
+ - [RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchRef](#repogithubupboundiov1alpha1defaultbranchspecforproviderbranchref)
+ - [RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchRefPolicy](#repogithubupboundiov1alpha1defaultbranchspecforproviderbranchrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchSelector](#repogithubupboundiov1alpha1defaultbranchspecforproviderbranchselector)
+ - [RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchSelectorPolicy](#repogithubupboundiov1alpha1defaultbranchspecforproviderbranchselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProvider](#repogithubupboundiov1alpha1defaultbranchspecinitprovider)
+ - [RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchRef](#repogithubupboundiov1alpha1defaultbranchspecinitproviderbranchref)
+ - [RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchRefPolicy](#repogithubupboundiov1alpha1defaultbranchspecinitproviderbranchrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchSelector](#repogithubupboundiov1alpha1defaultbranchspecinitproviderbranchselector)
+ - [RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchSelectorPolicy](#repogithubupboundiov1alpha1defaultbranchspecinitproviderbranchselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1DefaultBranchSpecProviderConfigRef](#repogithubupboundiov1alpha1defaultbranchspecproviderconfigref)
+ - [RepoGithubUpboundIoV1alpha1DefaultBranchSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1defaultbranchspecproviderconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1defaultbranchspecpublishconnectiondetailsto)
+ - [RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1defaultbranchspecpublishconnectiondetailstoconfigref)
+ - [RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1defaultbranchspecpublishconnectiondetailstoconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1defaultbranchspecpublishconnectiondetailstometadata)
+ - [RepoGithubUpboundIoV1alpha1DefaultBranchSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1defaultbranchspecwriteconnectionsecrettoref)
+ - [RepoGithubUpboundIoV1alpha1DefaultBranchStatus](#repogithubupboundiov1alpha1defaultbranchstatus)
+ - [RepoGithubUpboundIoV1alpha1DefaultBranchStatusAtProvider](#repogithubupboundiov1alpha1defaultbranchstatusatprovider)
+ - [RepoGithubUpboundIoV1alpha1DefaultBranchStatusConditionsItems0](#repogithubupboundiov1alpha1defaultbranchstatusconditionsitems0)
+ - [RepoGithubUpboundIoV1alpha1DeployKeySpec](#repogithubupboundiov1alpha1deploykeyspec)
+ - [RepoGithubUpboundIoV1alpha1DeployKeySpecForProvider](#repogithubupboundiov1alpha1deploykeyspecforprovider)
+ - [RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderKeySecretRef](#repogithubupboundiov1alpha1deploykeyspecforproviderkeysecretref)
+ - [RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositoryRef](#repogithubupboundiov1alpha1deploykeyspecforproviderrepositoryref)
+ - [RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1deploykeyspecforproviderrepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositorySelector](#repogithubupboundiov1alpha1deploykeyspecforproviderrepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1deploykeyspecforproviderrepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1DeployKeySpecInitProvider](#repogithubupboundiov1alpha1deploykeyspecinitprovider)
+ - [RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderKeySecretRef](#repogithubupboundiov1alpha1deploykeyspecinitproviderkeysecretref)
+ - [RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositoryRef](#repogithubupboundiov1alpha1deploykeyspecinitproviderrepositoryref)
+ - [RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1deploykeyspecinitproviderrepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositorySelector](#repogithubupboundiov1alpha1deploykeyspecinitproviderrepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1deploykeyspecinitproviderrepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1DeployKeySpecProviderConfigRef](#repogithubupboundiov1alpha1deploykeyspecproviderconfigref)
+ - [RepoGithubUpboundIoV1alpha1DeployKeySpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1deploykeyspecproviderconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1deploykeyspecpublishconnectiondetailsto)
+ - [RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1deploykeyspecpublishconnectiondetailstoconfigref)
+ - [RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1deploykeyspecpublishconnectiondetailstoconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1deploykeyspecpublishconnectiondetailstometadata)
+ - [RepoGithubUpboundIoV1alpha1DeployKeySpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1deploykeyspecwriteconnectionsecrettoref)
+ - [RepoGithubUpboundIoV1alpha1DeployKeyStatus](#repogithubupboundiov1alpha1deploykeystatus)
+ - [RepoGithubUpboundIoV1alpha1DeployKeyStatusAtProvider](#repogithubupboundiov1alpha1deploykeystatusatprovider)
+ - [RepoGithubUpboundIoV1alpha1DeployKeyStatusConditionsItems0](#repogithubupboundiov1alpha1deploykeystatusconditionsitems0)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpec](#repogithubupboundiov1alpha1environmentdeploymentpolicyspec)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProvider](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecforprovider)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentRef](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecforproviderenvironmentref)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentRefPolicy](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecforproviderenvironmentrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentSelector](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecforproviderenvironmentselector)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentSelectorPolicy](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecforproviderenvironmentselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositoryRef](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecforproviderrepositoryref)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecforproviderrepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositorySelector](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecforproviderrepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecforproviderrepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProvider](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecinitprovider)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentRef](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecinitproviderenvironmentref)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentRefPolicy](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecinitproviderenvironmentrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentSelector](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecinitproviderenvironmentselector)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentSelectorPolicy](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecinitproviderenvironmentselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositoryRef](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecinitproviderrepositoryref)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecinitproviderrepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositorySelector](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecinitproviderrepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecinitproviderrepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecProviderConfigRef](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecproviderconfigref)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecproviderconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecpublishconnectiondetailsto)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecpublishconnectiondetailstoconfigref)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecpublishconnectiondetailstoconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecpublishconnectiondetailstometadata)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecwriteconnectionsecrettoref)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicyStatus](#repogithubupboundiov1alpha1environmentdeploymentpolicystatus)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicyStatusAtProvider](#repogithubupboundiov1alpha1environmentdeploymentpolicystatusatprovider)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicyStatusConditionsItems0](#repogithubupboundiov1alpha1environmentdeploymentpolicystatusconditionsitems0)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentSpec](#repogithubupboundiov1alpha1environmentspec)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentSpecForProvider](#repogithubupboundiov1alpha1environmentspecforprovider)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderDeploymentBranchPolicyItems0](#repogithubupboundiov1alpha1environmentspecforproviderdeploymentbranchpolicyitems0)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositoryRef](#repogithubupboundiov1alpha1environmentspecforproviderrepositoryref)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1environmentspecforproviderrepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositorySelector](#repogithubupboundiov1alpha1environmentspecforproviderrepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1environmentspecforproviderrepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderReviewersItems0](#repogithubupboundiov1alpha1environmentspecforproviderreviewersitems0)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProvider](#repogithubupboundiov1alpha1environmentspecinitprovider)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderDeploymentBranchPolicyItems0](#repogithubupboundiov1alpha1environmentspecinitproviderdeploymentbranchpolicyitems0)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositoryRef](#repogithubupboundiov1alpha1environmentspecinitproviderrepositoryref)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1environmentspecinitproviderrepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositorySelector](#repogithubupboundiov1alpha1environmentspecinitproviderrepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1environmentspecinitproviderrepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderReviewersItems0](#repogithubupboundiov1alpha1environmentspecinitproviderreviewersitems0)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentSpecProviderConfigRef](#repogithubupboundiov1alpha1environmentspecproviderconfigref)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1environmentspecproviderconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1environmentspecpublishconnectiondetailsto)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1environmentspecpublishconnectiondetailstoconfigref)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1environmentspecpublishconnectiondetailstoconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1environmentspecpublishconnectiondetailstometadata)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1environmentspecwriteconnectionsecrettoref)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentStatus](#repogithubupboundiov1alpha1environmentstatus)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentStatusAtProvider](#repogithubupboundiov1alpha1environmentstatusatprovider)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentStatusAtProviderDeploymentBranchPolicyItems0](#repogithubupboundiov1alpha1environmentstatusatproviderdeploymentbranchpolicyitems0)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentStatusAtProviderReviewersItems0](#repogithubupboundiov1alpha1environmentstatusatproviderreviewersitems0)
+ - [RepoGithubUpboundIoV1alpha1EnvironmentStatusConditionsItems0](#repogithubupboundiov1alpha1environmentstatusconditionsitems0)
+ - [RepoGithubUpboundIoV1alpha1IssueLabelsSpec](#repogithubupboundiov1alpha1issuelabelsspec)
+ - [RepoGithubUpboundIoV1alpha1IssueLabelsSpecForProvider](#repogithubupboundiov1alpha1issuelabelsspecforprovider)
+ - [RepoGithubUpboundIoV1alpha1IssueLabelsSpecForProviderLabelItems0](#repogithubupboundiov1alpha1issuelabelsspecforproviderlabelitems0)
+ - [RepoGithubUpboundIoV1alpha1IssueLabelsSpecInitProvider](#repogithubupboundiov1alpha1issuelabelsspecinitprovider)
+ - [RepoGithubUpboundIoV1alpha1IssueLabelsSpecInitProviderLabelItems0](#repogithubupboundiov1alpha1issuelabelsspecinitproviderlabelitems0)
+ - [RepoGithubUpboundIoV1alpha1IssueLabelsSpecProviderConfigRef](#repogithubupboundiov1alpha1issuelabelsspecproviderconfigref)
+ - [RepoGithubUpboundIoV1alpha1IssueLabelsSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1issuelabelsspecproviderconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1issuelabelsspecpublishconnectiondetailsto)
+ - [RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1issuelabelsspecpublishconnectiondetailstoconfigref)
+ - [RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1issuelabelsspecpublishconnectiondetailstoconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1issuelabelsspecpublishconnectiondetailstometadata)
+ - [RepoGithubUpboundIoV1alpha1IssueLabelsSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1issuelabelsspecwriteconnectionsecrettoref)
+ - [RepoGithubUpboundIoV1alpha1IssueLabelsStatus](#repogithubupboundiov1alpha1issuelabelsstatus)
+ - [RepoGithubUpboundIoV1alpha1IssueLabelsStatusAtProvider](#repogithubupboundiov1alpha1issuelabelsstatusatprovider)
+ - [RepoGithubUpboundIoV1alpha1IssueLabelsStatusAtProviderLabelItems0](#repogithubupboundiov1alpha1issuelabelsstatusatproviderlabelitems0)
+ - [RepoGithubUpboundIoV1alpha1IssueLabelsStatusConditionsItems0](#repogithubupboundiov1alpha1issuelabelsstatusconditionsitems0)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpec](#repogithubupboundiov1alpha1pullrequestspec)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecForProvider](#repogithubupboundiov1alpha1pullrequestspecforprovider)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositoryRef](#repogithubupboundiov1alpha1pullrequestspecforproviderbaserepositoryref)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositoryRefPolicy](#repogithubupboundiov1alpha1pullrequestspecforproviderbaserepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositorySelector](#repogithubupboundiov1alpha1pullrequestspecforproviderbaserepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositorySelectorPolicy](#repogithubupboundiov1alpha1pullrequestspecforproviderbaserepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefRef](#repogithubupboundiov1alpha1pullrequestspecforproviderheadrefref)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefRefPolicy](#repogithubupboundiov1alpha1pullrequestspecforproviderheadrefrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefSelector](#repogithubupboundiov1alpha1pullrequestspecforproviderheadrefselector)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefSelectorPolicy](#repogithubupboundiov1alpha1pullrequestspecforproviderheadrefselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecInitProvider](#repogithubupboundiov1alpha1pullrequestspecinitprovider)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositoryRef](#repogithubupboundiov1alpha1pullrequestspecinitproviderbaserepositoryref)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositoryRefPolicy](#repogithubupboundiov1alpha1pullrequestspecinitproviderbaserepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositorySelector](#repogithubupboundiov1alpha1pullrequestspecinitproviderbaserepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositorySelectorPolicy](#repogithubupboundiov1alpha1pullrequestspecinitproviderbaserepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefRef](#repogithubupboundiov1alpha1pullrequestspecinitproviderheadrefref)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefRefPolicy](#repogithubupboundiov1alpha1pullrequestspecinitproviderheadrefrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefSelector](#repogithubupboundiov1alpha1pullrequestspecinitproviderheadrefselector)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefSelectorPolicy](#repogithubupboundiov1alpha1pullrequestspecinitproviderheadrefselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecProviderConfigRef](#repogithubupboundiov1alpha1pullrequestspecproviderconfigref)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1pullrequestspecproviderconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1pullrequestspecpublishconnectiondetailsto)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1pullrequestspecpublishconnectiondetailstoconfigref)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1pullrequestspecpublishconnectiondetailstoconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1pullrequestspecpublishconnectiondetailstometadata)
+ - [RepoGithubUpboundIoV1alpha1PullRequestSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1pullrequestspecwriteconnectionsecrettoref)
+ - [RepoGithubUpboundIoV1alpha1PullRequestStatus](#repogithubupboundiov1alpha1pullrequeststatus)
+ - [RepoGithubUpboundIoV1alpha1PullRequestStatusAtProvider](#repogithubupboundiov1alpha1pullrequeststatusatprovider)
+ - [RepoGithubUpboundIoV1alpha1PullRequestStatusConditionsItems0](#repogithubupboundiov1alpha1pullrequeststatusconditionsitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpec](#repogithubupboundiov1alpha1repositoryautolinkreferencespec)
+ - [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProvider](#repogithubupboundiov1alpha1repositoryautolinkreferencespecforprovider)
+ - [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositoryRef](#repogithubupboundiov1alpha1repositoryautolinkreferencespecforproviderrepositoryref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1repositoryautolinkreferencespecforproviderrepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositorySelector](#repogithubupboundiov1alpha1repositoryautolinkreferencespecforproviderrepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1repositoryautolinkreferencespecforproviderrepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProvider](#repogithubupboundiov1alpha1repositoryautolinkreferencespecinitprovider)
+ - [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositoryRef](#repogithubupboundiov1alpha1repositoryautolinkreferencespecinitproviderrepositoryref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1repositoryautolinkreferencespecinitproviderrepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositorySelector](#repogithubupboundiov1alpha1repositoryautolinkreferencespecinitproviderrepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1repositoryautolinkreferencespecinitproviderrepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecProviderConfigRef](#repogithubupboundiov1alpha1repositoryautolinkreferencespecproviderconfigref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1repositoryautolinkreferencespecproviderconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1repositoryautolinkreferencespecpublishconnectiondetailsto)
+ - [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1repositoryautolinkreferencespecpublishconnectiondetailstoconfigref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1repositoryautolinkreferencespecpublishconnectiondetailstoconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1repositoryautolinkreferencespecpublishconnectiondetailstometadata)
+ - [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1repositoryautolinkreferencespecwriteconnectionsecrettoref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceStatus](#repogithubupboundiov1alpha1repositoryautolinkreferencestatus)
+ - [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceStatusAtProvider](#repogithubupboundiov1alpha1repositoryautolinkreferencestatusatprovider)
+ - [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceStatusConditionsItems0](#repogithubupboundiov1alpha1repositoryautolinkreferencestatusconditionsitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpec](#repogithubupboundiov1alpha1repositorycollaboratorspec)
+ - [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProvider](#repogithubupboundiov1alpha1repositorycollaboratorspecforprovider)
+ - [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositoryRef](#repogithubupboundiov1alpha1repositorycollaboratorspecforproviderrepositoryref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1repositorycollaboratorspecforproviderrepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositorySelector](#repogithubupboundiov1alpha1repositorycollaboratorspecforproviderrepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1repositorycollaboratorspecforproviderrepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProvider](#repogithubupboundiov1alpha1repositorycollaboratorspecinitprovider)
+ - [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositoryRef](#repogithubupboundiov1alpha1repositorycollaboratorspecinitproviderrepositoryref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1repositorycollaboratorspecinitproviderrepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositorySelector](#repogithubupboundiov1alpha1repositorycollaboratorspecinitproviderrepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1repositorycollaboratorspecinitproviderrepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecProviderConfigRef](#repogithubupboundiov1alpha1repositorycollaboratorspecproviderconfigref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1repositorycollaboratorspecproviderconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1repositorycollaboratorspecpublishconnectiondetailsto)
+ - [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1repositorycollaboratorspecpublishconnectiondetailstoconfigref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1repositorycollaboratorspecpublishconnectiondetailstoconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1repositorycollaboratorspecpublishconnectiondetailstometadata)
+ - [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1repositorycollaboratorspecwriteconnectionsecrettoref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorStatus](#repogithubupboundiov1alpha1repositorycollaboratorstatus)
+ - [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorStatusAtProvider](#repogithubupboundiov1alpha1repositorycollaboratorstatusatprovider)
+ - [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorStatusConditionsItems0](#repogithubupboundiov1alpha1repositorycollaboratorstatusconditionsitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpec](#repogithubupboundiov1alpha1repositoryfilespec)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProvider](#repogithubupboundiov1alpha1repositoryfilespecforprovider)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchRef](#repogithubupboundiov1alpha1repositoryfilespecforproviderbranchref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchRefPolicy](#repogithubupboundiov1alpha1repositoryfilespecforproviderbranchrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchSelector](#repogithubupboundiov1alpha1repositoryfilespecforproviderbranchselector)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchSelectorPolicy](#repogithubupboundiov1alpha1repositoryfilespecforproviderbranchselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositoryRef](#repogithubupboundiov1alpha1repositoryfilespecforproviderrepositoryref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1repositoryfilespecforproviderrepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositorySelector](#repogithubupboundiov1alpha1repositoryfilespecforproviderrepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1repositoryfilespecforproviderrepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProvider](#repogithubupboundiov1alpha1repositoryfilespecinitprovider)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchRef](#repogithubupboundiov1alpha1repositoryfilespecinitproviderbranchref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchRefPolicy](#repogithubupboundiov1alpha1repositoryfilespecinitproviderbranchrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchSelector](#repogithubupboundiov1alpha1repositoryfilespecinitproviderbranchselector)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchSelectorPolicy](#repogithubupboundiov1alpha1repositoryfilespecinitproviderbranchselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositoryRef](#repogithubupboundiov1alpha1repositoryfilespecinitproviderrepositoryref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1repositoryfilespecinitproviderrepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositorySelector](#repogithubupboundiov1alpha1repositoryfilespecinitproviderrepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1repositoryfilespecinitproviderrepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecProviderConfigRef](#repogithubupboundiov1alpha1repositoryfilespecproviderconfigref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1repositoryfilespecproviderconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1repositoryfilespecpublishconnectiondetailsto)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1repositoryfilespecpublishconnectiondetailstoconfigref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1repositoryfilespecpublishconnectiondetailstoconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1repositoryfilespecpublishconnectiondetailstometadata)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1repositoryfilespecwriteconnectionsecrettoref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileStatus](#repogithubupboundiov1alpha1repositoryfilestatus)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileStatusAtProvider](#repogithubupboundiov1alpha1repositoryfilestatusatprovider)
+ - [RepoGithubUpboundIoV1alpha1RepositoryFileStatusConditionsItems0](#repogithubupboundiov1alpha1repositoryfilestatusconditionsitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpec](#repogithubupboundiov1alpha1repositoryrulesetspec)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProvider](#repogithubupboundiov1alpha1repositoryrulesetspecforprovider)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderBypassActorsItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderbypassactorsitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderConditionsItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderconditionsitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderConditionsItems0RefNameItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderconditionsitems0refnameitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositoryRef](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrepositoryref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositorySelector](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrulesitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0BranchNamePatternItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrulesitems0branchnamepatternitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0CommitAuthorEmailPatternItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrulesitems0commitauthoremailpatternitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0CommitMessagePatternItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrulesitems0commitmessagepatternitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0CommitterEmailPatternItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrulesitems0committeremailpatternitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0PullRequestItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrulesitems0pullrequestitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0RequiredDeploymentsItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrulesitems0requireddeploymentsitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrulesitems0requiredstatuschecksitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrulesitems0requiredstatuschecksitems0requiredcheckitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0TagNamePatternItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrulesitems0tagnamepatternitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProvider](#repogithubupboundiov1alpha1repositoryrulesetspecinitprovider)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderBypassActorsItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderbypassactorsitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderConditionsItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderconditionsitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderConditionsItems0RefNameItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderconditionsitems0refnameitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositoryRef](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrepositoryref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositorySelector](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrulesitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0BranchNamePatternItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrulesitems0branchnamepatternitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0CommitAuthorEmailPatternItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrulesitems0commitauthoremailpatternitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0CommitMessagePatternItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrulesitems0commitmessagepatternitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0CommitterEmailPatternItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrulesitems0committeremailpatternitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0PullRequestItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrulesitems0pullrequestitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0RequiredDeploymentsItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrulesitems0requireddeploymentsitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrulesitems0requiredstatuschecksitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrulesitems0requiredstatuschecksitems0requiredcheckitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0TagNamePatternItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrulesitems0tagnamepatternitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecProviderConfigRef](#repogithubupboundiov1alpha1repositoryrulesetspecproviderconfigref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1repositoryrulesetspecproviderconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1repositoryrulesetspecpublishconnectiondetailsto)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1repositoryrulesetspecpublishconnectiondetailstoconfigref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1repositoryrulesetspecpublishconnectiondetailstoconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1repositoryrulesetspecpublishconnectiondetailstometadata)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1repositoryrulesetspecwriteconnectionsecrettoref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatus](#repogithubupboundiov1alpha1repositoryrulesetstatus)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProvider](#repogithubupboundiov1alpha1repositoryrulesetstatusatprovider)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderBypassActorsItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderbypassactorsitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderConditionsItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderconditionsitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderConditionsItems0RefNameItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderconditionsitems0refnameitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderrulesitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0BranchNamePatternItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderrulesitems0branchnamepatternitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0CommitAuthorEmailPatternItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderrulesitems0commitauthoremailpatternitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0CommitMessagePatternItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderrulesitems0commitmessagepatternitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0CommitterEmailPatternItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderrulesitems0committeremailpatternitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0PullRequestItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderrulesitems0pullrequestitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0RequiredDeploymentsItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderrulesitems0requireddeploymentsitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderrulesitems0requiredstatuschecksitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderrulesitems0requiredstatuschecksitems0requiredcheckitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0TagNamePatternItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderrulesitems0tagnamepatternitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusConditionsItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusconditionsitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpec](#repogithubupboundiov1alpha1repositoryspec)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecForProvider](#repogithubupboundiov1alpha1repositoryspecforprovider)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecForProviderPagesItems0](#repogithubupboundiov1alpha1repositoryspecforproviderpagesitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecForProviderPagesItems0SourceItems0](#repogithubupboundiov1alpha1repositoryspecforproviderpagesitems0sourceitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0](#repogithubupboundiov1alpha1repositoryspecforprovidersecurityandanalysisitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0AdvancedSecurityItems0](#repogithubupboundiov1alpha1repositoryspecforprovidersecurityandanalysisitems0advancedsecurityitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0SecretScanningItems0](#repogithubupboundiov1alpha1repositoryspecforprovidersecurityandanalysisitems0secretscanningitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0SecretScanningPushProtectionItems0](#repogithubupboundiov1alpha1repositoryspecforprovidersecurityandanalysisitems0secretscanningpushprotectionitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecForProviderTemplateItems0](#repogithubupboundiov1alpha1repositoryspecforprovidertemplateitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecInitProvider](#repogithubupboundiov1alpha1repositoryspecinitprovider)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderPagesItems0](#repogithubupboundiov1alpha1repositoryspecinitproviderpagesitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderPagesItems0SourceItems0](#repogithubupboundiov1alpha1repositoryspecinitproviderpagesitems0sourceitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0](#repogithubupboundiov1alpha1repositoryspecinitprovidersecurityandanalysisitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0AdvancedSecurityItems0](#repogithubupboundiov1alpha1repositoryspecinitprovidersecurityandanalysisitems0advancedsecurityitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0SecretScanningItems0](#repogithubupboundiov1alpha1repositoryspecinitprovidersecurityandanalysisitems0secretscanningitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0SecretScanningPushProtectionItems0](#repogithubupboundiov1alpha1repositoryspecinitprovidersecurityandanalysisitems0secretscanningpushprotectionitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderTemplateItems0](#repogithubupboundiov1alpha1repositoryspecinitprovidertemplateitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecProviderConfigRef](#repogithubupboundiov1alpha1repositoryspecproviderconfigref)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1repositoryspecproviderconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1repositoryspecpublishconnectiondetailsto)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1repositoryspecpublishconnectiondetailstoconfigref)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1repositoryspecpublishconnectiondetailstoconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1repositoryspecpublishconnectiondetailstometadata)
+ - [RepoGithubUpboundIoV1alpha1RepositorySpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1repositoryspecwriteconnectionsecrettoref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryStatus](#repogithubupboundiov1alpha1repositorystatus)
+ - [RepoGithubUpboundIoV1alpha1RepositoryStatusAtProvider](#repogithubupboundiov1alpha1repositorystatusatprovider)
+ - [RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderPagesItems0](#repogithubupboundiov1alpha1repositorystatusatproviderpagesitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderPagesItems0SourceItems0](#repogithubupboundiov1alpha1repositorystatusatproviderpagesitems0sourceitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0](#repogithubupboundiov1alpha1repositorystatusatprovidersecurityandanalysisitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0AdvancedSecurityItems0](#repogithubupboundiov1alpha1repositorystatusatprovidersecurityandanalysisitems0advancedsecurityitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0SecretScanningItems0](#repogithubupboundiov1alpha1repositorystatusatprovidersecurityandanalysisitems0secretscanningitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0SecretScanningPushProtectionItems0](#repogithubupboundiov1alpha1repositorystatusatprovidersecurityandanalysisitems0secretscanningpushprotectionitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderTemplateItems0](#repogithubupboundiov1alpha1repositorystatusatprovidertemplateitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryStatusConditionsItems0](#repogithubupboundiov1alpha1repositorystatusconditionsitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpec](#repogithubupboundiov1alpha1repositorywebhookspec)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProvider](#repogithubupboundiov1alpha1repositorywebhookspecforprovider)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderConfigurationItems0](#repogithubupboundiov1alpha1repositorywebhookspecforproviderconfigurationitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderConfigurationItems0SecretSecretRef](#repogithubupboundiov1alpha1repositorywebhookspecforproviderconfigurationitems0secretsecretref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderConfigurationItems0URLSecretRef](#repogithubupboundiov1alpha1repositorywebhookspecforproviderconfigurationitems0urlsecretref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositoryRef](#repogithubupboundiov1alpha1repositorywebhookspecforproviderrepositoryref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1repositorywebhookspecforproviderrepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositorySelector](#repogithubupboundiov1alpha1repositorywebhookspecforproviderrepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1repositorywebhookspecforproviderrepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProvider](#repogithubupboundiov1alpha1repositorywebhookspecinitprovider)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderConfigurationItems0](#repogithubupboundiov1alpha1repositorywebhookspecinitproviderconfigurationitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderConfigurationItems0SecretSecretRef](#repogithubupboundiov1alpha1repositorywebhookspecinitproviderconfigurationitems0secretsecretref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderConfigurationItems0URLSecretRef](#repogithubupboundiov1alpha1repositorywebhookspecinitproviderconfigurationitems0urlsecretref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositoryRef](#repogithubupboundiov1alpha1repositorywebhookspecinitproviderrepositoryref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1repositorywebhookspecinitproviderrepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositorySelector](#repogithubupboundiov1alpha1repositorywebhookspecinitproviderrepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1repositorywebhookspecinitproviderrepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecProviderConfigRef](#repogithubupboundiov1alpha1repositorywebhookspecproviderconfigref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1repositorywebhookspecproviderconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1repositorywebhookspecpublishconnectiondetailsto)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1repositorywebhookspecpublishconnectiondetailstoconfigref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1repositorywebhookspecpublishconnectiondetailstoconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1repositorywebhookspecpublishconnectiondetailstometadata)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1repositorywebhookspecwriteconnectionsecrettoref)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookStatus](#repogithubupboundiov1alpha1repositorywebhookstatus)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookStatusAtProvider](#repogithubupboundiov1alpha1repositorywebhookstatusatprovider)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookStatusAtProviderConfigurationItems0](#repogithubupboundiov1alpha1repositorywebhookstatusatproviderconfigurationitems0)
+ - [RepoGithubUpboundIoV1alpha1RepositoryWebhookStatusConditionsItems0](#repogithubupboundiov1alpha1repositorywebhookstatusconditionsitems0)
+ - [RepoGithubUpboundIoV1alpha1TagProtectionSpec](#repogithubupboundiov1alpha1tagprotectionspec)
+ - [RepoGithubUpboundIoV1alpha1TagProtectionSpecForProvider](#repogithubupboundiov1alpha1tagprotectionspecforprovider)
+ - [RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositoryRef](#repogithubupboundiov1alpha1tagprotectionspecforproviderrepositoryref)
+ - [RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1tagprotectionspecforproviderrepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositorySelector](#repogithubupboundiov1alpha1tagprotectionspecforproviderrepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1tagprotectionspecforproviderrepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProvider](#repogithubupboundiov1alpha1tagprotectionspecinitprovider)
+ - [RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositoryRef](#repogithubupboundiov1alpha1tagprotectionspecinitproviderrepositoryref)
+ - [RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1tagprotectionspecinitproviderrepositoryrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositorySelector](#repogithubupboundiov1alpha1tagprotectionspecinitproviderrepositoryselector)
+ - [RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1tagprotectionspecinitproviderrepositoryselectorpolicy)
+ - [RepoGithubUpboundIoV1alpha1TagProtectionSpecProviderConfigRef](#repogithubupboundiov1alpha1tagprotectionspecproviderconfigref)
+ - [RepoGithubUpboundIoV1alpha1TagProtectionSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1tagprotectionspecproviderconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1tagprotectionspecpublishconnectiondetailsto)
+ - [RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1tagprotectionspecpublishconnectiondetailstoconfigref)
+ - [RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1tagprotectionspecpublishconnectiondetailstoconfigrefpolicy)
+ - [RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1tagprotectionspecpublishconnectiondetailstometadata)
+ - [RepoGithubUpboundIoV1alpha1TagProtectionSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1tagprotectionspecwriteconnectionsecrettoref)
+ - [RepoGithubUpboundIoV1alpha1TagProtectionStatus](#repogithubupboundiov1alpha1tagprotectionstatus)
+ - [RepoGithubUpboundIoV1alpha1TagProtectionStatusAtProvider](#repogithubupboundiov1alpha1tagprotectionstatusatprovider)
+ - [RepoGithubUpboundIoV1alpha1TagProtectionStatusConditionsItems0](#repogithubupboundiov1alpha1tagprotectionstatusconditionsitems0)
+ - [Repository](#repository)
+ - [RepositoryAccessLevel](#repositoryaccesslevel)
+ - [RepositoryAutolinkReference](#repositoryautolinkreference)
+ - [RepositoryCollaborator](#repositorycollaborator)
+ - [RepositoryFile](#repositoryfile)
+ - [RepositoryPermissions](#repositorypermissions)
+ - [RepositoryRuleset](#repositoryruleset)
+ - [RepositoryWebhook](#repositorywebhook)
+ - [RunnerGroup](#runnergroup)
+ - [StoreConfig](#storeconfig)
+ - [TagProtection](#tagprotection)
+ - [Team](#team)
+ - [TeamGithubUpboundIoV1alpha1EmuGroupMappingSpec](#teamgithubupboundiov1alpha1emugroupmappingspec)
+ - [TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProvider](#teamgithubupboundiov1alpha1emugroupmappingspecforprovider)
+ - [TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugRef](#teamgithubupboundiov1alpha1emugroupmappingspecforproviderteamslugref)
+ - [TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugRefPolicy](#teamgithubupboundiov1alpha1emugroupmappingspecforproviderteamslugrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugSelector](#teamgithubupboundiov1alpha1emugroupmappingspecforproviderteamslugselector)
+ - [TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugSelectorPolicy](#teamgithubupboundiov1alpha1emugroupmappingspecforproviderteamslugselectorpolicy)
+ - [TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProvider](#teamgithubupboundiov1alpha1emugroupmappingspecinitprovider)
+ - [TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugRef](#teamgithubupboundiov1alpha1emugroupmappingspecinitproviderteamslugref)
+ - [TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugRefPolicy](#teamgithubupboundiov1alpha1emugroupmappingspecinitproviderteamslugrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugSelector](#teamgithubupboundiov1alpha1emugroupmappingspecinitproviderteamslugselector)
+ - [TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugSelectorPolicy](#teamgithubupboundiov1alpha1emugroupmappingspecinitproviderteamslugselectorpolicy)
+ - [TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecProviderConfigRef](#teamgithubupboundiov1alpha1emugroupmappingspecproviderconfigref)
+ - [TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecProviderConfigRefPolicy](#teamgithubupboundiov1alpha1emugroupmappingspecproviderconfigrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsTo](#teamgithubupboundiov1alpha1emugroupmappingspecpublishconnectiondetailsto)
+ - [TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsToConfigRef](#teamgithubupboundiov1alpha1emugroupmappingspecpublishconnectiondetailstoconfigref)
+ - [TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsToConfigRefPolicy](#teamgithubupboundiov1alpha1emugroupmappingspecpublishconnectiondetailstoconfigrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsToMetadata](#teamgithubupboundiov1alpha1emugroupmappingspecpublishconnectiondetailstometadata)
+ - [TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecWriteConnectionSecretToRef](#teamgithubupboundiov1alpha1emugroupmappingspecwriteconnectionsecrettoref)
+ - [TeamGithubUpboundIoV1alpha1EmuGroupMappingStatus](#teamgithubupboundiov1alpha1emugroupmappingstatus)
+ - [TeamGithubUpboundIoV1alpha1EmuGroupMappingStatusAtProvider](#teamgithubupboundiov1alpha1emugroupmappingstatusatprovider)
+ - [TeamGithubUpboundIoV1alpha1EmuGroupMappingStatusConditionsItems0](#teamgithubupboundiov1alpha1emugroupmappingstatusconditionsitems0)
+ - [TeamGithubUpboundIoV1alpha1MembersSpec](#teamgithubupboundiov1alpha1membersspec)
+ - [TeamGithubUpboundIoV1alpha1MembersSpecForProvider](#teamgithubupboundiov1alpha1membersspecforprovider)
+ - [TeamGithubUpboundIoV1alpha1MembersSpecForProviderMembersItems0](#teamgithubupboundiov1alpha1membersspecforprovidermembersitems0)
+ - [TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDRef](#teamgithubupboundiov1alpha1membersspecforproviderteamidref)
+ - [TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDRefPolicy](#teamgithubupboundiov1alpha1membersspecforproviderteamidrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDSelector](#teamgithubupboundiov1alpha1membersspecforproviderteamidselector)
+ - [TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDSelectorPolicy](#teamgithubupboundiov1alpha1membersspecforproviderteamidselectorpolicy)
+ - [TeamGithubUpboundIoV1alpha1MembersSpecInitProvider](#teamgithubupboundiov1alpha1membersspecinitprovider)
+ - [TeamGithubUpboundIoV1alpha1MembersSpecInitProviderMembersItems0](#teamgithubupboundiov1alpha1membersspecinitprovidermembersitems0)
+ - [TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDRef](#teamgithubupboundiov1alpha1membersspecinitproviderteamidref)
+ - [TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDRefPolicy](#teamgithubupboundiov1alpha1membersspecinitproviderteamidrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDSelector](#teamgithubupboundiov1alpha1membersspecinitproviderteamidselector)
+ - [TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDSelectorPolicy](#teamgithubupboundiov1alpha1membersspecinitproviderteamidselectorpolicy)
+ - [TeamGithubUpboundIoV1alpha1MembersSpecProviderConfigRef](#teamgithubupboundiov1alpha1membersspecproviderconfigref)
+ - [TeamGithubUpboundIoV1alpha1MembersSpecProviderConfigRefPolicy](#teamgithubupboundiov1alpha1membersspecproviderconfigrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsTo](#teamgithubupboundiov1alpha1membersspecpublishconnectiondetailsto)
+ - [TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsToConfigRef](#teamgithubupboundiov1alpha1membersspecpublishconnectiondetailstoconfigref)
+ - [TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsToConfigRefPolicy](#teamgithubupboundiov1alpha1membersspecpublishconnectiondetailstoconfigrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsToMetadata](#teamgithubupboundiov1alpha1membersspecpublishconnectiondetailstometadata)
+ - [TeamGithubUpboundIoV1alpha1MembersSpecWriteConnectionSecretToRef](#teamgithubupboundiov1alpha1membersspecwriteconnectionsecrettoref)
+ - [TeamGithubUpboundIoV1alpha1MembersStatus](#teamgithubupboundiov1alpha1membersstatus)
+ - [TeamGithubUpboundIoV1alpha1MembersStatusAtProvider](#teamgithubupboundiov1alpha1membersstatusatprovider)
+ - [TeamGithubUpboundIoV1alpha1MembersStatusAtProviderMembersItems0](#teamgithubupboundiov1alpha1membersstatusatprovidermembersitems0)
+ - [TeamGithubUpboundIoV1alpha1MembersStatusConditionsItems0](#teamgithubupboundiov1alpha1membersstatusconditionsitems0)
+ - [TeamGithubUpboundIoV1alpha1TeamMembershipSpec](#teamgithubupboundiov1alpha1teammembershipspec)
+ - [TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProvider](#teamgithubupboundiov1alpha1teammembershipspecforprovider)
+ - [TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDRef](#teamgithubupboundiov1alpha1teammembershipspecforproviderteamidref)
+ - [TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDRefPolicy](#teamgithubupboundiov1alpha1teammembershipspecforproviderteamidrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDSelector](#teamgithubupboundiov1alpha1teammembershipspecforproviderteamidselector)
+ - [TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDSelectorPolicy](#teamgithubupboundiov1alpha1teammembershipspecforproviderteamidselectorpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProvider](#teamgithubupboundiov1alpha1teammembershipspecinitprovider)
+ - [TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDRef](#teamgithubupboundiov1alpha1teammembershipspecinitproviderteamidref)
+ - [TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDRefPolicy](#teamgithubupboundiov1alpha1teammembershipspecinitproviderteamidrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDSelector](#teamgithubupboundiov1alpha1teammembershipspecinitproviderteamidselector)
+ - [TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDSelectorPolicy](#teamgithubupboundiov1alpha1teammembershipspecinitproviderteamidselectorpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamMembershipSpecProviderConfigRef](#teamgithubupboundiov1alpha1teammembershipspecproviderconfigref)
+ - [TeamGithubUpboundIoV1alpha1TeamMembershipSpecProviderConfigRefPolicy](#teamgithubupboundiov1alpha1teammembershipspecproviderconfigrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsTo](#teamgithubupboundiov1alpha1teammembershipspecpublishconnectiondetailsto)
+ - [TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsToConfigRef](#teamgithubupboundiov1alpha1teammembershipspecpublishconnectiondetailstoconfigref)
+ - [TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsToConfigRefPolicy](#teamgithubupboundiov1alpha1teammembershipspecpublishconnectiondetailstoconfigrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsToMetadata](#teamgithubupboundiov1alpha1teammembershipspecpublishconnectiondetailstometadata)
+ - [TeamGithubUpboundIoV1alpha1TeamMembershipSpecWriteConnectionSecretToRef](#teamgithubupboundiov1alpha1teammembershipspecwriteconnectionsecrettoref)
+ - [TeamGithubUpboundIoV1alpha1TeamMembershipStatus](#teamgithubupboundiov1alpha1teammembershipstatus)
+ - [TeamGithubUpboundIoV1alpha1TeamMembershipStatusAtProvider](#teamgithubupboundiov1alpha1teammembershipstatusatprovider)
+ - [TeamGithubUpboundIoV1alpha1TeamMembershipStatusConditionsItems0](#teamgithubupboundiov1alpha1teammembershipstatusconditionsitems0)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpec](#teamgithubupboundiov1alpha1teamrepositoryspec)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProvider](#teamgithubupboundiov1alpha1teamrepositoryspecforprovider)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositoryRef](#teamgithubupboundiov1alpha1teamrepositoryspecforproviderrepositoryref)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositoryRefPolicy](#teamgithubupboundiov1alpha1teamrepositoryspecforproviderrepositoryrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositorySelector](#teamgithubupboundiov1alpha1teamrepositoryspecforproviderrepositoryselector)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositorySelectorPolicy](#teamgithubupboundiov1alpha1teamrepositoryspecforproviderrepositoryselectorpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDRef](#teamgithubupboundiov1alpha1teamrepositoryspecforproviderteamidref)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDRefPolicy](#teamgithubupboundiov1alpha1teamrepositoryspecforproviderteamidrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDSelector](#teamgithubupboundiov1alpha1teamrepositoryspecforproviderteamidselector)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDSelectorPolicy](#teamgithubupboundiov1alpha1teamrepositoryspecforproviderteamidselectorpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProvider](#teamgithubupboundiov1alpha1teamrepositoryspecinitprovider)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositoryRef](#teamgithubupboundiov1alpha1teamrepositoryspecinitproviderrepositoryref)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositoryRefPolicy](#teamgithubupboundiov1alpha1teamrepositoryspecinitproviderrepositoryrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositorySelector](#teamgithubupboundiov1alpha1teamrepositoryspecinitproviderrepositoryselector)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositorySelectorPolicy](#teamgithubupboundiov1alpha1teamrepositoryspecinitproviderrepositoryselectorpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDRef](#teamgithubupboundiov1alpha1teamrepositoryspecinitproviderteamidref)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDRefPolicy](#teamgithubupboundiov1alpha1teamrepositoryspecinitproviderteamidrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDSelector](#teamgithubupboundiov1alpha1teamrepositoryspecinitproviderteamidselector)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDSelectorPolicy](#teamgithubupboundiov1alpha1teamrepositoryspecinitproviderteamidselectorpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecProviderConfigRef](#teamgithubupboundiov1alpha1teamrepositoryspecproviderconfigref)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecProviderConfigRefPolicy](#teamgithubupboundiov1alpha1teamrepositoryspecproviderconfigrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsTo](#teamgithubupboundiov1alpha1teamrepositoryspecpublishconnectiondetailsto)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsToConfigRef](#teamgithubupboundiov1alpha1teamrepositoryspecpublishconnectiondetailstoconfigref)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsToConfigRefPolicy](#teamgithubupboundiov1alpha1teamrepositoryspecpublishconnectiondetailstoconfigrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsToMetadata](#teamgithubupboundiov1alpha1teamrepositoryspecpublishconnectiondetailstometadata)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositorySpecWriteConnectionSecretToRef](#teamgithubupboundiov1alpha1teamrepositoryspecwriteconnectionsecrettoref)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositoryStatus](#teamgithubupboundiov1alpha1teamrepositorystatus)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositoryStatusAtProvider](#teamgithubupboundiov1alpha1teamrepositorystatusatprovider)
+ - [TeamGithubUpboundIoV1alpha1TeamRepositoryStatusConditionsItems0](#teamgithubupboundiov1alpha1teamrepositorystatusconditionsitems0)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsSpec](#teamgithubupboundiov1alpha1teamsettingsspec)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProvider](#teamgithubupboundiov1alpha1teamsettingsspecforprovider)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderReviewRequestDelegationItems0](#teamgithubupboundiov1alpha1teamsettingsspecforproviderreviewrequestdelegationitems0)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDRef](#teamgithubupboundiov1alpha1teamsettingsspecforproviderteamidref)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDRefPolicy](#teamgithubupboundiov1alpha1teamsettingsspecforproviderteamidrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDSelector](#teamgithubupboundiov1alpha1teamsettingsspecforproviderteamidselector)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDSelectorPolicy](#teamgithubupboundiov1alpha1teamsettingsspecforproviderteamidselectorpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProvider](#teamgithubupboundiov1alpha1teamsettingsspecinitprovider)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderReviewRequestDelegationItems0](#teamgithubupboundiov1alpha1teamsettingsspecinitproviderreviewrequestdelegationitems0)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDRef](#teamgithubupboundiov1alpha1teamsettingsspecinitproviderteamidref)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDRefPolicy](#teamgithubupboundiov1alpha1teamsettingsspecinitproviderteamidrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDSelector](#teamgithubupboundiov1alpha1teamsettingsspecinitproviderteamidselector)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDSelectorPolicy](#teamgithubupboundiov1alpha1teamsettingsspecinitproviderteamidselectorpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsSpecProviderConfigRef](#teamgithubupboundiov1alpha1teamsettingsspecproviderconfigref)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsSpecProviderConfigRefPolicy](#teamgithubupboundiov1alpha1teamsettingsspecproviderconfigrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsTo](#teamgithubupboundiov1alpha1teamsettingsspecpublishconnectiondetailsto)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsToConfigRef](#teamgithubupboundiov1alpha1teamsettingsspecpublishconnectiondetailstoconfigref)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsToConfigRefPolicy](#teamgithubupboundiov1alpha1teamsettingsspecpublishconnectiondetailstoconfigrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsToMetadata](#teamgithubupboundiov1alpha1teamsettingsspecpublishconnectiondetailstometadata)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsSpecWriteConnectionSecretToRef](#teamgithubupboundiov1alpha1teamsettingsspecwriteconnectionsecrettoref)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsStatus](#teamgithubupboundiov1alpha1teamsettingsstatus)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsStatusAtProvider](#teamgithubupboundiov1alpha1teamsettingsstatusatprovider)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsStatusAtProviderReviewRequestDelegationItems0](#teamgithubupboundiov1alpha1teamsettingsstatusatproviderreviewrequestdelegationitems0)
+ - [TeamGithubUpboundIoV1alpha1TeamSettingsStatusConditionsItems0](#teamgithubupboundiov1alpha1teamsettingsstatusconditionsitems0)
+ - [TeamGithubUpboundIoV1alpha1TeamSpec](#teamgithubupboundiov1alpha1teamspec)
+ - [TeamGithubUpboundIoV1alpha1TeamSpecForProvider](#teamgithubupboundiov1alpha1teamspecforprovider)
+ - [TeamGithubUpboundIoV1alpha1TeamSpecInitProvider](#teamgithubupboundiov1alpha1teamspecinitprovider)
+ - [TeamGithubUpboundIoV1alpha1TeamSpecProviderConfigRef](#teamgithubupboundiov1alpha1teamspecproviderconfigref)
+ - [TeamGithubUpboundIoV1alpha1TeamSpecProviderConfigRefPolicy](#teamgithubupboundiov1alpha1teamspecproviderconfigrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsTo](#teamgithubupboundiov1alpha1teamspecpublishconnectiondetailsto)
+ - [TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsToConfigRef](#teamgithubupboundiov1alpha1teamspecpublishconnectiondetailstoconfigref)
+ - [TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsToConfigRefPolicy](#teamgithubupboundiov1alpha1teamspecpublishconnectiondetailstoconfigrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsToMetadata](#teamgithubupboundiov1alpha1teamspecpublishconnectiondetailstometadata)
+ - [TeamGithubUpboundIoV1alpha1TeamSpecWriteConnectionSecretToRef](#teamgithubupboundiov1alpha1teamspecwriteconnectionsecrettoref)
+ - [TeamGithubUpboundIoV1alpha1TeamStatus](#teamgithubupboundiov1alpha1teamstatus)
+ - [TeamGithubUpboundIoV1alpha1TeamStatusAtProvider](#teamgithubupboundiov1alpha1teamstatusatprovider)
+ - [TeamGithubUpboundIoV1alpha1TeamStatusConditionsItems0](#teamgithubupboundiov1alpha1teamstatusconditionsitems0)
+ - [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpec](#teamgithubupboundiov1alpha1teamsyncgroupmappingspec)
+ - [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecForProvider](#teamgithubupboundiov1alpha1teamsyncgroupmappingspecforprovider)
+ - [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecForProviderGroupItems0](#teamgithubupboundiov1alpha1teamsyncgroupmappingspecforprovidergroupitems0)
+ - [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecInitProvider](#teamgithubupboundiov1alpha1teamsyncgroupmappingspecinitprovider)
+ - [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecInitProviderGroupItems0](#teamgithubupboundiov1alpha1teamsyncgroupmappingspecinitprovidergroupitems0)
+ - [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecProviderConfigRef](#teamgithubupboundiov1alpha1teamsyncgroupmappingspecproviderconfigref)
+ - [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecProviderConfigRefPolicy](#teamgithubupboundiov1alpha1teamsyncgroupmappingspecproviderconfigrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsTo](#teamgithubupboundiov1alpha1teamsyncgroupmappingspecpublishconnectiondetailsto)
+ - [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsToConfigRef](#teamgithubupboundiov1alpha1teamsyncgroupmappingspecpublishconnectiondetailstoconfigref)
+ - [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsToConfigRefPolicy](#teamgithubupboundiov1alpha1teamsyncgroupmappingspecpublishconnectiondetailstoconfigrefpolicy)
+ - [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsToMetadata](#teamgithubupboundiov1alpha1teamsyncgroupmappingspecpublishconnectiondetailstometadata)
+ - [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecWriteConnectionSecretToRef](#teamgithubupboundiov1alpha1teamsyncgroupmappingspecwriteconnectionsecrettoref)
+ - [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatus](#teamgithubupboundiov1alpha1teamsyncgroupmappingstatus)
+ - [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatusAtProvider](#teamgithubupboundiov1alpha1teamsyncgroupmappingstatusatprovider)
+ - [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatusAtProviderGroupItems0](#teamgithubupboundiov1alpha1teamsyncgroupmappingstatusatprovidergroupitems0)
+ - [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatusConditionsItems0](#teamgithubupboundiov1alpha1teamsyncgroupmappingstatusconditionsitems0)
+ - [TeamMembership](#teammembership)
+ - [TeamRepository](#teamrepository)
+ - [TeamSettings](#teamsettings)
+ - [TeamSyncGroupMapping](#teamsyncgroupmapping)
+ - [UserGithubUpboundIoV1alpha1MembershipSpec](#usergithubupboundiov1alpha1membershipspec)
+ - [UserGithubUpboundIoV1alpha1MembershipSpecForProvider](#usergithubupboundiov1alpha1membershipspecforprovider)
+ - [UserGithubUpboundIoV1alpha1MembershipSpecInitProvider](#usergithubupboundiov1alpha1membershipspecinitprovider)
+ - [UserGithubUpboundIoV1alpha1MembershipSpecProviderConfigRef](#usergithubupboundiov1alpha1membershipspecproviderconfigref)
+ - [UserGithubUpboundIoV1alpha1MembershipSpecProviderConfigRefPolicy](#usergithubupboundiov1alpha1membershipspecproviderconfigrefpolicy)
+ - [UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsTo](#usergithubupboundiov1alpha1membershipspecpublishconnectiondetailsto)
+ - [UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsToConfigRef](#usergithubupboundiov1alpha1membershipspecpublishconnectiondetailstoconfigref)
+ - [UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsToConfigRefPolicy](#usergithubupboundiov1alpha1membershipspecpublishconnectiondetailstoconfigrefpolicy)
+ - [UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsToMetadata](#usergithubupboundiov1alpha1membershipspecpublishconnectiondetailstometadata)
+ - [UserGithubUpboundIoV1alpha1MembershipSpecWriteConnectionSecretToRef](#usergithubupboundiov1alpha1membershipspecwriteconnectionsecrettoref)
+ - [UserGithubUpboundIoV1alpha1MembershipStatus](#usergithubupboundiov1alpha1membershipstatus)
+ - [UserGithubUpboundIoV1alpha1MembershipStatusAtProvider](#usergithubupboundiov1alpha1membershipstatusatprovider)
+ - [UserGithubUpboundIoV1alpha1MembershipStatusConditionsItems0](#usergithubupboundiov1alpha1membershipstatusconditionsitems0)
+- v1beta1
+ - [GithubUpboundIoV1beta1ProviderConfigSpec](#githubupboundiov1beta1providerconfigspec)
+ - [GithubUpboundIoV1beta1ProviderConfigSpecCredentials](#githubupboundiov1beta1providerconfigspeccredentials)
+ - [GithubUpboundIoV1beta1ProviderConfigSpecCredentialsEnv](#githubupboundiov1beta1providerconfigspeccredentialsenv)
+ - [GithubUpboundIoV1beta1ProviderConfigSpecCredentialsFs](#githubupboundiov1beta1providerconfigspeccredentialsfs)
+ - [GithubUpboundIoV1beta1ProviderConfigSpecCredentialsSecretRef](#githubupboundiov1beta1providerconfigspeccredentialssecretref)
+ - [GithubUpboundIoV1beta1ProviderConfigStatus](#githubupboundiov1beta1providerconfigstatus)
+ - [GithubUpboundIoV1beta1ProviderConfigStatusConditionsItems0](#githubupboundiov1beta1providerconfigstatusconditionsitems0)
+ - [GithubUpboundIoV1beta1ProviderConfigUsageProviderConfigRef](#githubupboundiov1beta1providerconfigusageproviderconfigref)
+ - [GithubUpboundIoV1beta1ProviderConfigUsageProviderConfigRefPolicy](#githubupboundiov1beta1providerconfigusageproviderconfigrefpolicy)
+ - [GithubUpboundIoV1beta1ProviderConfigUsageResourceRef](#githubupboundiov1beta1providerconfigusageresourceref)
+ - [ProviderConfig](#providerconfig)
+ - [ProviderConfigUsage](#providerconfigusage)
+
+## Schemas
+
+### ActionsGithubUpboundIoV1alpha1ActionsSecretSpec
+
+ActionsSecretSpec defines the desired state of ActionsSecret
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProvider](#actionsgithubupboundiov1alpha1actionssecretspecforprovider)|for provider||
+|**initProvider**|[ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProvider](#actionsgithubupboundiov1alpha1actionssecretspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[ActionsGithubUpboundIoV1alpha1ActionsSecretSpecProviderConfigRef](#actionsgithubupboundiov1alpha1actionssecretspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsTo](#actionsgithubupboundiov1alpha1actionssecretspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[ActionsGithubUpboundIoV1alpha1ActionsSecretSpecWriteConnectionSecretToRef](#actionsgithubupboundiov1alpha1actionssecretspecwriteconnectionsecrettoref)|write connection secret to ref||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProvider
+
+actions github upbound io v1alpha1 actions secret spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**encryptedValueSecretRef**|[ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderEncryptedValueSecretRef](#actionsgithubupboundiov1alpha1actionssecretspecforproviderencryptedvaluesecretref)|encrypted value secret ref||
+|**plaintextValueSecretRef**|[ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderPlaintextValueSecretRef](#actionsgithubupboundiov1alpha1actionssecretspecforproviderplaintextvaluesecretref)|plaintext value secret ref||
+|**repository**|str|Name of the repository
Name of the repository.||
+|**repositoryRef**|[ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositoryRef](#actionsgithubupboundiov1alpha1actionssecretspecforproviderrepositoryref)|repository ref||
+|**repositorySelector**|[ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositorySelector](#actionsgithubupboundiov1alpha1actionssecretspecforproviderrepositoryselector)|repository selector||
+|**secretName**|str|Name of the secret
Name of the secret.||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderEncryptedValueSecretRef
+
+Encrypted value of the secret using the GitHub public key in Base64 format. Encrypted value of the secret using the GitHub public key in Base64 format.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key to select.||
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderPlaintextValueSecretRef
+
+Plaintext value of the secret to be encrypted Plaintext value of the secret to be encrypted.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key to select.||
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1actionssecretspecforproviderrepositoryrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1actionssecretspecforproviderrepositoryselectorpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**encryptedValueSecretRef**|[ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderEncryptedValueSecretRef](#actionsgithubupboundiov1alpha1actionssecretspecinitproviderencryptedvaluesecretref)|encrypted value secret ref||
+|**plaintextValueSecretRef**|[ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderPlaintextValueSecretRef](#actionsgithubupboundiov1alpha1actionssecretspecinitproviderplaintextvaluesecretref)|plaintext value secret ref||
+|**repository**|str|Name of the repository
Name of the repository.||
+|**repositoryRef**|[ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositoryRef](#actionsgithubupboundiov1alpha1actionssecretspecinitproviderrepositoryref)|repository ref||
+|**repositorySelector**|[ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositorySelector](#actionsgithubupboundiov1alpha1actionssecretspecinitproviderrepositoryselector)|repository selector||
+|**secretName**|str|Name of the secret
Name of the secret.||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderEncryptedValueSecretRef
+
+Encrypted value of the secret using the GitHub public key in Base64 format. Encrypted value of the secret using the GitHub public key in Base64 format.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key to select.||
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderPlaintextValueSecretRef
+
+Plaintext value of the secret to be encrypted Plaintext value of the secret to be encrypted.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key to select.||
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1actionssecretspecinitproviderrepositoryrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1actionssecretspecinitproviderrepositoryselectorpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1ActionsSecretSpecProviderConfigRefPolicy](#actionsgithubupboundiov1alpha1actionssecretspecproviderconfigrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsToConfigRef](#actionsgithubupboundiov1alpha1actionssecretspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsToMetadata](#actionsgithubupboundiov1alpha1actionssecretspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsToConfigRefPolicy](#actionsgithubupboundiov1alpha1actionssecretspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretStatus
+
+ActionsSecretStatus defines the observed state of ActionsSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[ActionsGithubUpboundIoV1alpha1ActionsSecretStatusAtProvider](#actionsgithubupboundiov1alpha1actionssecretstatusatprovider)|at provider||
+|**conditions**|[[ActionsGithubUpboundIoV1alpha1ActionsSecretStatusConditionsItems0](#actionsgithubupboundiov1alpha1actionssecretstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretStatusAtProvider
+
+actions github upbound io v1alpha1 actions secret status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**createdAt**|str|Date of actions_secret creation.
Date of 'actions_secret' creation.||
+|**id**|str|id||
+|**repository**|str|Name of the repository
Name of the repository.||
+|**secretName**|str|Name of the secret
Name of the secret.||
+|**updatedAt**|str|Date of actions_secret update.
Date of 'actions_secret' update.||
+### ActionsGithubUpboundIoV1alpha1ActionsSecretStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### ActionsGithubUpboundIoV1alpha1ActionsVariableSpec
+
+ActionsVariableSpec defines the desired state of ActionsVariable
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProvider](#actionsgithubupboundiov1alpha1actionsvariablespecforprovider)|for provider||
+|**initProvider**|[ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProvider](#actionsgithubupboundiov1alpha1actionsvariablespecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[ActionsGithubUpboundIoV1alpha1ActionsVariableSpecProviderConfigRef](#actionsgithubupboundiov1alpha1actionsvariablespecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsTo](#actionsgithubupboundiov1alpha1actionsvariablespecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[ActionsGithubUpboundIoV1alpha1ActionsVariableSpecWriteConnectionSecretToRef](#actionsgithubupboundiov1alpha1actionsvariablespecwriteconnectionsecrettoref)|write connection secret to ref||
+### ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProvider
+
+actions github upbound io v1alpha1 actions variable spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**repository**|str|Name of the repository
Name of the repository.||
+|**repositoryRef**|[ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositoryRef](#actionsgithubupboundiov1alpha1actionsvariablespecforproviderrepositoryref)|repository ref||
+|**repositorySelector**|[ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositorySelector](#actionsgithubupboundiov1alpha1actionsvariablespecforproviderrepositoryselector)|repository selector||
+|**value**|str|Value of the variable
Value of the variable.||
+|**variableName**|str|Name of the variable
Name of the variable.||
+### ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1actionsvariablespecforproviderrepositoryrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1actionsvariablespecforproviderrepositoryselectorpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**repository**|str|Name of the repository
Name of the repository.||
+|**repositoryRef**|[ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositoryRef](#actionsgithubupboundiov1alpha1actionsvariablespecinitproviderrepositoryref)|repository ref||
+|**repositorySelector**|[ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositorySelector](#actionsgithubupboundiov1alpha1actionsvariablespecinitproviderrepositoryselector)|repository selector||
+|**value**|str|Value of the variable
Value of the variable.||
+|**variableName**|str|Name of the variable
Name of the variable.||
+### ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1actionsvariablespecinitproviderrepositoryrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1actionsvariablespecinitproviderrepositoryselectorpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1ActionsVariableSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1ActionsVariableSpecProviderConfigRefPolicy](#actionsgithubupboundiov1alpha1actionsvariablespecproviderconfigrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1ActionsVariableSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsToConfigRef](#actionsgithubupboundiov1alpha1actionsvariablespecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsToMetadata](#actionsgithubupboundiov1alpha1actionsvariablespecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsToConfigRefPolicy](#actionsgithubupboundiov1alpha1actionsvariablespecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### ActionsGithubUpboundIoV1alpha1ActionsVariableSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### ActionsGithubUpboundIoV1alpha1ActionsVariableStatus
+
+ActionsVariableStatus defines the observed state of ActionsVariable.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[ActionsGithubUpboundIoV1alpha1ActionsVariableStatusAtProvider](#actionsgithubupboundiov1alpha1actionsvariablestatusatprovider)|at provider||
+|**conditions**|[[ActionsGithubUpboundIoV1alpha1ActionsVariableStatusConditionsItems0](#actionsgithubupboundiov1alpha1actionsvariablestatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### ActionsGithubUpboundIoV1alpha1ActionsVariableStatusAtProvider
+
+actions github upbound io v1alpha1 actions variable status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**createdAt**|str|Date of actions_variable creation.
Date of 'actions_variable' creation.||
+|**id**|str|id||
+|**repository**|str|Name of the repository
Name of the repository.||
+|**updatedAt**|str|Date of actions_variable update.
Date of 'actions_variable' update.||
+|**value**|str|Value of the variable
Value of the variable.||
+|**variableName**|str|Name of the variable
Name of the variable.||
+### ActionsGithubUpboundIoV1alpha1ActionsVariableStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpec
+
+EnvironmentSecretSpec defines the desired state of EnvironmentSecret
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProvider](#actionsgithubupboundiov1alpha1environmentsecretspecforprovider)|for provider||
+|**initProvider**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProvider](#actionsgithubupboundiov1alpha1environmentsecretspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecProviderConfigRef](#actionsgithubupboundiov1alpha1environmentsecretspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsTo](#actionsgithubupboundiov1alpha1environmentsecretspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecWriteConnectionSecretToRef](#actionsgithubupboundiov1alpha1environmentsecretspecwriteconnectionsecrettoref)|write connection secret to ref||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProvider
+
+actions github upbound io v1alpha1 environment secret spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**encryptedValueSecretRef**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEncryptedValueSecretRef](#actionsgithubupboundiov1alpha1environmentsecretspecforproviderencryptedvaluesecretref)|encrypted value secret ref||
+|**environment**|str|Name of the environment.
Name of the environment.||
+|**environmentRef**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentRef](#actionsgithubupboundiov1alpha1environmentsecretspecforproviderenvironmentref)|environment ref||
+|**environmentSelector**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentSelector](#actionsgithubupboundiov1alpha1environmentsecretspecforproviderenvironmentselector)|environment selector||
+|**plaintextValueSecretRef**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderPlaintextValueSecretRef](#actionsgithubupboundiov1alpha1environmentsecretspecforproviderplaintextvaluesecretref)|plaintext value secret ref||
+|**repository**|str|Name of the repository.
Name of the repository.||
+|**repositoryRef**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositoryRef](#actionsgithubupboundiov1alpha1environmentsecretspecforproviderrepositoryref)|repository ref||
+|**repositorySelector**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositorySelector](#actionsgithubupboundiov1alpha1environmentsecretspecforproviderrepositoryselector)|repository selector||
+|**secretName**|str|Name of the secret.
Name of the secret.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEncryptedValueSecretRef
+
+Encrypted value of the secret using the GitHub public key in Base64 format. Encrypted value of the secret using the GitHub public key in Base64 format.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key to select.||
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentRef
+
+Reference to a Environment in repo to populate environment.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentRefPolicy](#actionsgithubupboundiov1alpha1environmentsecretspecforproviderenvironmentrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentSelector
+
+Selector for a Environment in repo to populate environment.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentSelectorPolicy](#actionsgithubupboundiov1alpha1environmentsecretspecforproviderenvironmentselectorpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderPlaintextValueSecretRef
+
+Plaintext value of the secret to be encrypted. Plaintext value of the secret to be encrypted.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key to select.||
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1environmentsecretspecforproviderrepositoryrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1environmentsecretspecforproviderrepositoryselectorpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**encryptedValueSecretRef**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEncryptedValueSecretRef](#actionsgithubupboundiov1alpha1environmentsecretspecinitproviderencryptedvaluesecretref)|encrypted value secret ref||
+|**environment**|str|Name of the environment.
Name of the environment.||
+|**environmentRef**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentRef](#actionsgithubupboundiov1alpha1environmentsecretspecinitproviderenvironmentref)|environment ref||
+|**environmentSelector**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentSelector](#actionsgithubupboundiov1alpha1environmentsecretspecinitproviderenvironmentselector)|environment selector||
+|**plaintextValueSecretRef**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderPlaintextValueSecretRef](#actionsgithubupboundiov1alpha1environmentsecretspecinitproviderplaintextvaluesecretref)|plaintext value secret ref||
+|**repository**|str|Name of the repository.
Name of the repository.||
+|**repositoryRef**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositoryRef](#actionsgithubupboundiov1alpha1environmentsecretspecinitproviderrepositoryref)|repository ref||
+|**repositorySelector**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositorySelector](#actionsgithubupboundiov1alpha1environmentsecretspecinitproviderrepositoryselector)|repository selector||
+|**secretName**|str|Name of the secret.
Name of the secret.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEncryptedValueSecretRef
+
+Encrypted value of the secret using the GitHub public key in Base64 format. Encrypted value of the secret using the GitHub public key in Base64 format.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key to select.||
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentRef
+
+Reference to a Environment in repo to populate environment.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentRefPolicy](#actionsgithubupboundiov1alpha1environmentsecretspecinitproviderenvironmentrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentSelector
+
+Selector for a Environment in repo to populate environment.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentSelectorPolicy](#actionsgithubupboundiov1alpha1environmentsecretspecinitproviderenvironmentselectorpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderPlaintextValueSecretRef
+
+Plaintext value of the secret to be encrypted. Plaintext value of the secret to be encrypted.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key to select.||
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1environmentsecretspecinitproviderrepositoryrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1environmentsecretspecinitproviderrepositoryselectorpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecProviderConfigRefPolicy](#actionsgithubupboundiov1alpha1environmentsecretspecproviderconfigrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsToConfigRef](#actionsgithubupboundiov1alpha1environmentsecretspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsToMetadata](#actionsgithubupboundiov1alpha1environmentsecretspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsToConfigRefPolicy](#actionsgithubupboundiov1alpha1environmentsecretspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretStatus
+
+EnvironmentSecretStatus defines the observed state of EnvironmentSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretStatusAtProvider](#actionsgithubupboundiov1alpha1environmentsecretstatusatprovider)|at provider||
+|**conditions**|[[ActionsGithubUpboundIoV1alpha1EnvironmentSecretStatusConditionsItems0](#actionsgithubupboundiov1alpha1environmentsecretstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretStatusAtProvider
+
+actions github upbound io v1alpha1 environment secret status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**createdAt**|str|Date of actions_environment_secret creation.
Date of 'actions_environment_secret' creation.||
+|**environment**|str|Name of the environment.
Name of the environment.||
+|**id**|str|id||
+|**repository**|str|Name of the repository.
Name of the repository.||
+|**secretName**|str|Name of the secret.
Name of the secret.||
+|**updatedAt**|str|Date of actions_environment_secret update.
Date of 'actions_environment_secret' update.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentSecretStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpec
+
+EnvironmentVariableSpec defines the desired state of EnvironmentVariable
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProvider](#actionsgithubupboundiov1alpha1environmentvariablespecforprovider)|for provider||
+|**initProvider**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProvider](#actionsgithubupboundiov1alpha1environmentvariablespecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecProviderConfigRef](#actionsgithubupboundiov1alpha1environmentvariablespecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsTo](#actionsgithubupboundiov1alpha1environmentvariablespecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecWriteConnectionSecretToRef](#actionsgithubupboundiov1alpha1environmentvariablespecwriteconnectionsecrettoref)|write connection secret to ref||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProvider
+
+actions github upbound io v1alpha1 environment variable spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**environment**|str|Name of the environment.
Name of the environment.||
+|**environmentRef**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentRef](#actionsgithubupboundiov1alpha1environmentvariablespecforproviderenvironmentref)|environment ref||
+|**environmentSelector**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentSelector](#actionsgithubupboundiov1alpha1environmentvariablespecforproviderenvironmentselector)|environment selector||
+|**repository**|str|Name of the repository.
Name of the repository.||
+|**repositoryRef**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositoryRef](#actionsgithubupboundiov1alpha1environmentvariablespecforproviderrepositoryref)|repository ref||
+|**repositorySelector**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositorySelector](#actionsgithubupboundiov1alpha1environmentvariablespecforproviderrepositoryselector)|repository selector||
+|**value**|str|Value of the variable
Value of the variable.||
+|**variableName**|str|Name of the variable.
Name of the variable.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentRef
+
+Reference to a Environment in repo to populate environment.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentRefPolicy](#actionsgithubupboundiov1alpha1environmentvariablespecforproviderenvironmentrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentSelector
+
+Selector for a Environment in repo to populate environment.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentSelectorPolicy](#actionsgithubupboundiov1alpha1environmentvariablespecforproviderenvironmentselectorpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1environmentvariablespecforproviderrepositoryrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1environmentvariablespecforproviderrepositoryselectorpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**environment**|str|Name of the environment.
Name of the environment.||
+|**environmentRef**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentRef](#actionsgithubupboundiov1alpha1environmentvariablespecinitproviderenvironmentref)|environment ref||
+|**environmentSelector**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentSelector](#actionsgithubupboundiov1alpha1environmentvariablespecinitproviderenvironmentselector)|environment selector||
+|**repository**|str|Name of the repository.
Name of the repository.||
+|**repositoryRef**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositoryRef](#actionsgithubupboundiov1alpha1environmentvariablespecinitproviderrepositoryref)|repository ref||
+|**repositorySelector**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositorySelector](#actionsgithubupboundiov1alpha1environmentvariablespecinitproviderrepositoryselector)|repository selector||
+|**value**|str|Value of the variable
Value of the variable.||
+|**variableName**|str|Name of the variable.
Name of the variable.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentRef
+
+Reference to a Environment in repo to populate environment.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentRefPolicy](#actionsgithubupboundiov1alpha1environmentvariablespecinitproviderenvironmentrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentSelector
+
+Selector for a Environment in repo to populate environment.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentSelectorPolicy](#actionsgithubupboundiov1alpha1environmentvariablespecinitproviderenvironmentselectorpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1environmentvariablespecinitproviderrepositoryrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1environmentvariablespecinitproviderrepositoryselectorpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecProviderConfigRefPolicy](#actionsgithubupboundiov1alpha1environmentvariablespecproviderconfigrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsToConfigRef](#actionsgithubupboundiov1alpha1environmentvariablespecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsToMetadata](#actionsgithubupboundiov1alpha1environmentvariablespecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsToConfigRefPolicy](#actionsgithubupboundiov1alpha1environmentvariablespecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableStatus
+
+EnvironmentVariableStatus defines the observed state of EnvironmentVariable.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableStatusAtProvider](#actionsgithubupboundiov1alpha1environmentvariablestatusatprovider)|at provider||
+|**conditions**|[[ActionsGithubUpboundIoV1alpha1EnvironmentVariableStatusConditionsItems0](#actionsgithubupboundiov1alpha1environmentvariablestatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableStatusAtProvider
+
+actions github upbound io v1alpha1 environment variable status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**createdAt**|str|Date of actions_environment_secret creation.
Date of 'actions_variable' creation.||
+|**environment**|str|Name of the environment.
Name of the environment.||
+|**id**|str|id||
+|**repository**|str|Name of the repository.
Name of the repository.||
+|**updatedAt**|str|Date of actions_environment_secret update.
Date of 'actions_variable' update.||
+|**value**|str|Value of the variable
Value of the variable.||
+|**variableName**|str|Name of the variable.
Name of the variable.||
+### ActionsGithubUpboundIoV1alpha1EnvironmentVariableStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpec
+
+OrganizationActionsSecretSpec defines the desired state of OrganizationActionsSecret
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecForProvider](#actionsgithubupboundiov1alpha1organizationactionssecretspecforprovider)|for provider||
+|**initProvider**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecInitProvider](#actionsgithubupboundiov1alpha1organizationactionssecretspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecProviderConfigRef](#actionsgithubupboundiov1alpha1organizationactionssecretspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsTo](#actionsgithubupboundiov1alpha1organizationactionssecretspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecWriteConnectionSecretToRef](#actionsgithubupboundiov1alpha1organizationactionssecretspecwriteconnectionsecrettoref)|write connection secret to ref||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecForProvider
+
+actions github upbound io v1alpha1 organization actions secret spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**encryptedValueSecretRef**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecForProviderEncryptedValueSecretRef](#actionsgithubupboundiov1alpha1organizationactionssecretspecforproviderencryptedvaluesecretref)|encrypted value secret ref||
+|**plaintextValueSecretRef**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecForProviderPlaintextValueSecretRef](#actionsgithubupboundiov1alpha1organizationactionssecretspecforproviderplaintextvaluesecretref)|plaintext value secret ref||
+|**secretName**|str|Name of the secret
Name of the secret.||
+|**selectedRepositoryIds**|[int]|An array of repository ids that can access the organization secret.
An array of repository ids that can access the organization secret.||
+|**visibility**|str|Configures the access that repositories have to the organization secret.
Must be one of all, private, selected. selected_repository_ids is required if set to selected.
Configures the access that repositories have to the organization secret. Must be one of 'all', 'private', or 'selected'. 'selected_repository_ids' is required if set to 'selected'.||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecForProviderEncryptedValueSecretRef
+
+Encrypted value of the secret using the GitHub public key in Base64 format. Encrypted value of the secret using the GitHub public key in Base64 format.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key to select.||
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecForProviderPlaintextValueSecretRef
+
+Plaintext value of the secret to be encrypted Plaintext value of the secret to be encrypted.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key to select.||
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**encryptedValueSecretRef**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecInitProviderEncryptedValueSecretRef](#actionsgithubupboundiov1alpha1organizationactionssecretspecinitproviderencryptedvaluesecretref)|encrypted value secret ref||
+|**plaintextValueSecretRef**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecInitProviderPlaintextValueSecretRef](#actionsgithubupboundiov1alpha1organizationactionssecretspecinitproviderplaintextvaluesecretref)|plaintext value secret ref||
+|**secretName**|str|Name of the secret
Name of the secret.||
+|**selectedRepositoryIds**|[int]|An array of repository ids that can access the organization secret.
An array of repository ids that can access the organization secret.||
+|**visibility**|str|Configures the access that repositories have to the organization secret.
Must be one of all, private, selected. selected_repository_ids is required if set to selected.
Configures the access that repositories have to the organization secret. Must be one of 'all', 'private', or 'selected'. 'selected_repository_ids' is required if set to 'selected'.||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecInitProviderEncryptedValueSecretRef
+
+Encrypted value of the secret using the GitHub public key in Base64 format. Encrypted value of the secret using the GitHub public key in Base64 format.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key to select.||
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecInitProviderPlaintextValueSecretRef
+
+Plaintext value of the secret to be encrypted Plaintext value of the secret to be encrypted.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key to select.||
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecProviderConfigRefPolicy](#actionsgithubupboundiov1alpha1organizationactionssecretspecproviderconfigrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsToConfigRef](#actionsgithubupboundiov1alpha1organizationactionssecretspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsToMetadata](#actionsgithubupboundiov1alpha1organizationactionssecretspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsToConfigRefPolicy](#actionsgithubupboundiov1alpha1organizationactionssecretspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretStatus
+
+OrganizationActionsSecretStatus defines the observed state of OrganizationActionsSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretStatusAtProvider](#actionsgithubupboundiov1alpha1organizationactionssecretstatusatprovider)|at provider||
+|**conditions**|[[ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretStatusConditionsItems0](#actionsgithubupboundiov1alpha1organizationactionssecretstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretStatusAtProvider
+
+actions github upbound io v1alpha1 organization actions secret status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**createdAt**|str|Date of actions_secret creation.
Date of 'actions_secret' creation.||
+|**id**|str|id||
+|**secretName**|str|Name of the secret
Name of the secret.||
+|**selectedRepositoryIds**|[int]|An array of repository ids that can access the organization secret.
An array of repository ids that can access the organization secret.||
+|**updatedAt**|str|Date of actions_secret update.
Date of 'actions_secret' update.||
+|**visibility**|str|Configures the access that repositories have to the organization secret.
Must be one of all, private, selected. selected_repository_ids is required if set to selected.
Configures the access that repositories have to the organization secret. Must be one of 'all', 'private', or 'selected'. 'selected_repository_ids' is required if set to 'selected'.||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpec
+
+OrganizationActionsVariableSpec defines the desired state of OrganizationActionsVariable
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecForProvider](#actionsgithubupboundiov1alpha1organizationactionsvariablespecforprovider)|for provider||
+|**initProvider**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecInitProvider](#actionsgithubupboundiov1alpha1organizationactionsvariablespecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecProviderConfigRef](#actionsgithubupboundiov1alpha1organizationactionsvariablespecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsTo](#actionsgithubupboundiov1alpha1organizationactionsvariablespecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecWriteConnectionSecretToRef](#actionsgithubupboundiov1alpha1organizationactionsvariablespecwriteconnectionsecrettoref)|write connection secret to ref||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecForProvider
+
+actions github upbound io v1alpha1 organization actions variable spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**selectedRepositoryIds**|[int]|An array of repository ids that can access the organization variable.
An array of repository ids that can access the organization variable.||
+|**value**|str|Value of the variable
Value of the variable.||
+|**variableName**|str|Name of the variable
Name of the variable.||
+|**visibility**|str|Configures the access that repositories have to the organization variable.
Must be one of all, private, selected. selected_repository_ids is required if set to selected.
Configures the access that repositories have to the organization variable. Must be one of 'all', 'private', or 'selected'. 'selected_repository_ids' is required if set to 'selected'.||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**selectedRepositoryIds**|[int]|An array of repository ids that can access the organization variable.
An array of repository ids that can access the organization variable.||
+|**value**|str|Value of the variable
Value of the variable.||
+|**variableName**|str|Name of the variable
Name of the variable.||
+|**visibility**|str|Configures the access that repositories have to the organization variable.
Must be one of all, private, selected. selected_repository_ids is required if set to selected.
Configures the access that repositories have to the organization variable. Must be one of 'all', 'private', or 'selected'. 'selected_repository_ids' is required if set to 'selected'.||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecProviderConfigRefPolicy](#actionsgithubupboundiov1alpha1organizationactionsvariablespecproviderconfigrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsToConfigRef](#actionsgithubupboundiov1alpha1organizationactionsvariablespecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsToMetadata](#actionsgithubupboundiov1alpha1organizationactionsvariablespecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsToConfigRefPolicy](#actionsgithubupboundiov1alpha1organizationactionsvariablespecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableStatus
+
+OrganizationActionsVariableStatus defines the observed state of OrganizationActionsVariable.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableStatusAtProvider](#actionsgithubupboundiov1alpha1organizationactionsvariablestatusatprovider)|at provider||
+|**conditions**|[[ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableStatusConditionsItems0](#actionsgithubupboundiov1alpha1organizationactionsvariablestatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableStatusAtProvider
+
+actions github upbound io v1alpha1 organization actions variable status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**createdAt**|str|Date of actions_variable creation.
Date of 'actions_variable' creation.||
+|**id**|str|id||
+|**selectedRepositoryIds**|[int]|An array of repository ids that can access the organization variable.
An array of repository ids that can access the organization variable.||
+|**updatedAt**|str|Date of actions_variable update.
Date of 'actions_variable' update.||
+|**value**|str|Value of the variable
Value of the variable.||
+|**variableName**|str|Name of the variable
Name of the variable.||
+|**visibility**|str|Configures the access that repositories have to the organization variable.
Must be one of all, private, selected. selected_repository_ids is required if set to selected.
Configures the access that repositories have to the organization variable. Must be one of 'all', 'private', or 'selected'. 'selected_repository_ids' is required if set to 'selected'.||
+### ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpec
+
+OrganizationPermissionsSpec defines the desired state of OrganizationPermissions
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecForProvider](#actionsgithubupboundiov1alpha1organizationpermissionsspecforprovider)|for provider||
+|**initProvider**|[ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecInitProvider](#actionsgithubupboundiov1alpha1organizationpermissionsspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecProviderConfigRef](#actionsgithubupboundiov1alpha1organizationpermissionsspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsTo](#actionsgithubupboundiov1alpha1organizationpermissionsspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecWriteConnectionSecretToRef](#actionsgithubupboundiov1alpha1organizationpermissionsspecwriteconnectionsecrettoref)|write connection secret to ref||
+### ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecForProvider
+
+actions github upbound io v1alpha1 organization permissions spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**allowedActions**|str|The permissions policy that controls the actions that are allowed to run. Can be one of: all, local_only, or selected.
The permissions policy that controls the actions that are allowed to run. Can be one of: 'all', 'local_only', or 'selected'.||
+|**allowedActionsConfig**|[[ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecForProviderAllowedActionsConfigItems0](#actionsgithubupboundiov1alpha1organizationpermissionsspecforproviderallowedactionsconfigitems0)]|Sets the actions that are allowed in an organization. Only available when allowed_actions = selected. See Allowed Actions Config below for details.
Sets the actions that are allowed in an organization. Only available when 'allowed_actions' = 'selected'||
+|**enabledRepositories**|str|The policy that controls the repositories in the organization that are allowed to run GitHub Actions. Can be one of: all, none, or selected.
The policy that controls the repositories in the organization that are allowed to run GitHub Actions. Can be one of: 'all', 'none', or 'selected'.||
+|**enabledRepositoriesConfig**|[[ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecForProviderEnabledRepositoriesConfigItems0](#actionsgithubupboundiov1alpha1organizationpermissionsspecforproviderenabledrepositoriesconfigitems0)]|Sets the list of selected repositories that are enabled for GitHub Actions in an organization. Only available when enabled_repositories = selected. See Enabled Repositories Config below for details.
Sets the list of selected repositories that are enabled for GitHub Actions in an organization. Only available when 'enabled_repositories' = 'selected'.||
+### ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecForProviderAllowedActionsConfigItems0
+
+actions github upbound io v1alpha1 organization permissions spec for provider allowed actions config items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**githubOwnedAllowed**|bool|Whether GitHub-owned actions are allowed in the organization.
Whether GitHub-owned actions are allowed in the organization.||
+|**patternsAllowed**|[str]|Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@, monalisa/octocat@v2, monalisa/."
Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, 'monalisa/octocat@', 'monalisa/octocat@v2', 'monalisa/'.||
+|**verifiedAllowed**|bool|Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
Whether actions in GitHub Marketplace from verified creators are allowed. Set to 'true' to allow all GitHub Marketplace actions by verified creators.||
+### ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecForProviderEnabledRepositoriesConfigItems0
+
+actions github upbound io v1alpha1 organization permissions spec for provider enabled repositories config items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**repositoryIds**|[int]|List of repository IDs to enable for GitHub Actions.
List of repository IDs to enable for GitHub Actions.||
+### ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**allowedActions**|str|The permissions policy that controls the actions that are allowed to run. Can be one of: all, local_only, or selected.
The permissions policy that controls the actions that are allowed to run. Can be one of: 'all', 'local_only', or 'selected'.||
+|**allowedActionsConfig**|[[ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecInitProviderAllowedActionsConfigItems0](#actionsgithubupboundiov1alpha1organizationpermissionsspecinitproviderallowedactionsconfigitems0)]|Sets the actions that are allowed in an organization. Only available when allowed_actions = selected. See Allowed Actions Config below for details.
Sets the actions that are allowed in an organization. Only available when 'allowed_actions' = 'selected'||
+|**enabledRepositories**|str|The policy that controls the repositories in the organization that are allowed to run GitHub Actions. Can be one of: all, none, or selected.
The policy that controls the repositories in the organization that are allowed to run GitHub Actions. Can be one of: 'all', 'none', or 'selected'.||
+|**enabledRepositoriesConfig**|[[ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecInitProviderEnabledRepositoriesConfigItems0](#actionsgithubupboundiov1alpha1organizationpermissionsspecinitproviderenabledrepositoriesconfigitems0)]|Sets the list of selected repositories that are enabled for GitHub Actions in an organization. Only available when enabled_repositories = selected. See Enabled Repositories Config below for details.
Sets the list of selected repositories that are enabled for GitHub Actions in an organization. Only available when 'enabled_repositories' = 'selected'.||
+### ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecInitProviderAllowedActionsConfigItems0
+
+actions github upbound io v1alpha1 organization permissions spec init provider allowed actions config items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**githubOwnedAllowed**|bool|Whether GitHub-owned actions are allowed in the organization.
Whether GitHub-owned actions are allowed in the organization.||
+|**patternsAllowed**|[str]|Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@, monalisa/octocat@v2, monalisa/."
Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, 'monalisa/octocat@', 'monalisa/octocat@v2', 'monalisa/'.||
+|**verifiedAllowed**|bool|Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
Whether actions in GitHub Marketplace from verified creators are allowed. Set to 'true' to allow all GitHub Marketplace actions by verified creators.||
+### ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecInitProviderEnabledRepositoriesConfigItems0
+
+actions github upbound io v1alpha1 organization permissions spec init provider enabled repositories config items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**repositoryIds**|[int]|List of repository IDs to enable for GitHub Actions.
List of repository IDs to enable for GitHub Actions.||
+### ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecProviderConfigRefPolicy](#actionsgithubupboundiov1alpha1organizationpermissionsspecproviderconfigrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsToConfigRef](#actionsgithubupboundiov1alpha1organizationpermissionsspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsToMetadata](#actionsgithubupboundiov1alpha1organizationpermissionsspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsToConfigRefPolicy](#actionsgithubupboundiov1alpha1organizationpermissionsspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatus
+
+OrganizationPermissionsStatus defines the observed state of OrganizationPermissions.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusAtProvider](#actionsgithubupboundiov1alpha1organizationpermissionsstatusatprovider)|at provider||
+|**conditions**|[[ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusConditionsItems0](#actionsgithubupboundiov1alpha1organizationpermissionsstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusAtProvider
+
+actions github upbound io v1alpha1 organization permissions status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**allowedActions**|str|The permissions policy that controls the actions that are allowed to run. Can be one of: all, local_only, or selected.
The permissions policy that controls the actions that are allowed to run. Can be one of: 'all', 'local_only', or 'selected'.||
+|**allowedActionsConfig**|[[ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusAtProviderAllowedActionsConfigItems0](#actionsgithubupboundiov1alpha1organizationpermissionsstatusatproviderallowedactionsconfigitems0)]|Sets the actions that are allowed in an organization. Only available when allowed_actions = selected. See Allowed Actions Config below for details.
Sets the actions that are allowed in an organization. Only available when 'allowed_actions' = 'selected'||
+|**enabledRepositories**|str|The policy that controls the repositories in the organization that are allowed to run GitHub Actions. Can be one of: all, none, or selected.
The policy that controls the repositories in the organization that are allowed to run GitHub Actions. Can be one of: 'all', 'none', or 'selected'.||
+|**enabledRepositoriesConfig**|[[ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusAtProviderEnabledRepositoriesConfigItems0](#actionsgithubupboundiov1alpha1organizationpermissionsstatusatproviderenabledrepositoriesconfigitems0)]|Sets the list of selected repositories that are enabled for GitHub Actions in an organization. Only available when enabled_repositories = selected. See Enabled Repositories Config below for details.
Sets the list of selected repositories that are enabled for GitHub Actions in an organization. Only available when 'enabled_repositories' = 'selected'.||
+|**id**|str|id||
+### ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusAtProviderAllowedActionsConfigItems0
+
+actions github upbound io v1alpha1 organization permissions status at provider allowed actions config items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**githubOwnedAllowed**|bool|Whether GitHub-owned actions are allowed in the organization.
Whether GitHub-owned actions are allowed in the organization.||
+|**patternsAllowed**|[str]|Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@, monalisa/octocat@v2, monalisa/."
Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, 'monalisa/octocat@', 'monalisa/octocat@v2', 'monalisa/'.||
+|**verifiedAllowed**|bool|Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
Whether actions in GitHub Marketplace from verified creators are allowed. Set to 'true' to allow all GitHub Marketplace actions by verified creators.||
+### ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusAtProviderEnabledRepositoriesConfigItems0
+
+actions github upbound io v1alpha1 organization permissions status at provider enabled repositories config items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**repositoryIds**|[int]|List of repository IDs to enable for GitHub Actions.
List of repository IDs to enable for GitHub Actions.||
+### ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpec
+
+RepositoryAccessLevelSpec defines the desired state of RepositoryAccessLevel
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProvider](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecforprovider)|for provider||
+|**initProvider**|[ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProvider](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecProviderConfigRef](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsTo](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecWriteConnectionSecretToRef](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecwriteconnectionsecrettoref)|write connection secret to ref||
+### ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProvider
+
+actions github upbound io v1alpha1 repository access level spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**accessLevel**|str|Where the actions or reusable workflows of the repository may be used. Possible values are none, user, organization, or enterprise.
Where the actions or reusable workflows of the repository may be used. Possible values are 'none', 'user', 'organization', or 'enterprise'.||
+|**repository**|str|The GitHub repository
The GitHub repository.||
+|**repositoryRef**|[ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositoryRef](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecforproviderrepositoryref)|repository ref||
+|**repositorySelector**|[ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositorySelector](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecforproviderrepositoryselector)|repository selector||
+### ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecforproviderrepositoryrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecforproviderrepositoryselectorpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**accessLevel**|str|Where the actions or reusable workflows of the repository may be used. Possible values are none, user, organization, or enterprise.
Where the actions or reusable workflows of the repository may be used. Possible values are 'none', 'user', 'organization', or 'enterprise'.||
+|**repository**|str|The GitHub repository
The GitHub repository.||
+|**repositoryRef**|[ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositoryRef](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecinitproviderrepositoryref)|repository ref||
+|**repositorySelector**|[ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositorySelector](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecinitproviderrepositoryselector)|repository selector||
+### ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecinitproviderrepositoryrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecinitproviderrepositoryselectorpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecProviderConfigRefPolicy](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecproviderconfigrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsToConfigRef](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsToMetadata](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsToConfigRefPolicy](#actionsgithubupboundiov1alpha1repositoryaccesslevelspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelStatus
+
+RepositoryAccessLevelStatus defines the observed state of RepositoryAccessLevel.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelStatusAtProvider](#actionsgithubupboundiov1alpha1repositoryaccesslevelstatusatprovider)|at provider||
+|**conditions**|[[ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelStatusConditionsItems0](#actionsgithubupboundiov1alpha1repositoryaccesslevelstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelStatusAtProvider
+
+actions github upbound io v1alpha1 repository access level status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**accessLevel**|str|Where the actions or reusable workflows of the repository may be used. Possible values are none, user, organization, or enterprise.
Where the actions or reusable workflows of the repository may be used. Possible values are 'none', 'user', 'organization', or 'enterprise'.||
+|**id**|str|id||
+|**repository**|str|The GitHub repository
The GitHub repository.||
+### ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpec
+
+RepositoryPermissionsSpec defines the desired state of RepositoryPermissions
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProvider](#actionsgithubupboundiov1alpha1repositorypermissionsspecforprovider)|for provider||
+|**initProvider**|[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProvider](#actionsgithubupboundiov1alpha1repositorypermissionsspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecProviderConfigRef](#actionsgithubupboundiov1alpha1repositorypermissionsspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsTo](#actionsgithubupboundiov1alpha1repositorypermissionsspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecWriteConnectionSecretToRef](#actionsgithubupboundiov1alpha1repositorypermissionsspecwriteconnectionsecrettoref)|write connection secret to ref||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProvider
+
+actions github upbound io v1alpha1 repository permissions spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**allowedActions**|str|The permissions policy that controls the actions that are allowed to run. Can be one of: all, local_only, or selected.
The permissions policy that controls the actions that are allowed to run. Can be one of: 'all', 'local_only', or 'selected'.||
+|**allowedActionsConfig**|[[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderAllowedActionsConfigItems0](#actionsgithubupboundiov1alpha1repositorypermissionsspecforproviderallowedactionsconfigitems0)]|Sets the actions that are allowed in an repository. Only available when allowed_actions = selected. See Allowed Actions Config below for details.
Sets the actions that are allowed in an repository. Only available when 'allowed_actions' = 'selected'.||
+|**enabled**|bool|Should GitHub actions be enabled on this repository?
Should GitHub actions be enabled on this repository.||
+|**repository**|str|The GitHub repository
The GitHub repository.||
+|**repositoryRef**|[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositoryRef](#actionsgithubupboundiov1alpha1repositorypermissionsspecforproviderrepositoryref)|repository ref||
+|**repositorySelector**|[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositorySelector](#actionsgithubupboundiov1alpha1repositorypermissionsspecforproviderrepositoryselector)|repository selector||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderAllowedActionsConfigItems0
+
+actions github upbound io v1alpha1 repository permissions spec for provider allowed actions config items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**githubOwnedAllowed**|bool|Whether GitHub-owned actions are allowed in the repository.
Whether GitHub-owned actions are allowed in the repository.||
+|**patternsAllowed**|[str]|Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@, monalisa/octocat@v2, monalisa/."
Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, 'monalisa/octocat@', 'monalisa/octocat@v2', 'monalisa/'.||
+|**verifiedAllowed**|bool|Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
Whether actions in GitHub Marketplace from verified creators are allowed. Set to 'true' to allow all GitHub Marketplace actions by verified creators.||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1repositorypermissionsspecforproviderrepositoryrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1repositorypermissionsspecforproviderrepositoryselectorpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**allowedActions**|str|The permissions policy that controls the actions that are allowed to run. Can be one of: all, local_only, or selected.
The permissions policy that controls the actions that are allowed to run. Can be one of: 'all', 'local_only', or 'selected'.||
+|**allowedActionsConfig**|[[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderAllowedActionsConfigItems0](#actionsgithubupboundiov1alpha1repositorypermissionsspecinitproviderallowedactionsconfigitems0)]|Sets the actions that are allowed in an repository. Only available when allowed_actions = selected. See Allowed Actions Config below for details.
Sets the actions that are allowed in an repository. Only available when 'allowed_actions' = 'selected'.||
+|**enabled**|bool|Should GitHub actions be enabled on this repository?
Should GitHub actions be enabled on this repository.||
+|**repository**|str|The GitHub repository
The GitHub repository.||
+|**repositoryRef**|[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositoryRef](#actionsgithubupboundiov1alpha1repositorypermissionsspecinitproviderrepositoryref)|repository ref||
+|**repositorySelector**|[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositorySelector](#actionsgithubupboundiov1alpha1repositorypermissionsspecinitproviderrepositoryselector)|repository selector||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderAllowedActionsConfigItems0
+
+actions github upbound io v1alpha1 repository permissions spec init provider allowed actions config items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**githubOwnedAllowed**|bool|Whether GitHub-owned actions are allowed in the repository.
Whether GitHub-owned actions are allowed in the repository.||
+|**patternsAllowed**|[str]|Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@, monalisa/octocat@v2, monalisa/."
Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, 'monalisa/octocat@', 'monalisa/octocat@v2', 'monalisa/'.||
+|**verifiedAllowed**|bool|Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
Whether actions in GitHub Marketplace from verified creators are allowed. Set to 'true' to allow all GitHub Marketplace actions by verified creators.||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositoryRefPolicy](#actionsgithubupboundiov1alpha1repositorypermissionsspecinitproviderrepositoryrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositorySelectorPolicy](#actionsgithubupboundiov1alpha1repositorypermissionsspecinitproviderrepositoryselectorpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecProviderConfigRefPolicy](#actionsgithubupboundiov1alpha1repositorypermissionsspecproviderconfigrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsToConfigRef](#actionsgithubupboundiov1alpha1repositorypermissionsspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsToMetadata](#actionsgithubupboundiov1alpha1repositorypermissionsspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsToConfigRefPolicy](#actionsgithubupboundiov1alpha1repositorypermissionsspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatus
+
+RepositoryPermissionsStatus defines the observed state of RepositoryPermissions.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatusAtProvider](#actionsgithubupboundiov1alpha1repositorypermissionsstatusatprovider)|at provider||
+|**conditions**|[[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatusConditionsItems0](#actionsgithubupboundiov1alpha1repositorypermissionsstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatusAtProvider
+
+actions github upbound io v1alpha1 repository permissions status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**allowedActions**|str|The permissions policy that controls the actions that are allowed to run. Can be one of: all, local_only, or selected.
The permissions policy that controls the actions that are allowed to run. Can be one of: 'all', 'local_only', or 'selected'.||
+|**allowedActionsConfig**|[[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatusAtProviderAllowedActionsConfigItems0](#actionsgithubupboundiov1alpha1repositorypermissionsstatusatproviderallowedactionsconfigitems0)]|Sets the actions that are allowed in an repository. Only available when allowed_actions = selected. See Allowed Actions Config below for details.
Sets the actions that are allowed in an repository. Only available when 'allowed_actions' = 'selected'.||
+|**enabled**|bool|Should GitHub actions be enabled on this repository?
Should GitHub actions be enabled on this repository.||
+|**id**|str|id||
+|**repository**|str|The GitHub repository
The GitHub repository.||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatusAtProviderAllowedActionsConfigItems0
+
+actions github upbound io v1alpha1 repository permissions status at provider allowed actions config items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**githubOwnedAllowed**|bool|Whether GitHub-owned actions are allowed in the repository.
Whether GitHub-owned actions are allowed in the repository.||
+|**patternsAllowed**|[str]|Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@, monalisa/octocat@v2, monalisa/."
Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, 'monalisa/octocat@', 'monalisa/octocat@v2', 'monalisa/'.||
+|**verifiedAllowed**|bool|Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
Whether actions in GitHub Marketplace from verified creators are allowed. Set to 'true' to allow all GitHub Marketplace actions by verified creators.||
+### ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### ActionsGithubUpboundIoV1alpha1RunnerGroupSpec
+
+RunnerGroupSpec defines the desired state of RunnerGroup
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProvider](#actionsgithubupboundiov1alpha1runnergroupspecforprovider)|for provider||
+|**initProvider**|[ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProvider](#actionsgithubupboundiov1alpha1runnergroupspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[ActionsGithubUpboundIoV1alpha1RunnerGroupSpecProviderConfigRef](#actionsgithubupboundiov1alpha1runnergroupspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsTo](#actionsgithubupboundiov1alpha1runnergroupspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[ActionsGithubUpboundIoV1alpha1RunnerGroupSpecWriteConnectionSecretToRef](#actionsgithubupboundiov1alpha1runnergroupspecwriteconnectionsecrettoref)|write connection secret to ref||
+### ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProvider
+
+actions github upbound io v1alpha1 runner group spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**allowsPublicRepositories**|bool|Whether public repositories can be added to the runner group. Defaults to false.
Whether public repositories can be added to the runner group.||
+|**name**|str|Name of the runner group
Name of the runner group.||
+|**nameRef**|[ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameRef](#actionsgithubupboundiov1alpha1runnergroupspecforprovidernameref)|name ref||
+|**nameSelector**|[ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameSelector](#actionsgithubupboundiov1alpha1runnergroupspecforprovidernameselector)|name selector||
+|**restrictedToWorkflows**|bool|If true, the runner group will be restricted to running only the workflows specified in the selected_workflows array. Defaults to false.
If 'true', the runner group will be restricted to running only the workflows specified in the 'selected_workflows' array. Defaults to 'false'.||
+|**selectedRepositoryIds**|[int]|IDs of the repositories which should be added to the runner group
List of repository IDs that can access the runner group.||
+|**selectedWorkflows**|[str]|List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to true.
List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to 'true'.||
+|**visibility**|str|Visibility of a runner group. Whether the runner group can include all, selected, or private repositories. A value of private is not currently supported due to limitations in the GitHub API.
The visibility of the runner group.||
+### ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameRef
+
+Reference to a Repository in repo to populate name.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameRefPolicy](#actionsgithubupboundiov1alpha1runnergroupspecforprovidernamerefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameSelector
+
+Selector for a Repository in repo to populate name.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameSelectorPolicy](#actionsgithubupboundiov1alpha1runnergroupspecforprovidernameselectorpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**allowsPublicRepositories**|bool|Whether public repositories can be added to the runner group. Defaults to false.
Whether public repositories can be added to the runner group.||
+|**name**|str|Name of the runner group
Name of the runner group.||
+|**nameRef**|[ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameRef](#actionsgithubupboundiov1alpha1runnergroupspecinitprovidernameref)|name ref||
+|**nameSelector**|[ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameSelector](#actionsgithubupboundiov1alpha1runnergroupspecinitprovidernameselector)|name selector||
+|**restrictedToWorkflows**|bool|If true, the runner group will be restricted to running only the workflows specified in the selected_workflows array. Defaults to false.
If 'true', the runner group will be restricted to running only the workflows specified in the 'selected_workflows' array. Defaults to 'false'.||
+|**selectedRepositoryIds**|[int]|IDs of the repositories which should be added to the runner group
List of repository IDs that can access the runner group.||
+|**selectedWorkflows**|[str]|List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to true.
List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to 'true'.||
+|**visibility**|str|Visibility of a runner group. Whether the runner group can include all, selected, or private repositories. A value of private is not currently supported due to limitations in the GitHub API.
The visibility of the runner group.||
+### ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameRef
+
+Reference to a Repository in repo to populate name.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameRefPolicy](#actionsgithubupboundiov1alpha1runnergroupspecinitprovidernamerefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameSelector
+
+Selector for a Repository in repo to populate name.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameSelectorPolicy](#actionsgithubupboundiov1alpha1runnergroupspecinitprovidernameselectorpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1RunnerGroupSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1RunnerGroupSpecProviderConfigRefPolicy](#actionsgithubupboundiov1alpha1runnergroupspecproviderconfigrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1RunnerGroupSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsToConfigRef](#actionsgithubupboundiov1alpha1runnergroupspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsToMetadata](#actionsgithubupboundiov1alpha1runnergroupspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsToConfigRefPolicy](#actionsgithubupboundiov1alpha1runnergroupspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### ActionsGithubUpboundIoV1alpha1RunnerGroupSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### ActionsGithubUpboundIoV1alpha1RunnerGroupStatus
+
+RunnerGroupStatus defines the observed state of RunnerGroup.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[ActionsGithubUpboundIoV1alpha1RunnerGroupStatusAtProvider](#actionsgithubupboundiov1alpha1runnergroupstatusatprovider)|at provider||
+|**conditions**|[[ActionsGithubUpboundIoV1alpha1RunnerGroupStatusConditionsItems0](#actionsgithubupboundiov1alpha1runnergroupstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### ActionsGithubUpboundIoV1alpha1RunnerGroupStatusAtProvider
+
+actions github upbound io v1alpha1 runner group status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**allowsPublicRepositories**|bool|Whether public repositories can be added to the runner group. Defaults to false.
Whether public repositories can be added to the runner group.||
+|**default**|bool|Whether this is the default runner group
Whether this is the default runner group.||
+|**etag**|str|An etag representing the runner group object
An etag representing the runner group object||
+|**id**|str|id||
+|**inherited**|bool|Whether the runner group is inherited from the enterprise level
Whether the runner group is inherited from the enterprise level||
+|**name**|str|Name of the runner group
Name of the runner group.||
+|**restrictedToWorkflows**|bool|If true, the runner group will be restricted to running only the workflows specified in the selected_workflows array. Defaults to false.
If 'true', the runner group will be restricted to running only the workflows specified in the 'selected_workflows' array. Defaults to 'false'.||
+|**runnersUrl**|str|The GitHub API URL for the runner group's runners
The GitHub API URL for the runner group's runners.||
+|**selectedRepositoriesUrl**|str|GitHub API URL for the runner group's repositories
GitHub API URL for the runner group's repositories.||
+|**selectedRepositoryIds**|[int]|IDs of the repositories which should be added to the runner group
List of repository IDs that can access the runner group.||
+|**selectedWorkflows**|[str]|List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to true.
List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to 'true'.||
+|**visibility**|str|Visibility of a runner group. Whether the runner group can include all, selected, or private repositories. A value of private is not currently supported due to limitations in the GitHub API.
The visibility of the runner group.||
+### ActionsGithubUpboundIoV1alpha1RunnerGroupStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### ActionsSecret
+
+ActionsSecret is the Schema for the ActionsSecrets API. Creates and manages an Action Secret within a GitHub repository
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"actions.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"actions.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"ActionsSecret"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"ActionsSecret"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[ActionsGithubUpboundIoV1alpha1ActionsSecretSpec](#actionsgithubupboundiov1alpha1actionssecretspec)|spec||
+|**status**|[ActionsGithubUpboundIoV1alpha1ActionsSecretStatus](#actionsgithubupboundiov1alpha1actionssecretstatus)|status||
+### ActionsVariable
+
+ActionsVariable is the Schema for the ActionsVariables API. Creates and manages an Action variable within a GitHub repository
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"actions.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"actions.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"ActionsVariable"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"ActionsVariable"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[ActionsGithubUpboundIoV1alpha1ActionsVariableSpec](#actionsgithubupboundiov1alpha1actionsvariablespec)|spec||
+|**status**|[ActionsGithubUpboundIoV1alpha1ActionsVariableStatus](#actionsgithubupboundiov1alpha1actionsvariablestatus)|status||
+### Branch
+
+Branch is the Schema for the Branchs API. Creates and manages branches within GitHub repositories.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"repo.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"repo.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"Branch"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"Branch"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[RepoGithubUpboundIoV1alpha1BranchSpec](#repogithubupboundiov1alpha1branchspec)|spec||
+|**status**|[RepoGithubUpboundIoV1alpha1BranchStatus](#repogithubupboundiov1alpha1branchstatus)|status||
+### BranchProtection
+
+BranchProtection is the Schema for the BranchProtections API. Protects a GitHub branch.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"repo.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"repo.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"BranchProtection"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"BranchProtection"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[RepoGithubUpboundIoV1alpha1BranchProtectionSpec](#repogithubupboundiov1alpha1branchprotectionspec)|spec||
+|**status**|[RepoGithubUpboundIoV1alpha1BranchProtectionStatus](#repogithubupboundiov1alpha1branchprotectionstatus)|status||
+### BranchProtectionv3
+
+BranchProtectionv3 is the Schema for the BranchProtectionv3s API. Protects a GitHub branch using the v3 / REST implementation. The
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"repo.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"repo.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"BranchProtectionv3"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"BranchProtectionv3"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[RepoGithubUpboundIoV1alpha1BranchProtectionv3Spec](#repogithubupboundiov1alpha1branchprotectionv3spec)|spec||
+|**status**|[RepoGithubUpboundIoV1alpha1BranchProtectionv3Status](#repogithubupboundiov1alpha1branchprotectionv3status)|status||
+### DefaultBranch
+
+DefaultBranch is the Schema for the DefaultBranchs API. Provides a GitHub branch default for a given repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"repo.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"repo.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"DefaultBranch"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"DefaultBranch"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[RepoGithubUpboundIoV1alpha1DefaultBranchSpec](#repogithubupboundiov1alpha1defaultbranchspec)|spec||
+|**status**|[RepoGithubUpboundIoV1alpha1DefaultBranchStatus](#repogithubupboundiov1alpha1defaultbranchstatus)|status||
+### DeployKey
+
+DeployKey is the Schema for the DeployKeys API. Provides a GitHub repository deploy key resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"repo.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"repo.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"DeployKey"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"DeployKey"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[RepoGithubUpboundIoV1alpha1DeployKeySpec](#repogithubupboundiov1alpha1deploykeyspec)|spec||
+|**status**|[RepoGithubUpboundIoV1alpha1DeployKeyStatus](#repogithubupboundiov1alpha1deploykeystatus)|status||
+### EmuGroupMapping
+
+EmuGroupMapping is the Schema for the EmuGroupMappings API. Manages mappings between external groups for enterprise managed users.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"team.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"team.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"EmuGroupMapping"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"EmuGroupMapping"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[TeamGithubUpboundIoV1alpha1EmuGroupMappingSpec](#teamgithubupboundiov1alpha1emugroupmappingspec)|spec||
+|**status**|[TeamGithubUpboundIoV1alpha1EmuGroupMappingStatus](#teamgithubupboundiov1alpha1emugroupmappingstatus)|status||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpec
+
+OrganizationRulesetSpec defines the desired state of OrganizationRuleset
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProvider](#enterprisegithubupboundiov1alpha1organizationrulesetspecforprovider)|for provider||
+|**initProvider**|[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProvider](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecProviderConfigRef](#enterprisegithubupboundiov1alpha1organizationrulesetspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsTo](#enterprisegithubupboundiov1alpha1organizationrulesetspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecWriteConnectionSecretToRef](#enterprisegithubupboundiov1alpha1organizationrulesetspecwriteconnectionsecrettoref)|write connection secret to ref||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProvider
+
+enterprise github upbound io v1alpha1 organization ruleset spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**bypassActors**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderBypassActorsItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderbypassactorsitems0)]|The actors that can bypass the rules in this ruleset.||
+|**conditions**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderConditionsItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderconditionsitems0)]|Parameters for an organization ruleset condition. `ref_name` is required alongside one of `repository_name` or `repository_id`.||
+|**enforcement**|str|Possible values for Enforcement are `disabled`, `active`, `evaluate`. Note: `evaluate` is currently only supported for owners of type `organization`.||
+|**name**|str|The name of the ruleset.||
+|**rules**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderrulesitems0)]|Rules within the ruleset.||
+|**target**|str|Possible values are `branch`, `tag` and `push`. Note: The `push` target is in beta and is subject to change.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderBypassActorsItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec for provider bypass actors items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**actorId**|int|The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`.||
+|**actorType**|str|The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.||
+|**bypassMode**|str|When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderConditionsItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec for provider conditions items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**refName**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderConditionsItems0RefNameItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderconditionsitems0refnameitems0)]|ref name||
+|**repositoryId**|[int]|The repository IDs that the ruleset applies to. One of these IDs must match for the condition to pass.||
+|**repositoryName**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderConditionsItems0RepositoryNameItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderconditionsitems0repositorynameitems0)]|repository name||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderConditionsItems0RefNameItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec for provider conditions items0 ref name items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**exclude**|[str]|Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.||
+|**include**|[str]|Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderConditionsItems0RepositoryNameItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec for provider conditions items0 repository name items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**exclude**|[str]|Array of repository names or patterns to exclude. The condition will not pass if any of these patterns match.||
+|**include**|[str]|Array of repository names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~ALL` to include all repositories.||
+|**protected**|bool|Whether renaming of target repositories is prevented.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec for provider rules items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**branchNamePattern**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0BranchNamePatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderrulesitems0branchnamepatternitems0)]|Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `tag_name_pattern` as it only applies to rulesets with target `branch`.||
+|**commitAuthorEmailPattern**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0CommitAuthorEmailPatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderrulesitems0commitauthoremailpatternitems0)]|Parameters to be used for the commit_author_email_pattern rule.||
+|**commitMessagePattern**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0CommitMessagePatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderrulesitems0commitmessagepatternitems0)]|Parameters to be used for the commit_message_pattern rule.||
+|**committerEmailPattern**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0CommitterEmailPatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderrulesitems0committeremailpatternitems0)]|Parameters to be used for the committer_email_pattern rule.||
+|**creation**|bool|Only allow users with bypass permission to create matching refs.||
+|**deletion**|bool|Only allow users with bypass permissions to delete matching refs.||
+|**nonFastForward**|bool|Prevent users with push access from force pushing to branches.||
+|**pullRequest**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0PullRequestItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderrulesitems0pullrequestitems0)]|Require all commits be made to a non-target branch and submitted via a pull request before they can be merged.||
+|**requiredLinearHistory**|bool|Prevent merge commits from being pushed to matching branches.||
+|**requiredSignatures**|bool|Commits pushed to matching branches must have verified signatures.||
+|**requiredStatusChecks**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderrulesitems0requiredstatuschecksitems0)]|Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed.||
+|**requiredWorkflows**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredWorkflowsItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderrulesitems0requiredworkflowsitems0)]|Choose which Actions workflows must pass before branches can be merged into a branch that matches this rule.||
+|**tagNamePattern**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0TagNamePatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderrulesitems0tagnamepatternitems0)]|Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `branch_name_pattern` as it only applies to rulesets with target `tag`.||
+|**update**|bool|Only allow users with bypass permission to update matching refs.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0BranchNamePatternItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec for provider rules items0 branch name pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|How this rule will appear to users.||
+|**negate**|bool|If true, the rule will fail if the pattern matches.||
+|**operator**|str|The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|The pattern to match with.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0CommitAuthorEmailPatternItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec for provider rules items0 commit author email pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|How this rule will appear to users.||
+|**negate**|bool|If true, the rule will fail if the pattern matches.||
+|**operator**|str|The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|The pattern to match with.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0CommitMessagePatternItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec for provider rules items0 commit message pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|How this rule will appear to users.||
+|**negate**|bool|If true, the rule will fail if the pattern matches.||
+|**operator**|str|The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|The pattern to match with.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0CommitterEmailPatternItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec for provider rules items0 committer email pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|How this rule will appear to users.||
+|**negate**|bool|If true, the rule will fail if the pattern matches.||
+|**operator**|str|The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|The pattern to match with.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0PullRequestItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec for provider rules items0 pull request items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**dismissStaleReviewsOnPush**|bool|New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to `false`.||
+|**requireCodeOwnerReview**|bool|Require an approving review in pull requests that modify files that have a designated code owner. Defaults to `false`.||
+|**requireLastPushApproval**|bool|Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to `false`.||
+|**requiredApprovingReviewCount**|int|The number of approving reviews that are required before a pull request can be merged. Defaults to `0`.||
+|**requiredReviewThreadResolution**|bool|All conversations on code must be resolved before a pull request can be merged. Defaults to `false`.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec for provider rules items0 required status checks items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**requiredCheck**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderrulesitems0requiredstatuschecksitems0requiredcheckitems0)]|Status checks that are required. Several can be defined.||
+|**strictRequiredStatusChecksPolicy**|bool|Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to `false`.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec for provider rules items0 required status checks items0 required check items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**context**|str|The status check context name that must be present on the commit.||
+|**integrationId**|int|The optional integration ID that this status check must originate from.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredWorkflowsItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec for provider rules items0 required workflows items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**requiredWorkflow**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredWorkflowsItems0RequiredWorkflowItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecforproviderrulesitems0requiredworkflowsitems0requiredworkflowitems0)]|Actions workflows that are required. Several can be defined.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredWorkflowsItems0RequiredWorkflowItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec for provider rules items0 required workflows items0 required workflow items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**path**|str|The path to the workflow YAML definition file.||
+|**ref**|str|The ref (branch or tag) of the workflow file to use.||
+|**repositoryId**|int|The repository in which the workflow is defined.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0TagNamePatternItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec for provider rules items0 tag name pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|How this rule will appear to users.||
+|**negate**|bool|If true, the rule will fail if the pattern matches.||
+|**operator**|str|The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|The pattern to match with.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**bypassActors**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderBypassActorsItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderbypassactorsitems0)]|The actors that can bypass the rules in this ruleset.||
+|**conditions**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderConditionsItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderconditionsitems0)]|Parameters for an organization ruleset condition. `ref_name` is required alongside one of `repository_name` or `repository_id`.||
+|**enforcement**|str|Possible values for Enforcement are `disabled`, `active`, `evaluate`. Note: `evaluate` is currently only supported for owners of type `organization`.||
+|**name**|str|The name of the ruleset.||
+|**rules**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderrulesitems0)]|Rules within the ruleset.||
+|**target**|str|Possible values are `branch`, `tag` and `push`. Note: The `push` target is in beta and is subject to change.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderBypassActorsItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec init provider bypass actors items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**actorId**|int|The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`.||
+|**actorType**|str|The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.||
+|**bypassMode**|str|When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderConditionsItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec init provider conditions items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**refName**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderConditionsItems0RefNameItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderconditionsitems0refnameitems0)]|ref name||
+|**repositoryId**|[int]|The repository IDs that the ruleset applies to. One of these IDs must match for the condition to pass.||
+|**repositoryName**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderConditionsItems0RepositoryNameItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderconditionsitems0repositorynameitems0)]|repository name||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderConditionsItems0RefNameItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec init provider conditions items0 ref name items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**exclude**|[str]|Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.||
+|**include**|[str]|Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderConditionsItems0RepositoryNameItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec init provider conditions items0 repository name items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**exclude**|[str]|Array of repository names or patterns to exclude. The condition will not pass if any of these patterns match.||
+|**include**|[str]|Array of repository names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~ALL` to include all repositories.||
+|**protected**|bool|Whether renaming of target repositories is prevented.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec init provider rules items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**branchNamePattern**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0BranchNamePatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderrulesitems0branchnamepatternitems0)]|Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `tag_name_pattern` as it only applies to rulesets with target `branch`.||
+|**commitAuthorEmailPattern**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0CommitAuthorEmailPatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderrulesitems0commitauthoremailpatternitems0)]|Parameters to be used for the commit_author_email_pattern rule.||
+|**commitMessagePattern**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0CommitMessagePatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderrulesitems0commitmessagepatternitems0)]|Parameters to be used for the commit_message_pattern rule.||
+|**committerEmailPattern**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0CommitterEmailPatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderrulesitems0committeremailpatternitems0)]|Parameters to be used for the committer_email_pattern rule.||
+|**creation**|bool|Only allow users with bypass permission to create matching refs.||
+|**deletion**|bool|Only allow users with bypass permissions to delete matching refs.||
+|**nonFastForward**|bool|Prevent users with push access from force pushing to branches.||
+|**pullRequest**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0PullRequestItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderrulesitems0pullrequestitems0)]|Require all commits be made to a non-target branch and submitted via a pull request before they can be merged.||
+|**requiredLinearHistory**|bool|Prevent merge commits from being pushed to matching branches.||
+|**requiredSignatures**|bool|Commits pushed to matching branches must have verified signatures.||
+|**requiredStatusChecks**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderrulesitems0requiredstatuschecksitems0)]|Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed.||
+|**requiredWorkflows**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredWorkflowsItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderrulesitems0requiredworkflowsitems0)]|Choose which Actions workflows must pass before branches can be merged into a branch that matches this rule.||
+|**tagNamePattern**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0TagNamePatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderrulesitems0tagnamepatternitems0)]|Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `branch_name_pattern` as it only applies to rulesets with target `tag`.||
+|**update**|bool|Only allow users with bypass permission to update matching refs.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0BranchNamePatternItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec init provider rules items0 branch name pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|How this rule will appear to users.||
+|**negate**|bool|If true, the rule will fail if the pattern matches.||
+|**operator**|str|The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|The pattern to match with.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0CommitAuthorEmailPatternItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec init provider rules items0 commit author email pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|How this rule will appear to users.||
+|**negate**|bool|If true, the rule will fail if the pattern matches.||
+|**operator**|str|The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|The pattern to match with.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0CommitMessagePatternItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec init provider rules items0 commit message pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|How this rule will appear to users.||
+|**negate**|bool|If true, the rule will fail if the pattern matches.||
+|**operator**|str|The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|The pattern to match with.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0CommitterEmailPatternItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec init provider rules items0 committer email pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|How this rule will appear to users.||
+|**negate**|bool|If true, the rule will fail if the pattern matches.||
+|**operator**|str|The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|The pattern to match with.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0PullRequestItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec init provider rules items0 pull request items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**dismissStaleReviewsOnPush**|bool|New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to `false`.||
+|**requireCodeOwnerReview**|bool|Require an approving review in pull requests that modify files that have a designated code owner. Defaults to `false`.||
+|**requireLastPushApproval**|bool|Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to `false`.||
+|**requiredApprovingReviewCount**|int|The number of approving reviews that are required before a pull request can be merged. Defaults to `0`.||
+|**requiredReviewThreadResolution**|bool|All conversations on code must be resolved before a pull request can be merged. Defaults to `false`.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec init provider rules items0 required status checks items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**requiredCheck**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderrulesitems0requiredstatuschecksitems0requiredcheckitems0)]|Status checks that are required. Several can be defined.||
+|**strictRequiredStatusChecksPolicy**|bool|Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to `false`.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec init provider rules items0 required status checks items0 required check items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**context**|str|The status check context name that must be present on the commit.||
+|**integrationId**|int|The optional integration ID that this status check must originate from.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredWorkflowsItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec init provider rules items0 required workflows items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**requiredWorkflow**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredWorkflowsItems0RequiredWorkflowItems0](#enterprisegithubupboundiov1alpha1organizationrulesetspecinitproviderrulesitems0requiredworkflowsitems0requiredworkflowitems0)]|Actions workflows that are required. Several can be defined.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredWorkflowsItems0RequiredWorkflowItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec init provider rules items0 required workflows items0 required workflow items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**path**|str|The path to the workflow YAML definition file.||
+|**ref**|str|The ref (branch or tag) of the workflow file to use.||
+|**repositoryId**|int|The repository in which the workflow is defined.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0TagNamePatternItems0
+
+enterprise github upbound io v1alpha1 organization ruleset spec init provider rules items0 tag name pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|How this rule will appear to users.||
+|**negate**|bool|If true, the rule will fail if the pattern matches.||
+|**operator**|str|The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|The pattern to match with.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecProviderConfigRefPolicy](#enterprisegithubupboundiov1alpha1organizationrulesetspecproviderconfigrefpolicy)|policy||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsToConfigRef](#enterprisegithubupboundiov1alpha1organizationrulesetspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsToMetadata](#enterprisegithubupboundiov1alpha1organizationrulesetspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsToConfigRefPolicy](#enterprisegithubupboundiov1alpha1organizationrulesetspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatus
+
+OrganizationRulesetStatus defines the observed state of OrganizationRuleset.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProvider](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatprovider)|at provider||
+|**conditions**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusConditionsItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProvider
+
+enterprise github upbound io v1alpha1 organization ruleset status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**bypassActors**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderBypassActorsItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderbypassactorsitems0)]|The actors that can bypass the rules in this ruleset.||
+|**conditions**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderConditionsItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderconditionsitems0)]|Parameters for an organization ruleset condition. `ref_name` is required alongside one of `repository_name` or `repository_id`.||
+|**enforcement**|str|Possible values for Enforcement are `disabled`, `active`, `evaluate`. Note: `evaluate` is currently only supported for owners of type `organization`.||
+|**etag**|str|etag||
+|**id**|str|id||
+|**name**|str|The name of the ruleset.||
+|**nodeId**|str|GraphQL global node id for use with v4 API.||
+|**rules**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderrulesitems0)]|Rules within the ruleset.||
+|**rulesetId**|int|GitHub ID for the ruleset.||
+|**target**|str|Possible values are `branch`, `tag` and `push`. Note: The `push` target is in beta and is subject to change.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderBypassActorsItems0
+
+enterprise github upbound io v1alpha1 organization ruleset status at provider bypass actors items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**actorId**|int|The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`.||
+|**actorType**|str|The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.||
+|**bypassMode**|str|When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderConditionsItems0
+
+enterprise github upbound io v1alpha1 organization ruleset status at provider conditions items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**refName**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderConditionsItems0RefNameItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderconditionsitems0refnameitems0)]|ref name||
+|**repositoryId**|[int]|The repository IDs that the ruleset applies to. One of these IDs must match for the condition to pass.||
+|**repositoryName**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderConditionsItems0RepositoryNameItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderconditionsitems0repositorynameitems0)]|repository name||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderConditionsItems0RefNameItems0
+
+enterprise github upbound io v1alpha1 organization ruleset status at provider conditions items0 ref name items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**exclude**|[str]|Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.||
+|**include**|[str]|Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderConditionsItems0RepositoryNameItems0
+
+enterprise github upbound io v1alpha1 organization ruleset status at provider conditions items0 repository name items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**exclude**|[str]|Array of repository names or patterns to exclude. The condition will not pass if any of these patterns match.||
+|**include**|[str]|Array of repository names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~ALL` to include all repositories.||
+|**protected**|bool|Whether renaming of target repositories is prevented.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0
+
+enterprise github upbound io v1alpha1 organization ruleset status at provider rules items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**branchNamePattern**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0BranchNamePatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderrulesitems0branchnamepatternitems0)]|Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `tag_name_pattern` as it only applies to rulesets with target `branch`.||
+|**commitAuthorEmailPattern**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0CommitAuthorEmailPatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderrulesitems0commitauthoremailpatternitems0)]|Parameters to be used for the commit_author_email_pattern rule.||
+|**commitMessagePattern**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0CommitMessagePatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderrulesitems0commitmessagepatternitems0)]|Parameters to be used for the commit_message_pattern rule.||
+|**committerEmailPattern**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0CommitterEmailPatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderrulesitems0committeremailpatternitems0)]|Parameters to be used for the committer_email_pattern rule.||
+|**creation**|bool|Only allow users with bypass permission to create matching refs.||
+|**deletion**|bool|Only allow users with bypass permissions to delete matching refs.||
+|**nonFastForward**|bool|Prevent users with push access from force pushing to branches.||
+|**pullRequest**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0PullRequestItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderrulesitems0pullrequestitems0)]|Require all commits be made to a non-target branch and submitted via a pull request before they can be merged.||
+|**requiredLinearHistory**|bool|Prevent merge commits from being pushed to matching branches.||
+|**requiredSignatures**|bool|Commits pushed to matching branches must have verified signatures.||
+|**requiredStatusChecks**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderrulesitems0requiredstatuschecksitems0)]|Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed.||
+|**requiredWorkflows**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredWorkflowsItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderrulesitems0requiredworkflowsitems0)]|Choose which Actions workflows must pass before branches can be merged into a branch that matches this rule.||
+|**tagNamePattern**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0TagNamePatternItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderrulesitems0tagnamepatternitems0)]|Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `branch_name_pattern` as it only applies to rulesets with target `tag`.||
+|**update**|bool|Only allow users with bypass permission to update matching refs.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0BranchNamePatternItems0
+
+enterprise github upbound io v1alpha1 organization ruleset status at provider rules items0 branch name pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|How this rule will appear to users.||
+|**negate**|bool|If true, the rule will fail if the pattern matches.||
+|**operator**|str|The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|The pattern to match with.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0CommitAuthorEmailPatternItems0
+
+enterprise github upbound io v1alpha1 organization ruleset status at provider rules items0 commit author email pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|How this rule will appear to users.||
+|**negate**|bool|If true, the rule will fail if the pattern matches.||
+|**operator**|str|The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|The pattern to match with.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0CommitMessagePatternItems0
+
+enterprise github upbound io v1alpha1 organization ruleset status at provider rules items0 commit message pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|How this rule will appear to users.||
+|**negate**|bool|If true, the rule will fail if the pattern matches.||
+|**operator**|str|The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|The pattern to match with.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0CommitterEmailPatternItems0
+
+enterprise github upbound io v1alpha1 organization ruleset status at provider rules items0 committer email pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|How this rule will appear to users.||
+|**negate**|bool|If true, the rule will fail if the pattern matches.||
+|**operator**|str|The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|The pattern to match with.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0PullRequestItems0
+
+enterprise github upbound io v1alpha1 organization ruleset status at provider rules items0 pull request items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**dismissStaleReviewsOnPush**|bool|New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to `false`.||
+|**requireCodeOwnerReview**|bool|Require an approving review in pull requests that modify files that have a designated code owner. Defaults to `false`.||
+|**requireLastPushApproval**|bool|Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to `false`.||
+|**requiredApprovingReviewCount**|int|The number of approving reviews that are required before a pull request can be merged. Defaults to `0`.||
+|**requiredReviewThreadResolution**|bool|All conversations on code must be resolved before a pull request can be merged. Defaults to `false`.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0
+
+enterprise github upbound io v1alpha1 organization ruleset status at provider rules items0 required status checks items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**requiredCheck**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderrulesitems0requiredstatuschecksitems0requiredcheckitems0)]|Status checks that are required. Several can be defined.||
+|**strictRequiredStatusChecksPolicy**|bool|Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to `false`.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0
+
+enterprise github upbound io v1alpha1 organization ruleset status at provider rules items0 required status checks items0 required check items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**context**|str|The status check context name that must be present on the commit.||
+|**integrationId**|int|The optional integration ID that this status check must originate from.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredWorkflowsItems0
+
+enterprise github upbound io v1alpha1 organization ruleset status at provider rules items0 required workflows items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**requiredWorkflow**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredWorkflowsItems0RequiredWorkflowItems0](#enterprisegithubupboundiov1alpha1organizationrulesetstatusatproviderrulesitems0requiredworkflowsitems0requiredworkflowitems0)]|Actions workflows that are required. Several can be defined.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredWorkflowsItems0RequiredWorkflowItems0
+
+enterprise github upbound io v1alpha1 organization ruleset status at provider rules items0 required workflows items0 required workflow items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**path**|str|The path to the workflow YAML definition file.||
+|**ref**|str|The ref (branch or tag) of the workflow file to use.||
+|**repositoryId**|int|The repository in which the workflow is defined.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0TagNamePatternItems0
+
+enterprise github upbound io v1alpha1 organization ruleset status at provider rules items0 tag name pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|How this rule will appear to users.||
+|**negate**|bool|If true, the rule will fail if the pattern matches.||
+|**operator**|str|The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|The pattern to match with.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationSpec
+
+OrganizationSpec defines the desired state of Organization
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[EnterpriseGithubUpboundIoV1alpha1OrganizationSpecForProvider](#enterprisegithubupboundiov1alpha1organizationspecforprovider)|for provider||
+|**initProvider**|[EnterpriseGithubUpboundIoV1alpha1OrganizationSpecInitProvider](#enterprisegithubupboundiov1alpha1organizationspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[EnterpriseGithubUpboundIoV1alpha1OrganizationSpecProviderConfigRef](#enterprisegithubupboundiov1alpha1organizationspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsTo](#enterprisegithubupboundiov1alpha1organizationspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[EnterpriseGithubUpboundIoV1alpha1OrganizationSpecWriteConnectionSecretToRef](#enterprisegithubupboundiov1alpha1organizationspecwriteconnectionsecrettoref)|write connection secret to ref||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationSpecForProvider
+
+enterprise github upbound io v1alpha1 organization spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**adminLogins**|[str]|List of organization owner usernames.
List of organization owner usernames.||
+|**billingEmail**|str|The billing email address.
The billing email address.||
+|**description**|str|The description of the organization.
The description of the organization.||
+|**displayName**|str|The display name of the organization.
The display name of the organization.||
+|**enterpriseId**|str|The ID of the enterprise.
The ID of the enterprise.||
+|**name**|str|The name of the organization.
The name of the organization.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**adminLogins**|[str]|List of organization owner usernames.
List of organization owner usernames.||
+|**billingEmail**|str|The billing email address.
The billing email address.||
+|**description**|str|The description of the organization.
The description of the organization.||
+|**displayName**|str|The display name of the organization.
The display name of the organization.||
+|**enterpriseId**|str|The ID of the enterprise.
The ID of the enterprise.||
+|**name**|str|The name of the organization.
The name of the organization.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[EnterpriseGithubUpboundIoV1alpha1OrganizationSpecProviderConfigRefPolicy](#enterprisegithubupboundiov1alpha1organizationspecproviderconfigrefpolicy)|policy||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsToConfigRef](#enterprisegithubupboundiov1alpha1organizationspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsToMetadata](#enterprisegithubupboundiov1alpha1organizationspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsToConfigRefPolicy](#enterprisegithubupboundiov1alpha1organizationspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationStatus
+
+OrganizationStatus defines the observed state of Organization.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[EnterpriseGithubUpboundIoV1alpha1OrganizationStatusAtProvider](#enterprisegithubupboundiov1alpha1organizationstatusatprovider)|at provider||
+|**conditions**|[[EnterpriseGithubUpboundIoV1alpha1OrganizationStatusConditionsItems0](#enterprisegithubupboundiov1alpha1organizationstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationStatusAtProvider
+
+enterprise github upbound io v1alpha1 organization status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**adminLogins**|[str]|List of organization owner usernames.
List of organization owner usernames.||
+|**billingEmail**|str|The billing email address.
The billing email address.||
+|**databaseId**|int|The ID of the organization.
The database ID of the organization.||
+|**description**|str|The description of the organization.
The description of the organization.||
+|**displayName**|str|The display name of the organization.
The display name of the organization.||
+|**enterpriseId**|str|The ID of the enterprise.
The ID of the enterprise.||
+|**id**|str|The node ID of the organization for use with the v4 API.||
+|**name**|str|The name of the organization.
The name of the organization.||
+### EnterpriseGithubUpboundIoV1alpha1OrganizationStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### Environment
+
+Environment is the Schema for the Environments API. Creates and manages environments for GitHub repositories
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"repo.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"repo.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"Environment"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"Environment"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[RepoGithubUpboundIoV1alpha1EnvironmentSpec](#repogithubupboundiov1alpha1environmentspec)|spec||
+|**status**|[RepoGithubUpboundIoV1alpha1EnvironmentStatus](#repogithubupboundiov1alpha1environmentstatus)|status||
+### EnvironmentDeploymentPolicy
+
+EnvironmentDeploymentPolicy is the Schema for the EnvironmentDeploymentPolicys API. Creates and manages environment deployment branch policies for GitHub repositories
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"repo.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"repo.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"EnvironmentDeploymentPolicy"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"EnvironmentDeploymentPolicy"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpec](#repogithubupboundiov1alpha1environmentdeploymentpolicyspec)|spec||
+|**status**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicyStatus](#repogithubupboundiov1alpha1environmentdeploymentpolicystatus)|status||
+### EnvironmentSecret
+
+EnvironmentSecret is the Schema for the EnvironmentSecrets API. Creates and manages an Action Secret within a GitHub repository environment
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"actions.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"actions.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"EnvironmentSecret"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"EnvironmentSecret"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpec](#actionsgithubupboundiov1alpha1environmentsecretspec)|spec||
+|**status**|[ActionsGithubUpboundIoV1alpha1EnvironmentSecretStatus](#actionsgithubupboundiov1alpha1environmentsecretstatus)|status||
+### EnvironmentVariable
+
+EnvironmentVariable is the Schema for the EnvironmentVariables API. Creates and manages an Action variable within a GitHub repository environment
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"actions.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"actions.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"EnvironmentVariable"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"EnvironmentVariable"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpec](#actionsgithubupboundiov1alpha1environmentvariablespec)|spec||
+|**status**|[ActionsGithubUpboundIoV1alpha1EnvironmentVariableStatus](#actionsgithubupboundiov1alpha1environmentvariablestatus)|status||
+### GithubUpboundIoV1alpha1StoreConfigSpec
+
+A StoreConfigSpec defines the desired state of a ProviderConfig.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**defaultScope** `required`|str|DefaultScope used for scoping secrets for "cluster-scoped" resources.
If store type is "Kubernetes", this would mean the default namespace to
store connection secrets for cluster scoped resources.
In case of "Vault", this would be used as the default parent path.
Typically, should be set as Crossplane installation namespace.||
+|**kubernetes**|[GithubUpboundIoV1alpha1StoreConfigSpecKubernetes](#githubupboundiov1alpha1storeconfigspeckubernetes)|kubernetes||
+|**plugin**|[GithubUpboundIoV1alpha1StoreConfigSpecPlugin](#githubupboundiov1alpha1storeconfigspecplugin)|plugin||
+|**type**|"Kubernetes" | "Vault" | "Plugin"||"Kubernetes"|
+### GithubUpboundIoV1alpha1StoreConfigSpecKubernetes
+
+Kubernetes configures a Kubernetes secret store. If the "type" is "Kubernetes" but no config provided, in cluster config will be used.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**auth** `required`|[GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuth](#githubupboundiov1alpha1storeconfigspeckubernetesauth)|auth||
+### GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuth
+
+Credentials used to connect to the Kubernetes API.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**env**|[GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuthEnv](#githubupboundiov1alpha1storeconfigspeckubernetesauthenv)|env||
+|**fs**|[GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuthFs](#githubupboundiov1alpha1storeconfigspeckubernetesauthfs)|fs||
+|**secretRef**|[GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuthSecretRef](#githubupboundiov1alpha1storeconfigspeckubernetesauthsecretref)|secret ref||
+|**source** `required`|"None" | "Secret" | "Environment" | "Filesystem"|Source of the credentials.||
+### GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuthEnv
+
+Env is a reference to an environment variable that contains credentials that must be used to connect to the provider.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name is the name of an environment variable.||
+### GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuthFs
+
+Fs is a reference to a filesystem location that contains credentials that must be used to connect to the provider.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**path** `required`|str|Path is a filesystem path.||
+### GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuthSecretRef
+
+A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key to select.||
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### GithubUpboundIoV1alpha1StoreConfigSpecPlugin
+
+Plugin configures External secret store as a plugin.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[GithubUpboundIoV1alpha1StoreConfigSpecPluginConfigRef](#githubupboundiov1alpha1storeconfigspecpluginconfigref)|config ref||
+|**endpoint**|str|Endpoint is the endpoint of the gRPC server.||
+### GithubUpboundIoV1alpha1StoreConfigSpecPluginConfigRef
+
+ConfigRef contains store config reference info.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required`|str|APIVersion of the referenced config.||
+|**kind** `required`|str|Kind of the referenced config.||
+|**name** `required`|str|Name of the referenced config.||
+### GithubUpboundIoV1alpha1StoreConfigStatus
+
+A StoreConfigStatus represents the status of a StoreConfig.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**conditions**|[[GithubUpboundIoV1alpha1StoreConfigStatusConditionsItems0](#githubupboundiov1alpha1storeconfigstatusconditionsitems0)]|Conditions of the resource.||
+### GithubUpboundIoV1alpha1StoreConfigStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### IssueLabels
+
+IssueLabels is the Schema for the IssueLabelss API. Provides GitHub issue labels resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"repo.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"repo.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"IssueLabels"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"IssueLabels"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[RepoGithubUpboundIoV1alpha1IssueLabelsSpec](#repogithubupboundiov1alpha1issuelabelsspec)|spec||
+|**status**|[RepoGithubUpboundIoV1alpha1IssueLabelsStatus](#repogithubupboundiov1alpha1issuelabelsstatus)|status||
+### Members
+
+Members is the Schema for the Memberss API. Provides an authoritative GitHub team members resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"team.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"team.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"Members"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"Members"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[TeamGithubUpboundIoV1alpha1MembersSpec](#teamgithubupboundiov1alpha1membersspec)|spec||
+|**status**|[TeamGithubUpboundIoV1alpha1MembersStatus](#teamgithubupboundiov1alpha1membersstatus)|status||
+### Membership
+
+Membership is the Schema for the Memberships API. Provides a GitHub membership resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"user.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"user.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"Membership"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"Membership"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[UserGithubUpboundIoV1alpha1MembershipSpec](#usergithubupboundiov1alpha1membershipspec)|spec||
+|**status**|[UserGithubUpboundIoV1alpha1MembershipStatus](#usergithubupboundiov1alpha1membershipstatus)|status||
+### Organization
+
+Organization is the Schema for the Organizations API. Create and manages a GitHub enterprise organization.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"enterprise.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"enterprise.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"Organization"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"Organization"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[EnterpriseGithubUpboundIoV1alpha1OrganizationSpec](#enterprisegithubupboundiov1alpha1organizationspec)|spec||
+|**status**|[EnterpriseGithubUpboundIoV1alpha1OrganizationStatus](#enterprisegithubupboundiov1alpha1organizationstatus)|status||
+### OrganizationActionsSecret
+
+OrganizationActionsSecret is the Schema for the OrganizationActionsSecrets API. Creates and manages an Action Secret within a GitHub organization
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"actions.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"actions.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"OrganizationActionsSecret"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"OrganizationActionsSecret"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpec](#actionsgithubupboundiov1alpha1organizationactionssecretspec)|spec||
+|**status**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretStatus](#actionsgithubupboundiov1alpha1organizationactionssecretstatus)|status||
+### OrganizationActionsVariable
+
+OrganizationActionsVariable is the Schema for the OrganizationActionsVariables API. Creates and manages an Action variable within a GitHub organization
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"actions.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"actions.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"OrganizationActionsVariable"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"OrganizationActionsVariable"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpec](#actionsgithubupboundiov1alpha1organizationactionsvariablespec)|spec||
+|**status**|[ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableStatus](#actionsgithubupboundiov1alpha1organizationactionsvariablestatus)|status||
+### OrganizationPermissions
+
+OrganizationPermissions is the Schema for the OrganizationPermissionss API. Creates and manages Actions permissions within a GitHub organization
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"actions.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"actions.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"OrganizationPermissions"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"OrganizationPermissions"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpec](#actionsgithubupboundiov1alpha1organizationpermissionsspec)|spec||
+|**status**|[ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatus](#actionsgithubupboundiov1alpha1organizationpermissionsstatus)|status||
+### OrganizationRuleset
+
+OrganizationRuleset is the Schema for the OrganizationRulesets API.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"enterprise.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"enterprise.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"OrganizationRuleset"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"OrganizationRuleset"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpec](#enterprisegithubupboundiov1alpha1organizationrulesetspec)|spec||
+|**status**|[EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatus](#enterprisegithubupboundiov1alpha1organizationrulesetstatus)|status||
+### PullRequest
+
+PullRequest is the Schema for the PullRequests API. Get information on a single GitHub Pull Request.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"repo.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"repo.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"PullRequest"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"PullRequest"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[RepoGithubUpboundIoV1alpha1PullRequestSpec](#repogithubupboundiov1alpha1pullrequestspec)|spec||
+|**status**|[RepoGithubUpboundIoV1alpha1PullRequestStatus](#repogithubupboundiov1alpha1pullrequeststatus)|status||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpec
+
+BranchProtectionSpec defines the desired state of BranchProtection
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProvider](#repogithubupboundiov1alpha1branchprotectionspecforprovider)|for provider||
+|**initProvider**|[RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProvider](#repogithubupboundiov1alpha1branchprotectionspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[RepoGithubUpboundIoV1alpha1BranchProtectionSpecProviderConfigRef](#repogithubupboundiov1alpha1branchprotectionspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1branchprotectionspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[RepoGithubUpboundIoV1alpha1BranchProtectionSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1branchprotectionspecwriteconnectionsecrettoref)|write connection secret to ref||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProvider
+
+repo github upbound io v1alpha1 branch protection spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**allowsDeletions**|bool|Boolean, setting this to true to allow the branch to be deleted.
Setting this to 'true' to allow the branch to be deleted.||
+|**allowsForcePushes**|bool|Boolean, setting this to true to allow force pushes on the branch to everyone. Set it to false if you specify force_push_bypassers.
Setting this to 'true' to allow force pushes on the branch.||
+|**enforceAdmins**|bool|Boolean, setting this to true enforces status checks for repository administrators.
Setting this to 'true' enforces status checks for repository administrators.||
+|**forcePushBypassers**|[str]|The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, allows_force_pushes should be set to false.
The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.||
+|**lockBranch**|bool|Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
Setting this to 'true' will make the branch read-only and preventing any pushes to it.||
+|**pattern**|str|Identifies the protection rule pattern.
Identifies the protection rule pattern.||
+|**repositoryId**|str|The name or node ID of the repository associated with this branch protection rule.
The name or node ID of the repository associated with this branch protection rule.||
+|**repositoryIdRef**|[RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDRef](#repogithubupboundiov1alpha1branchprotectionspecforproviderrepositoryidref)|repository Id ref||
+|**repositoryIdSelector**|[RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDSelector](#repogithubupboundiov1alpha1branchprotectionspecforproviderrepositoryidselector)|repository Id selector||
+|**requireConversationResolution**|bool|Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
Setting this to 'true' requires all conversations on code must be resolved before a pull request can be merged.||
+|**requireSignedCommits**|bool|Boolean, setting this to true requires all commits to be signed with GPG.
Setting this to 'true' requires all commits to be signed with GPG.||
+|**requiredLinearHistory**|bool|Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
Setting this to 'true' enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch.||
+|**requiredPullRequestReviews**|[[RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRequiredPullRequestReviewsItems0](#repogithubupboundiov1alpha1branchprotectionspecforproviderrequiredpullrequestreviewsitems0)]|Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
Enforce restrictions for pull request reviews.||
+|**requiredStatusChecks**|[[RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRequiredStatusChecksItems0](#repogithubupboundiov1alpha1branchprotectionspecforproviderrequiredstatuschecksitems0)]|Enforce restrictions for required status checks. See Required Status Checks below for details.
Enforce restrictions for required status checks.||
+|**restrictPushes**|[[RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRestrictPushesItems0](#repogithubupboundiov1alpha1branchprotectionspecforproviderrestrictpushesitems0)]|Restrict pushes to matching branches. See Restrict Pushes below for details.
Restrict who can push to matching branches.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDRef
+
+Reference to a Repository in repo to populate repositoryId.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDRefPolicy](#repogithubupboundiov1alpha1branchprotectionspecforproviderrepositoryidrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDSelector
+
+Selector for a Repository in repo to populate repositoryId.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDSelectorPolicy](#repogithubupboundiov1alpha1branchprotectionspecforproviderrepositoryidselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRequiredPullRequestReviewsItems0
+
+repo github upbound io v1alpha1 branch protection spec for provider required pull request reviews items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**dismissStaleReviews**|bool|: Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
Dismiss approved reviews automatically when a new commit is pushed.||
+|**dismissalRestrictions**|[str]|: The list of actor Names/IDs with dismissal access. If not empty, restrict_dismissals is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
The list of actor Names/IDs with dismissal access. If not empty, 'restrict_dismissals' is ignored. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.||
+|**pullRequestBypassers**|[str]|: The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.||
+|**requireCodeOwnerReviews**|bool|: Require an approved review in pull requests including files with a designated code owner. Defaults to false.
Require an approved review in pull requests including files with a designated code owner.||
+|**requireLastPushApproval**|bool|: Require that The most recent push must be approved by someone other than the last pusher. Defaults to false
Require that The most recent push must be approved by someone other than the last pusher.||
+|**requiredApprovingReviewCount**|int|6. This requirement matches GitHub's API, see the upstream documentation for more information.
(https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
Require 'x' number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6.||
+|**restrictDismissals**|bool|: Restrict pull request review dismissals.
Restrict pull request review dismissals.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRequiredStatusChecksItems0
+
+repo github upbound io v1alpha1 branch protection spec for provider required status checks items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**contexts**|[str]|: The list of status checks to require in order to merge into this branch. No status checks are required by default.
The list of status checks to require in order to merge into this branch. No status checks are required by default.||
+|**strict**|bool|: Require branches to be up to date before merging. Defaults to false.
Require branches to be up to date before merging.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRestrictPushesItems0
+
+repo github upbound io v1alpha1 branch protection spec for provider restrict pushes items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**blocksCreations**|bool|Boolean, setting this to false allows people, teams, or apps to create new branches matching this rule. Defaults to true.
Restrict pushes that create matching branches.||
+|**pushAllowances**|[str]|A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed.
The list of actor Names/IDs that may push to the branch. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**allowsDeletions**|bool|Boolean, setting this to true to allow the branch to be deleted.
Setting this to 'true' to allow the branch to be deleted.||
+|**allowsForcePushes**|bool|Boolean, setting this to true to allow force pushes on the branch to everyone. Set it to false if you specify force_push_bypassers.
Setting this to 'true' to allow force pushes on the branch.||
+|**enforceAdmins**|bool|Boolean, setting this to true enforces status checks for repository administrators.
Setting this to 'true' enforces status checks for repository administrators.||
+|**forcePushBypassers**|[str]|The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, allows_force_pushes should be set to false.
The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.||
+|**lockBranch**|bool|Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
Setting this to 'true' will make the branch read-only and preventing any pushes to it.||
+|**pattern**|str|Identifies the protection rule pattern.
Identifies the protection rule pattern.||
+|**repositoryId**|str|The name or node ID of the repository associated with this branch protection rule.
The name or node ID of the repository associated with this branch protection rule.||
+|**repositoryIdRef**|[RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDRef](#repogithubupboundiov1alpha1branchprotectionspecinitproviderrepositoryidref)|repository Id ref||
+|**repositoryIdSelector**|[RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDSelector](#repogithubupboundiov1alpha1branchprotectionspecinitproviderrepositoryidselector)|repository Id selector||
+|**requireConversationResolution**|bool|Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
Setting this to 'true' requires all conversations on code must be resolved before a pull request can be merged.||
+|**requireSignedCommits**|bool|Boolean, setting this to true requires all commits to be signed with GPG.
Setting this to 'true' requires all commits to be signed with GPG.||
+|**requiredLinearHistory**|bool|Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
Setting this to 'true' enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch.||
+|**requiredPullRequestReviews**|[[RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRequiredPullRequestReviewsItems0](#repogithubupboundiov1alpha1branchprotectionspecinitproviderrequiredpullrequestreviewsitems0)]|Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
Enforce restrictions for pull request reviews.||
+|**requiredStatusChecks**|[[RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRequiredStatusChecksItems0](#repogithubupboundiov1alpha1branchprotectionspecinitproviderrequiredstatuschecksitems0)]|Enforce restrictions for required status checks. See Required Status Checks below for details.
Enforce restrictions for required status checks.||
+|**restrictPushes**|[[RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRestrictPushesItems0](#repogithubupboundiov1alpha1branchprotectionspecinitproviderrestrictpushesitems0)]|Restrict pushes to matching branches. See Restrict Pushes below for details.
Restrict who can push to matching branches.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDRef
+
+Reference to a Repository in repo to populate repositoryId.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDRefPolicy](#repogithubupboundiov1alpha1branchprotectionspecinitproviderrepositoryidrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDSelector
+
+Selector for a Repository in repo to populate repositoryId.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDSelectorPolicy](#repogithubupboundiov1alpha1branchprotectionspecinitproviderrepositoryidselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRequiredPullRequestReviewsItems0
+
+repo github upbound io v1alpha1 branch protection spec init provider required pull request reviews items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**dismissStaleReviews**|bool|: Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
Dismiss approved reviews automatically when a new commit is pushed.||
+|**dismissalRestrictions**|[str]|: The list of actor Names/IDs with dismissal access. If not empty, restrict_dismissals is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
The list of actor Names/IDs with dismissal access. If not empty, 'restrict_dismissals' is ignored. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.||
+|**pullRequestBypassers**|[str]|: The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.||
+|**requireCodeOwnerReviews**|bool|: Require an approved review in pull requests including files with a designated code owner. Defaults to false.
Require an approved review in pull requests including files with a designated code owner.||
+|**requireLastPushApproval**|bool|: Require that The most recent push must be approved by someone other than the last pusher. Defaults to false
Require that The most recent push must be approved by someone other than the last pusher.||
+|**requiredApprovingReviewCount**|int|6. This requirement matches GitHub's API, see the upstream documentation for more information.
(https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
Require 'x' number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6.||
+|**restrictDismissals**|bool|: Restrict pull request review dismissals.
Restrict pull request review dismissals.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRequiredStatusChecksItems0
+
+repo github upbound io v1alpha1 branch protection spec init provider required status checks items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**contexts**|[str]|: The list of status checks to require in order to merge into this branch. No status checks are required by default.
The list of status checks to require in order to merge into this branch. No status checks are required by default.||
+|**strict**|bool|: Require branches to be up to date before merging. Defaults to false.
Require branches to be up to date before merging.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRestrictPushesItems0
+
+repo github upbound io v1alpha1 branch protection spec init provider restrict pushes items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**blocksCreations**|bool|Boolean, setting this to false allows people, teams, or apps to create new branches matching this rule. Defaults to true.
Restrict pushes that create matching branches.||
+|**pushAllowances**|[str]|A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed.
The list of actor Names/IDs that may push to the branch. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1BranchProtectionSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1branchprotectionspecproviderconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1branchprotectionspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1branchprotectionspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1branchprotectionspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### RepoGithubUpboundIoV1alpha1BranchProtectionSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionStatus
+
+BranchProtectionStatus defines the observed state of BranchProtection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProvider](#repogithubupboundiov1alpha1branchprotectionstatusatprovider)|at provider||
+|**conditions**|[[RepoGithubUpboundIoV1alpha1BranchProtectionStatusConditionsItems0](#repogithubupboundiov1alpha1branchprotectionstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProvider
+
+repo github upbound io v1alpha1 branch protection status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**allowsDeletions**|bool|Boolean, setting this to true to allow the branch to be deleted.
Setting this to 'true' to allow the branch to be deleted.||
+|**allowsForcePushes**|bool|Boolean, setting this to true to allow force pushes on the branch to everyone. Set it to false if you specify force_push_bypassers.
Setting this to 'true' to allow force pushes on the branch.||
+|**enforceAdmins**|bool|Boolean, setting this to true enforces status checks for repository administrators.
Setting this to 'true' enforces status checks for repository administrators.||
+|**forcePushBypassers**|[str]|The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, allows_force_pushes should be set to false.
The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.||
+|**id**|str|id||
+|**lockBranch**|bool|Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
Setting this to 'true' will make the branch read-only and preventing any pushes to it.||
+|**pattern**|str|Identifies the protection rule pattern.
Identifies the protection rule pattern.||
+|**repositoryId**|str|The name or node ID of the repository associated with this branch protection rule.
The name or node ID of the repository associated with this branch protection rule.||
+|**requireConversationResolution**|bool|Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
Setting this to 'true' requires all conversations on code must be resolved before a pull request can be merged.||
+|**requireSignedCommits**|bool|Boolean, setting this to true requires all commits to be signed with GPG.
Setting this to 'true' requires all commits to be signed with GPG.||
+|**requiredLinearHistory**|bool|Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
Setting this to 'true' enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch.||
+|**requiredPullRequestReviews**|[[RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProviderRequiredPullRequestReviewsItems0](#repogithubupboundiov1alpha1branchprotectionstatusatproviderrequiredpullrequestreviewsitems0)]|Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
Enforce restrictions for pull request reviews.||
+|**requiredStatusChecks**|[[RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProviderRequiredStatusChecksItems0](#repogithubupboundiov1alpha1branchprotectionstatusatproviderrequiredstatuschecksitems0)]|Enforce restrictions for required status checks. See Required Status Checks below for details.
Enforce restrictions for required status checks.||
+|**restrictPushes**|[[RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProviderRestrictPushesItems0](#repogithubupboundiov1alpha1branchprotectionstatusatproviderrestrictpushesitems0)]|Restrict pushes to matching branches. See Restrict Pushes below for details.
Restrict who can push to matching branches.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProviderRequiredPullRequestReviewsItems0
+
+repo github upbound io v1alpha1 branch protection status at provider required pull request reviews items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**dismissStaleReviews**|bool|: Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
Dismiss approved reviews automatically when a new commit is pushed.||
+|**dismissalRestrictions**|[str]|: The list of actor Names/IDs with dismissal access. If not empty, restrict_dismissals is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
The list of actor Names/IDs with dismissal access. If not empty, 'restrict_dismissals' is ignored. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.||
+|**pullRequestBypassers**|[str]|: The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.||
+|**requireCodeOwnerReviews**|bool|: Require an approved review in pull requests including files with a designated code owner. Defaults to false.
Require an approved review in pull requests including files with a designated code owner.||
+|**requireLastPushApproval**|bool|: Require that The most recent push must be approved by someone other than the last pusher. Defaults to false
Require that The most recent push must be approved by someone other than the last pusher.||
+|**requiredApprovingReviewCount**|int|6. This requirement matches GitHub's API, see the upstream documentation for more information.
(https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
Require 'x' number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6.||
+|**restrictDismissals**|bool|: Restrict pull request review dismissals.
Restrict pull request review dismissals.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProviderRequiredStatusChecksItems0
+
+repo github upbound io v1alpha1 branch protection status at provider required status checks items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**contexts**|[str]|: The list of status checks to require in order to merge into this branch. No status checks are required by default.
The list of status checks to require in order to merge into this branch. No status checks are required by default.||
+|**strict**|bool|: Require branches to be up to date before merging. Defaults to false.
Require branches to be up to date before merging.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProviderRestrictPushesItems0
+
+repo github upbound io v1alpha1 branch protection status at provider restrict pushes items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**blocksCreations**|bool|Boolean, setting this to false allows people, teams, or apps to create new branches matching this rule. Defaults to true.
Restrict pushes that create matching branches.||
+|**pushAllowances**|[str]|A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed.
The list of actor Names/IDs that may push to the branch. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3Spec
+
+BranchProtectionv3Spec defines the desired state of BranchProtectionv3
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProvider](#repogithubupboundiov1alpha1branchprotectionv3specforprovider)|for provider||
+|**initProvider**|[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProvider](#repogithubupboundiov1alpha1branchprotectionv3specinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecProviderConfigRef](#repogithubupboundiov1alpha1branchprotectionv3specproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1branchprotectionv3specpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1branchprotectionv3specwriteconnectionsecrettoref)|write connection secret to ref||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProvider
+
+repo github upbound io v1alpha1 branch protectionv3 spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**branch**|str|The Git branch to protect.
The Git branch to protect.||
+|**enforceAdmins**|bool|Boolean, setting this to true enforces status checks for repository administrators.
Setting this to 'true' enforces status checks for repository administrators.||
+|**repository**|str|The GitHub repository name.
The GitHub repository name.||
+|**repositoryRef**|[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositoryRef](#repogithubupboundiov1alpha1branchprotectionv3specforproviderrepositoryref)|repository ref||
+|**repositorySelector**|[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositorySelector](#repogithubupboundiov1alpha1branchprotectionv3specforproviderrepositoryselector)|repository selector||
+|**requireConversationResolution**|bool|Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
Setting this to 'true' requires all conversations on code must be resolved before a pull request can be merged.||
+|**requireSignedCommits**|bool|Boolean, setting this to true requires all commits to be signed with GPG.
Setting this to 'true' requires all commits to be signed with GPG.||
+|**requiredPullRequestReviews**|[[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRequiredPullRequestReviewsItems0](#repogithubupboundiov1alpha1branchprotectionv3specforproviderrequiredpullrequestreviewsitems0)]|Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
Enforce restrictions for pull request reviews.||
+|**requiredStatusChecks**|[[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRequiredStatusChecksItems0](#repogithubupboundiov1alpha1branchprotectionv3specforproviderrequiredstatuschecksitems0)]|Enforce restrictions for required status checks. See Required Status Checks below for details.
Enforce restrictions for required status checks.||
+|**restrictions**|[[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRestrictionsItems0](#repogithubupboundiov1alpha1branchprotectionv3specforproviderrestrictionsitems0)]|Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
Enforce restrictions for the users and teams that may push to the branch.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1branchprotectionv3specforproviderrepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1branchprotectionv3specforproviderrepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRequiredPullRequestReviewsItems0
+
+repo github upbound io v1alpha1 branch protectionv3 spec for provider required pull request reviews items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**bypassPullRequestAllowances**|[[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRequiredPullRequestReviewsItems0BypassPullRequestAllowancesItems0](#repogithubupboundiov1alpha1branchprotectionv3specforproviderrequiredpullrequestreviewsitems0bypasspullrequestallowancesitems0)]|: Allow specific users, teams, or apps to bypass pull request requirements. See Bypass Pull Request Allowances below for details.||
+|**dismissStaleReviews**|bool|: Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
Dismiss approved reviews automatically when a new commit is pushed.||
+|**dismissalApps**|[str]|: The list of app slugs with dismissal access.
The list of apps slugs with dismissal access. Always use slug of the app, not its name. Each app already has to have access to the repository.||
+|**dismissalTeams**|[str]|: The list of team slugs with dismissal access.
Always use slug of the team, not its name. Each team already has to have access to the repository.
The list of team slugs with dismissal access. Always use slug of the team, not its name. Each team already has to have access to the repository.||
+|**dismissalUsers**|[str]|: The list of user logins with dismissal access
The list of user logins with dismissal access.||
+|**includeAdmins**|bool|include admins||
+|**requireCodeOwnerReviews**|bool|: Require an approved review in pull requests including files with a designated code owner. Defaults to false.
Require an approved review in pull requests including files with a designated code owner.||
+|**requireLastPushApproval**|bool|: Require that the most recent push must be approved by someone other than the last pusher. Defaults to false
Require that the most recent push must be approved by someone other than the last pusher.||
+|**requiredApprovingReviewCount**|int|6. This requirement matches GitHub's API, see the upstream documentation for more information.
Require 'x' number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRequiredPullRequestReviewsItems0BypassPullRequestAllowancesItems0
+
+repo github upbound io v1alpha1 branch protectionv3 spec for provider required pull request reviews items0 bypass pull request allowances items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apps**|[str]|: The list of app slugs with push access.||
+|**teams**|[str]|: The list of team slugs with push access.
Always use slug of the team, not its name. Each team already has to have access to the repository.||
+|**users**|[str]|: The list of user logins with push access.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRequiredStatusChecksItems0
+
+repo github upbound io v1alpha1 branch protectionv3 spec for provider required status checks items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**checks**|[str]|: The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".
The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the 'context' and 'app_id' like so 'context:app_id'||
+|**contexts**|[str]|: [DEPRECATED] The list of status checks to require in order to merge into this branch. No status checks are required by default.||
+|**includeAdmins**|bool|include admins||
+|**strict**|bool|: Require branches to be up to date before merging. Defaults to false.
Require branches to be up to date before merging.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRestrictionsItems0
+
+repo github upbound io v1alpha1 branch protectionv3 spec for provider restrictions items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apps**|[str]|: The list of app slugs with push access.
The list of app slugs with push access.||
+|**teams**|[str]|: The list of team slugs with push access.
Always use slug of the team, not its name. Each team already has to have access to the repository.
The list of team slugs with push access. Always use slug of the team, not its name. Each team already has to have access to the repository.||
+|**users**|[str]|: The list of user logins with push access.
The list of user logins with push access.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**branch**|str|The Git branch to protect.
The Git branch to protect.||
+|**enforceAdmins**|bool|Boolean, setting this to true enforces status checks for repository administrators.
Setting this to 'true' enforces status checks for repository administrators.||
+|**repository**|str|The GitHub repository name.
The GitHub repository name.||
+|**repositoryRef**|[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositoryRef](#repogithubupboundiov1alpha1branchprotectionv3specinitproviderrepositoryref)|repository ref||
+|**repositorySelector**|[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositorySelector](#repogithubupboundiov1alpha1branchprotectionv3specinitproviderrepositoryselector)|repository selector||
+|**requireConversationResolution**|bool|Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
Setting this to 'true' requires all conversations on code must be resolved before a pull request can be merged.||
+|**requireSignedCommits**|bool|Boolean, setting this to true requires all commits to be signed with GPG.
Setting this to 'true' requires all commits to be signed with GPG.||
+|**requiredPullRequestReviews**|[[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRequiredPullRequestReviewsItems0](#repogithubupboundiov1alpha1branchprotectionv3specinitproviderrequiredpullrequestreviewsitems0)]|Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
Enforce restrictions for pull request reviews.||
+|**requiredStatusChecks**|[[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRequiredStatusChecksItems0](#repogithubupboundiov1alpha1branchprotectionv3specinitproviderrequiredstatuschecksitems0)]|Enforce restrictions for required status checks. See Required Status Checks below for details.
Enforce restrictions for required status checks.||
+|**restrictions**|[[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRestrictionsItems0](#repogithubupboundiov1alpha1branchprotectionv3specinitproviderrestrictionsitems0)]|Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
Enforce restrictions for the users and teams that may push to the branch.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1branchprotectionv3specinitproviderrepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1branchprotectionv3specinitproviderrepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRequiredPullRequestReviewsItems0
+
+repo github upbound io v1alpha1 branch protectionv3 spec init provider required pull request reviews items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**bypassPullRequestAllowances**|[[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRequiredPullRequestReviewsItems0BypassPullRequestAllowancesItems0](#repogithubupboundiov1alpha1branchprotectionv3specinitproviderrequiredpullrequestreviewsitems0bypasspullrequestallowancesitems0)]|: Allow specific users, teams, or apps to bypass pull request requirements. See Bypass Pull Request Allowances below for details.||
+|**dismissStaleReviews**|bool|: Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
Dismiss approved reviews automatically when a new commit is pushed.||
+|**dismissalApps**|[str]|: The list of app slugs with dismissal access.
The list of apps slugs with dismissal access. Always use slug of the app, not its name. Each app already has to have access to the repository.||
+|**dismissalTeams**|[str]|: The list of team slugs with dismissal access.
Always use slug of the team, not its name. Each team already has to have access to the repository.
The list of team slugs with dismissal access. Always use slug of the team, not its name. Each team already has to have access to the repository.||
+|**dismissalUsers**|[str]|: The list of user logins with dismissal access
The list of user logins with dismissal access.||
+|**includeAdmins**|bool|include admins||
+|**requireCodeOwnerReviews**|bool|: Require an approved review in pull requests including files with a designated code owner. Defaults to false.
Require an approved review in pull requests including files with a designated code owner.||
+|**requireLastPushApproval**|bool|: Require that the most recent push must be approved by someone other than the last pusher. Defaults to false
Require that the most recent push must be approved by someone other than the last pusher.||
+|**requiredApprovingReviewCount**|int|6. This requirement matches GitHub's API, see the upstream documentation for more information.
Require 'x' number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRequiredPullRequestReviewsItems0BypassPullRequestAllowancesItems0
+
+repo github upbound io v1alpha1 branch protectionv3 spec init provider required pull request reviews items0 bypass pull request allowances items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apps**|[str]|: The list of app slugs with push access.||
+|**teams**|[str]|: The list of team slugs with push access.
Always use slug of the team, not its name. Each team already has to have access to the repository.||
+|**users**|[str]|: The list of user logins with push access.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRequiredStatusChecksItems0
+
+repo github upbound io v1alpha1 branch protectionv3 spec init provider required status checks items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**checks**|[str]|: The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".
The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the 'context' and 'app_id' like so 'context:app_id'||
+|**contexts**|[str]|: [DEPRECATED] The list of status checks to require in order to merge into this branch. No status checks are required by default.||
+|**includeAdmins**|bool|include admins||
+|**strict**|bool|: Require branches to be up to date before merging. Defaults to false.
Require branches to be up to date before merging.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRestrictionsItems0
+
+repo github upbound io v1alpha1 branch protectionv3 spec init provider restrictions items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apps**|[str]|: The list of app slugs with push access.
The list of app slugs with push access.||
+|**teams**|[str]|: The list of team slugs with push access.
Always use slug of the team, not its name. Each team already has to have access to the repository.
The list of team slugs with push access. Always use slug of the team, not its name. Each team already has to have access to the repository.||
+|**users**|[str]|: The list of user logins with push access.
The list of user logins with push access.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1branchprotectionv3specproviderconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1branchprotectionv3specpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1branchprotectionv3specpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1branchprotectionv3specpublishconnectiondetailstoconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3Status
+
+BranchProtectionv3Status defines the observed state of BranchProtectionv3.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProvider](#repogithubupboundiov1alpha1branchprotectionv3statusatprovider)|at provider||
+|**conditions**|[[RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusConditionsItems0](#repogithubupboundiov1alpha1branchprotectionv3statusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProvider
+
+repo github upbound io v1alpha1 branch protectionv3 status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**branch**|str|The Git branch to protect.
The Git branch to protect.||
+|**enforceAdmins**|bool|Boolean, setting this to true enforces status checks for repository administrators.
Setting this to 'true' enforces status checks for repository administrators.||
+|**etag**|str|etag||
+|**id**|str|id||
+|**repository**|str|The GitHub repository name.
The GitHub repository name.||
+|**requireConversationResolution**|bool|Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
Setting this to 'true' requires all conversations on code must be resolved before a pull request can be merged.||
+|**requireSignedCommits**|bool|Boolean, setting this to true requires all commits to be signed with GPG.
Setting this to 'true' requires all commits to be signed with GPG.||
+|**requiredPullRequestReviews**|[[RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRequiredPullRequestReviewsItems0](#repogithubupboundiov1alpha1branchprotectionv3statusatproviderrequiredpullrequestreviewsitems0)]|Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
Enforce restrictions for pull request reviews.||
+|**requiredStatusChecks**|[[RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRequiredStatusChecksItems0](#repogithubupboundiov1alpha1branchprotectionv3statusatproviderrequiredstatuschecksitems0)]|Enforce restrictions for required status checks. See Required Status Checks below for details.
Enforce restrictions for required status checks.||
+|**restrictions**|[[RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRestrictionsItems0](#repogithubupboundiov1alpha1branchprotectionv3statusatproviderrestrictionsitems0)]|Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
Enforce restrictions for the users and teams that may push to the branch.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRequiredPullRequestReviewsItems0
+
+repo github upbound io v1alpha1 branch protectionv3 status at provider required pull request reviews items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**bypassPullRequestAllowances**|[[RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRequiredPullRequestReviewsItems0BypassPullRequestAllowancesItems0](#repogithubupboundiov1alpha1branchprotectionv3statusatproviderrequiredpullrequestreviewsitems0bypasspullrequestallowancesitems0)]|: Allow specific users, teams, or apps to bypass pull request requirements. See Bypass Pull Request Allowances below for details.||
+|**dismissStaleReviews**|bool|: Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
Dismiss approved reviews automatically when a new commit is pushed.||
+|**dismissalApps**|[str]|: The list of app slugs with dismissal access.
The list of apps slugs with dismissal access. Always use slug of the app, not its name. Each app already has to have access to the repository.||
+|**dismissalTeams**|[str]|: The list of team slugs with dismissal access.
Always use slug of the team, not its name. Each team already has to have access to the repository.
The list of team slugs with dismissal access. Always use slug of the team, not its name. Each team already has to have access to the repository.||
+|**dismissalUsers**|[str]|: The list of user logins with dismissal access
The list of user logins with dismissal access.||
+|**includeAdmins**|bool|include admins||
+|**requireCodeOwnerReviews**|bool|: Require an approved review in pull requests including files with a designated code owner. Defaults to false.
Require an approved review in pull requests including files with a designated code owner.||
+|**requireLastPushApproval**|bool|: Require that the most recent push must be approved by someone other than the last pusher. Defaults to false
Require that the most recent push must be approved by someone other than the last pusher.||
+|**requiredApprovingReviewCount**|int|6. This requirement matches GitHub's API, see the upstream documentation for more information.
Require 'x' number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRequiredPullRequestReviewsItems0BypassPullRequestAllowancesItems0
+
+repo github upbound io v1alpha1 branch protectionv3 status at provider required pull request reviews items0 bypass pull request allowances items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apps**|[str]|: The list of app slugs with push access.||
+|**teams**|[str]|: The list of team slugs with push access.
Always use slug of the team, not its name. Each team already has to have access to the repository.||
+|**users**|[str]|: The list of user logins with push access.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRequiredStatusChecksItems0
+
+repo github upbound io v1alpha1 branch protectionv3 status at provider required status checks items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**checks**|[str]|: The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".
The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the 'context' and 'app_id' like so 'context:app_id'||
+|**contexts**|[str]|: [DEPRECATED] The list of status checks to require in order to merge into this branch. No status checks are required by default.||
+|**includeAdmins**|bool|include admins||
+|**strict**|bool|: Require branches to be up to date before merging. Defaults to false.
Require branches to be up to date before merging.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRestrictionsItems0
+
+repo github upbound io v1alpha1 branch protectionv3 status at provider restrictions items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apps**|[str]|: The list of app slugs with push access.
The list of app slugs with push access.||
+|**teams**|[str]|: The list of team slugs with push access.
Always use slug of the team, not its name. Each team already has to have access to the repository.
The list of team slugs with push access. Always use slug of the team, not its name. Each team already has to have access to the repository.||
+|**users**|[str]|: The list of user logins with push access.
The list of user logins with push access.||
+### RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### RepoGithubUpboundIoV1alpha1BranchSpec
+
+BranchSpec defines the desired state of Branch
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[RepoGithubUpboundIoV1alpha1BranchSpecForProvider](#repogithubupboundiov1alpha1branchspecforprovider)|for provider||
+|**initProvider**|[RepoGithubUpboundIoV1alpha1BranchSpecInitProvider](#repogithubupboundiov1alpha1branchspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[RepoGithubUpboundIoV1alpha1BranchSpecProviderConfigRef](#repogithubupboundiov1alpha1branchspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1branchspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[RepoGithubUpboundIoV1alpha1BranchSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1branchspecwriteconnectionsecrettoref)|write connection secret to ref||
+### RepoGithubUpboundIoV1alpha1BranchSpecForProvider
+
+repo github upbound io v1alpha1 branch spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**branch**|str|The repository branch to create.
The repository branch to create.||
+|**repository**|str|The GitHub repository name.
The GitHub repository name.||
+|**repositoryRef**|[RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositoryRef](#repogithubupboundiov1alpha1branchspecforproviderrepositoryref)|repository ref||
+|**repositorySelector**|[RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositorySelector](#repogithubupboundiov1alpha1branchspecforproviderrepositoryselector)|repository selector||
+|**sourceBranch**|str|The branch name to start from. Defaults to main.
The branch name to start from. Defaults to 'main'.||
+|**sourceSha**|str|The commit hash to start from. Defaults to the tip of source_branch. If provided, source_branch is ignored.
The commit hash to start from. Defaults to the tip of 'source_branch'. If provided, 'source_branch' is ignored.||
+### RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1branchspecforproviderrepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1branchspecforproviderrepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1BranchSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**branch**|str|The repository branch to create.
The repository branch to create.||
+|**repository**|str|The GitHub repository name.
The GitHub repository name.||
+|**repositoryRef**|[RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositoryRef](#repogithubupboundiov1alpha1branchspecinitproviderrepositoryref)|repository ref||
+|**repositorySelector**|[RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositorySelector](#repogithubupboundiov1alpha1branchspecinitproviderrepositoryselector)|repository selector||
+|**sourceBranch**|str|The branch name to start from. Defaults to main.
The branch name to start from. Defaults to 'main'.||
+|**sourceSha**|str|The commit hash to start from. Defaults to the tip of source_branch. If provided, source_branch is ignored.
The commit hash to start from. Defaults to the tip of 'source_branch'. If provided, 'source_branch' is ignored.||
+### RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1branchspecinitproviderrepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1branchspecinitproviderrepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1BranchSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1BranchSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1branchspecproviderconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1BranchSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1branchspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1branchspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1branchspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### RepoGithubUpboundIoV1alpha1BranchSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### RepoGithubUpboundIoV1alpha1BranchStatus
+
+BranchStatus defines the observed state of Branch.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[RepoGithubUpboundIoV1alpha1BranchStatusAtProvider](#repogithubupboundiov1alpha1branchstatusatprovider)|at provider||
+|**conditions**|[[RepoGithubUpboundIoV1alpha1BranchStatusConditionsItems0](#repogithubupboundiov1alpha1branchstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### RepoGithubUpboundIoV1alpha1BranchStatusAtProvider
+
+repo github upbound io v1alpha1 branch status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**branch**|str|The repository branch to create.
The repository branch to create.||
+|**etag**|str|An etag representing the Branch object.
An etag representing the Branch object.||
+|**id**|str|id||
+|**ref**|str|A string representing a branch reference, in the form of refs/heads/.
A string representing a branch reference, in the form of 'refs/heads/'.||
+|**repository**|str|The GitHub repository name.
The GitHub repository name.||
+|**sha**|str|A string storing the reference's HEAD commit's SHA1.
A string storing the reference's HEAD commit's SHA1.||
+|**sourceBranch**|str|The branch name to start from. Defaults to main.
The branch name to start from. Defaults to 'main'.||
+|**sourceSha**|str|The commit hash to start from. Defaults to the tip of source_branch. If provided, source_branch is ignored.
The commit hash to start from. Defaults to the tip of 'source_branch'. If provided, 'source_branch' is ignored.||
+### RepoGithubUpboundIoV1alpha1BranchStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### RepoGithubUpboundIoV1alpha1DefaultBranchSpec
+
+DefaultBranchSpec defines the desired state of DefaultBranch
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProvider](#repogithubupboundiov1alpha1defaultbranchspecforprovider)|for provider||
+|**initProvider**|[RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProvider](#repogithubupboundiov1alpha1defaultbranchspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[RepoGithubUpboundIoV1alpha1DefaultBranchSpecProviderConfigRef](#repogithubupboundiov1alpha1defaultbranchspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1defaultbranchspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[RepoGithubUpboundIoV1alpha1DefaultBranchSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1defaultbranchspecwriteconnectionsecrettoref)|write connection secret to ref||
+### RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProvider
+
+repo github upbound io v1alpha1 default branch spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**branch**|str|The branch (e.g. main)
The branch (e.g. 'main').||
+|**branchRef**|[RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchRef](#repogithubupboundiov1alpha1defaultbranchspecforproviderbranchref)|branch ref||
+|**branchSelector**|[RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchSelector](#repogithubupboundiov1alpha1defaultbranchspecforproviderbranchselector)|branch selector||
+|**rename**|bool|Indicate if it should rename the branch rather than use an existing branch. Defaults to false.
Indicate if it should rename the branch rather than use an existing branch. Defaults to 'false'.||
+### RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchRef
+
+Reference to a Branch in repo to populate branch.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchRefPolicy](#repogithubupboundiov1alpha1defaultbranchspecforproviderbranchrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchSelector
+
+Selector for a Branch in repo to populate branch.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchSelectorPolicy](#repogithubupboundiov1alpha1defaultbranchspecforproviderbranchselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**branch**|str|The branch (e.g. main)
The branch (e.g. 'main').||
+|**branchRef**|[RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchRef](#repogithubupboundiov1alpha1defaultbranchspecinitproviderbranchref)|branch ref||
+|**branchSelector**|[RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchSelector](#repogithubupboundiov1alpha1defaultbranchspecinitproviderbranchselector)|branch selector||
+|**rename**|bool|Indicate if it should rename the branch rather than use an existing branch. Defaults to false.
Indicate if it should rename the branch rather than use an existing branch. Defaults to 'false'.||
+### RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchRef
+
+Reference to a Branch in repo to populate branch.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchRefPolicy](#repogithubupboundiov1alpha1defaultbranchspecinitproviderbranchrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchSelector
+
+Selector for a Branch in repo to populate branch.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchSelectorPolicy](#repogithubupboundiov1alpha1defaultbranchspecinitproviderbranchselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1DefaultBranchSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1DefaultBranchSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1defaultbranchspecproviderconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1DefaultBranchSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1defaultbranchspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1defaultbranchspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1defaultbranchspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### RepoGithubUpboundIoV1alpha1DefaultBranchSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### RepoGithubUpboundIoV1alpha1DefaultBranchStatus
+
+DefaultBranchStatus defines the observed state of DefaultBranch.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[RepoGithubUpboundIoV1alpha1DefaultBranchStatusAtProvider](#repogithubupboundiov1alpha1defaultbranchstatusatprovider)|at provider||
+|**conditions**|[[RepoGithubUpboundIoV1alpha1DefaultBranchStatusConditionsItems0](#repogithubupboundiov1alpha1defaultbranchstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### RepoGithubUpboundIoV1alpha1DefaultBranchStatusAtProvider
+
+repo github upbound io v1alpha1 default branch status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**branch**|str|The branch (e.g. main)
The branch (e.g. 'main').||
+|**etag**|str|etag||
+|**id**|str|id||
+|**rename**|bool|Indicate if it should rename the branch rather than use an existing branch. Defaults to false.
Indicate if it should rename the branch rather than use an existing branch. Defaults to 'false'.||
+### RepoGithubUpboundIoV1alpha1DefaultBranchStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### RepoGithubUpboundIoV1alpha1DeployKeySpec
+
+DeployKeySpec defines the desired state of DeployKey
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[RepoGithubUpboundIoV1alpha1DeployKeySpecForProvider](#repogithubupboundiov1alpha1deploykeyspecforprovider)|for provider||
+|**initProvider**|[RepoGithubUpboundIoV1alpha1DeployKeySpecInitProvider](#repogithubupboundiov1alpha1deploykeyspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[RepoGithubUpboundIoV1alpha1DeployKeySpecProviderConfigRef](#repogithubupboundiov1alpha1deploykeyspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1deploykeyspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[RepoGithubUpboundIoV1alpha1DeployKeySpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1deploykeyspecwriteconnectionsecrettoref)|write connection secret to ref||
+### RepoGithubUpboundIoV1alpha1DeployKeySpecForProvider
+
+repo github upbound io v1alpha1 deploy key spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**keySecretRef**|[RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderKeySecretRef](#repogithubupboundiov1alpha1deploykeyspecforproviderkeysecretref)|key secret ref||
+|**readOnly**|bool|A boolean qualifying the key to be either read only or read/write.
A boolean qualifying the key to be either read only or read/write.||
+|**repository**|str|Name of the GitHub repository.
Name of the GitHub repository.||
+|**repositoryRef**|[RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositoryRef](#repogithubupboundiov1alpha1deploykeyspecforproviderrepositoryref)|repository ref||
+|**repositorySelector**|[RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositorySelector](#repogithubupboundiov1alpha1deploykeyspecforproviderrepositoryselector)|repository selector||
+|**title**|str|A title.
A title.||
+### RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderKeySecretRef
+
+A SSH key. A SSH key.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key to select.||
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1deploykeyspecforproviderrepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1deploykeyspecforproviderrepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1DeployKeySpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**keySecretRef** `required`|[RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderKeySecretRef](#repogithubupboundiov1alpha1deploykeyspecinitproviderkeysecretref)|key secret ref||
+|**readOnly**|bool|A boolean qualifying the key to be either read only or read/write.
A boolean qualifying the key to be either read only or read/write.||
+|**repository**|str|Name of the GitHub repository.
Name of the GitHub repository.||
+|**repositoryRef**|[RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositoryRef](#repogithubupboundiov1alpha1deploykeyspecinitproviderrepositoryref)|repository ref||
+|**repositorySelector**|[RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositorySelector](#repogithubupboundiov1alpha1deploykeyspecinitproviderrepositoryselector)|repository selector||
+|**title**|str|A title.
A title.||
+### RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderKeySecretRef
+
+A SSH key. A SSH key.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key to select.||
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1deploykeyspecinitproviderrepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1deploykeyspecinitproviderrepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1DeployKeySpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1DeployKeySpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1deploykeyspecproviderconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1DeployKeySpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1deploykeyspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1deploykeyspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1deploykeyspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### RepoGithubUpboundIoV1alpha1DeployKeySpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### RepoGithubUpboundIoV1alpha1DeployKeyStatus
+
+DeployKeyStatus defines the observed state of DeployKey.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[RepoGithubUpboundIoV1alpha1DeployKeyStatusAtProvider](#repogithubupboundiov1alpha1deploykeystatusatprovider)|at provider||
+|**conditions**|[[RepoGithubUpboundIoV1alpha1DeployKeyStatusConditionsItems0](#repogithubupboundiov1alpha1deploykeystatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### RepoGithubUpboundIoV1alpha1DeployKeyStatusAtProvider
+
+repo github upbound io v1alpha1 deploy key status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**etag**|str|etag||
+|**id**|str|id||
+|**readOnly**|bool|A boolean qualifying the key to be either read only or read/write.
A boolean qualifying the key to be either read only or read/write.||
+|**repository**|str|Name of the GitHub repository.
Name of the GitHub repository.||
+|**title**|str|A title.
A title.||
+### RepoGithubUpboundIoV1alpha1DeployKeyStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpec
+
+EnvironmentDeploymentPolicySpec defines the desired state of EnvironmentDeploymentPolicy
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProvider](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecforprovider)|for provider||
+|**initProvider**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProvider](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecProviderConfigRef](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecwriteconnectionsecrettoref)|write connection secret to ref||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProvider
+
+repo github upbound io v1alpha1 environment deployment policy spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**branchPattern**|str|The name pattern that branches must match in order to deploy to the environment.
The name pattern that branches must match in order to deploy to the environment.||
+|**environment**|str|The name of the environment.
The name of the environment.||
+|**environmentRef**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentRef](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecforproviderenvironmentref)|environment ref||
+|**environmentSelector**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentSelector](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecforproviderenvironmentselector)|environment selector||
+|**repository**|str|The repository of the environment.
The name of the repository. The name is not case sensitive.||
+|**repositoryRef**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositoryRef](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecforproviderrepositoryref)|repository ref||
+|**repositorySelector**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositorySelector](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecforproviderrepositoryselector)|repository selector||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentRef
+
+Reference to a Environment in repo to populate environment.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentRefPolicy](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecforproviderenvironmentrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentSelector
+
+Selector for a Environment in repo to populate environment.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentSelectorPolicy](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecforproviderenvironmentselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecforproviderrepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecforproviderrepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**branchPattern**|str|The name pattern that branches must match in order to deploy to the environment.
The name pattern that branches must match in order to deploy to the environment.||
+|**environment**|str|The name of the environment.
The name of the environment.||
+|**environmentRef**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentRef](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecinitproviderenvironmentref)|environment ref||
+|**environmentSelector**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentSelector](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecinitproviderenvironmentselector)|environment selector||
+|**repository**|str|The repository of the environment.
The name of the repository. The name is not case sensitive.||
+|**repositoryRef**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositoryRef](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecinitproviderrepositoryref)|repository ref||
+|**repositorySelector**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositorySelector](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecinitproviderrepositoryselector)|repository selector||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentRef
+
+Reference to a Environment in repo to populate environment.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentRefPolicy](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecinitproviderenvironmentrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentSelector
+
+Selector for a Environment in repo to populate environment.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentSelectorPolicy](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecinitproviderenvironmentselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecinitproviderrepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecinitproviderrepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecproviderconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1environmentdeploymentpolicyspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicyStatus
+
+EnvironmentDeploymentPolicyStatus defines the observed state of EnvironmentDeploymentPolicy.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicyStatusAtProvider](#repogithubupboundiov1alpha1environmentdeploymentpolicystatusatprovider)|at provider||
+|**conditions**|[[RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicyStatusConditionsItems0](#repogithubupboundiov1alpha1environmentdeploymentpolicystatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicyStatusAtProvider
+
+repo github upbound io v1alpha1 environment deployment policy status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**branchPattern**|str|The name pattern that branches must match in order to deploy to the environment.
The name pattern that branches must match in order to deploy to the environment.||
+|**environment**|str|The name of the environment.
The name of the environment.||
+|**id**|str|id||
+|**repository**|str|The repository of the environment.
The name of the repository. The name is not case sensitive.||
+### RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicyStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### RepoGithubUpboundIoV1alpha1EnvironmentSpec
+
+EnvironmentSpec defines the desired state of Environment
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[RepoGithubUpboundIoV1alpha1EnvironmentSpecForProvider](#repogithubupboundiov1alpha1environmentspecforprovider)|for provider||
+|**initProvider**|[RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProvider](#repogithubupboundiov1alpha1environmentspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[RepoGithubUpboundIoV1alpha1EnvironmentSpecProviderConfigRef](#repogithubupboundiov1alpha1environmentspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1environmentspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[RepoGithubUpboundIoV1alpha1EnvironmentSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1environmentspecwriteconnectionsecrettoref)|write connection secret to ref||
+### RepoGithubUpboundIoV1alpha1EnvironmentSpecForProvider
+
+repo github upbound io v1alpha1 environment spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**canAdminsBypass**|bool|Can repository admins bypass the environment protections. Defaults to true.
Can Admins bypass deployment protections||
+|**deploymentBranchPolicy**|[[RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderDeploymentBranchPolicyItems0](#repogithubupboundiov1alpha1environmentspecforproviderdeploymentbranchpolicyitems0)]|The deployment branch policy configuration||
+|**environment**|str|The name of the environment.
The name of the environment.||
+|**preventSelfReview**|bool|Whether or not a user who created the job is prevented from approving their own job. Defaults to false.
Prevent users from approving workflows runs that they triggered.||
+|**repository**|str|The repository of the environment.
The repository of the environment.||
+|**repositoryRef**|[RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositoryRef](#repogithubupboundiov1alpha1environmentspecforproviderrepositoryref)|repository ref||
+|**repositorySelector**|[RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositorySelector](#repogithubupboundiov1alpha1environmentspecforproviderrepositoryselector)|repository selector||
+|**reviewers**|[[RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderReviewersItems0](#repogithubupboundiov1alpha1environmentspecforproviderreviewersitems0)]|The environment reviewers configuration.||
+|**waitTimer**|int|Amount of time to delay a job after the job is initially triggered.
Amount of time to delay a job after the job is initially triggered.||
+### RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderDeploymentBranchPolicyItems0
+
+repo github upbound io v1alpha1 environment spec for provider deployment branch policy items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**customBranchPolicies**|bool|Whether only branches that match the specified name patterns can deploy to this environment.
Whether only branches that match the specified name patterns can deploy to this environment.||
+|**protectedBranches**|bool|Whether only branches with branch protection rules can deploy to this environment.
Whether only branches with branch protection rules can deploy to this environment.||
+### RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1environmentspecforproviderrepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1environmentspecforproviderrepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderReviewersItems0
+
+repo github upbound io v1alpha1 environment spec for provider reviewers items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**teams**|[int]|Up to 6 IDs for teams who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
Up to 6 IDs for teams who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.||
+|**users**|[int]|Up to 6 IDs for users who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
Up to 6 IDs for users who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.||
+### RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**canAdminsBypass**|bool|Can repository admins bypass the environment protections. Defaults to true.
Can Admins bypass deployment protections||
+|**deploymentBranchPolicy**|[[RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderDeploymentBranchPolicyItems0](#repogithubupboundiov1alpha1environmentspecinitproviderdeploymentbranchpolicyitems0)]|The deployment branch policy configuration||
+|**environment**|str|The name of the environment.
The name of the environment.||
+|**preventSelfReview**|bool|Whether or not a user who created the job is prevented from approving their own job. Defaults to false.
Prevent users from approving workflows runs that they triggered.||
+|**repository**|str|The repository of the environment.
The repository of the environment.||
+|**repositoryRef**|[RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositoryRef](#repogithubupboundiov1alpha1environmentspecinitproviderrepositoryref)|repository ref||
+|**repositorySelector**|[RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositorySelector](#repogithubupboundiov1alpha1environmentspecinitproviderrepositoryselector)|repository selector||
+|**reviewers**|[[RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderReviewersItems0](#repogithubupboundiov1alpha1environmentspecinitproviderreviewersitems0)]|The environment reviewers configuration.||
+|**waitTimer**|int|Amount of time to delay a job after the job is initially triggered.
Amount of time to delay a job after the job is initially triggered.||
+### RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderDeploymentBranchPolicyItems0
+
+repo github upbound io v1alpha1 environment spec init provider deployment branch policy items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**customBranchPolicies**|bool|Whether only branches that match the specified name patterns can deploy to this environment.
Whether only branches that match the specified name patterns can deploy to this environment.||
+|**protectedBranches**|bool|Whether only branches with branch protection rules can deploy to this environment.
Whether only branches with branch protection rules can deploy to this environment.||
+### RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1environmentspecinitproviderrepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1environmentspecinitproviderrepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderReviewersItems0
+
+repo github upbound io v1alpha1 environment spec init provider reviewers items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**teams**|[int]|Up to 6 IDs for teams who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
Up to 6 IDs for teams who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.||
+|**users**|[int]|Up to 6 IDs for users who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
Up to 6 IDs for users who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.||
+### RepoGithubUpboundIoV1alpha1EnvironmentSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1EnvironmentSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1environmentspecproviderconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1EnvironmentSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1environmentspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1environmentspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1environmentspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### RepoGithubUpboundIoV1alpha1EnvironmentSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### RepoGithubUpboundIoV1alpha1EnvironmentStatus
+
+EnvironmentStatus defines the observed state of Environment.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[RepoGithubUpboundIoV1alpha1EnvironmentStatusAtProvider](#repogithubupboundiov1alpha1environmentstatusatprovider)|at provider||
+|**conditions**|[[RepoGithubUpboundIoV1alpha1EnvironmentStatusConditionsItems0](#repogithubupboundiov1alpha1environmentstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### RepoGithubUpboundIoV1alpha1EnvironmentStatusAtProvider
+
+repo github upbound io v1alpha1 environment status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**canAdminsBypass**|bool|Can repository admins bypass the environment protections. Defaults to true.
Can Admins bypass deployment protections||
+|**deploymentBranchPolicy**|[[RepoGithubUpboundIoV1alpha1EnvironmentStatusAtProviderDeploymentBranchPolicyItems0](#repogithubupboundiov1alpha1environmentstatusatproviderdeploymentbranchpolicyitems0)]|The deployment branch policy configuration||
+|**environment**|str|The name of the environment.
The name of the environment.||
+|**id**|str|id||
+|**preventSelfReview**|bool|Whether or not a user who created the job is prevented from approving their own job. Defaults to false.
Prevent users from approving workflows runs that they triggered.||
+|**repository**|str|The repository of the environment.
The repository of the environment.||
+|**reviewers**|[[RepoGithubUpboundIoV1alpha1EnvironmentStatusAtProviderReviewersItems0](#repogithubupboundiov1alpha1environmentstatusatproviderreviewersitems0)]|The environment reviewers configuration.||
+|**waitTimer**|int|Amount of time to delay a job after the job is initially triggered.
Amount of time to delay a job after the job is initially triggered.||
+### RepoGithubUpboundIoV1alpha1EnvironmentStatusAtProviderDeploymentBranchPolicyItems0
+
+repo github upbound io v1alpha1 environment status at provider deployment branch policy items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**customBranchPolicies**|bool|Whether only branches that match the specified name patterns can deploy to this environment.
Whether only branches that match the specified name patterns can deploy to this environment.||
+|**protectedBranches**|bool|Whether only branches with branch protection rules can deploy to this environment.
Whether only branches with branch protection rules can deploy to this environment.||
+### RepoGithubUpboundIoV1alpha1EnvironmentStatusAtProviderReviewersItems0
+
+repo github upbound io v1alpha1 environment status at provider reviewers items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**teams**|[int]|Up to 6 IDs for teams who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
Up to 6 IDs for teams who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.||
+|**users**|[int]|Up to 6 IDs for users who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
Up to 6 IDs for users who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.||
+### RepoGithubUpboundIoV1alpha1EnvironmentStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### RepoGithubUpboundIoV1alpha1IssueLabelsSpec
+
+IssueLabelsSpec defines the desired state of IssueLabels
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[RepoGithubUpboundIoV1alpha1IssueLabelsSpecForProvider](#repogithubupboundiov1alpha1issuelabelsspecforprovider)|for provider||
+|**initProvider**|[RepoGithubUpboundIoV1alpha1IssueLabelsSpecInitProvider](#repogithubupboundiov1alpha1issuelabelsspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[RepoGithubUpboundIoV1alpha1IssueLabelsSpecProviderConfigRef](#repogithubupboundiov1alpha1issuelabelsspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1issuelabelsspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[RepoGithubUpboundIoV1alpha1IssueLabelsSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1issuelabelsspecwriteconnectionsecrettoref)|write connection secret to ref||
+### RepoGithubUpboundIoV1alpha1IssueLabelsSpecForProvider
+
+repo github upbound io v1alpha1 issue labels spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**label**|[[RepoGithubUpboundIoV1alpha1IssueLabelsSpecForProviderLabelItems0](#repogithubupboundiov1alpha1issuelabelsspecforproviderlabelitems0)]|List of labels||
+|**repository**|str|The GitHub repository
The GitHub repository.||
+### RepoGithubUpboundIoV1alpha1IssueLabelsSpecForProviderLabelItems0
+
+repo github upbound io v1alpha1 issue labels spec for provider label items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**color**|str|A 6 character hex code, without the leading #, identifying the color of the label.
A 6 character hex code, without the leading '#', identifying the color of the label.||
+|**description**|str|A short description of the label.
A short description of the label.||
+|**name**|str|The name of the label.
The name of the label.||
+### RepoGithubUpboundIoV1alpha1IssueLabelsSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**label**|[[RepoGithubUpboundIoV1alpha1IssueLabelsSpecInitProviderLabelItems0](#repogithubupboundiov1alpha1issuelabelsspecinitproviderlabelitems0)]|List of labels||
+|**repository**|str|The GitHub repository
The GitHub repository.||
+### RepoGithubUpboundIoV1alpha1IssueLabelsSpecInitProviderLabelItems0
+
+repo github upbound io v1alpha1 issue labels spec init provider label items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**color**|str|A 6 character hex code, without the leading #, identifying the color of the label.
A 6 character hex code, without the leading '#', identifying the color of the label.||
+|**description**|str|A short description of the label.
A short description of the label.||
+|**name**|str|The name of the label.
The name of the label.||
+### RepoGithubUpboundIoV1alpha1IssueLabelsSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1IssueLabelsSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1issuelabelsspecproviderconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1IssueLabelsSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1issuelabelsspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1issuelabelsspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1issuelabelsspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### RepoGithubUpboundIoV1alpha1IssueLabelsSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### RepoGithubUpboundIoV1alpha1IssueLabelsStatus
+
+IssueLabelsStatus defines the observed state of IssueLabels.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[RepoGithubUpboundIoV1alpha1IssueLabelsStatusAtProvider](#repogithubupboundiov1alpha1issuelabelsstatusatprovider)|at provider||
+|**conditions**|[[RepoGithubUpboundIoV1alpha1IssueLabelsStatusConditionsItems0](#repogithubupboundiov1alpha1issuelabelsstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### RepoGithubUpboundIoV1alpha1IssueLabelsStatusAtProvider
+
+repo github upbound io v1alpha1 issue labels status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**id**|str|id||
+|**label**|[[RepoGithubUpboundIoV1alpha1IssueLabelsStatusAtProviderLabelItems0](#repogithubupboundiov1alpha1issuelabelsstatusatproviderlabelitems0)]|List of labels||
+|**repository**|str|The GitHub repository
The GitHub repository.||
+### RepoGithubUpboundIoV1alpha1IssueLabelsStatusAtProviderLabelItems0
+
+repo github upbound io v1alpha1 issue labels status at provider label items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**color**|str|A 6 character hex code, without the leading #, identifying the color of the label.
A 6 character hex code, without the leading '#', identifying the color of the label.||
+|**description**|str|A short description of the label.
A short description of the label.||
+|**name**|str|The name of the label.
The name of the label.||
+|**url**|str|(Computed) The URL to the issue label
The URL to the issue label.||
+### RepoGithubUpboundIoV1alpha1IssueLabelsStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### RepoGithubUpboundIoV1alpha1PullRequestSpec
+
+PullRequestSpec defines the desired state of PullRequest
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[RepoGithubUpboundIoV1alpha1PullRequestSpecForProvider](#repogithubupboundiov1alpha1pullrequestspecforprovider)|for provider||
+|**initProvider**|[RepoGithubUpboundIoV1alpha1PullRequestSpecInitProvider](#repogithubupboundiov1alpha1pullrequestspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[RepoGithubUpboundIoV1alpha1PullRequestSpecProviderConfigRef](#repogithubupboundiov1alpha1pullrequestspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1pullrequestspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[RepoGithubUpboundIoV1alpha1PullRequestSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1pullrequestspecwriteconnectionsecrettoref)|write connection secret to ref||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecForProvider
+
+repo github upbound io v1alpha1 pull request spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**baseRef**|str|Name of the branch serving as the base of the Pull Request.
Name of the branch serving as the base of the Pull Request.||
+|**baseRepository**|str|Name of the base repository to retrieve the Pull Requests from.
Name of the base repository to retrieve the Pull Requests from.||
+|**baseRepositoryRef**|[RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositoryRef](#repogithubupboundiov1alpha1pullrequestspecforproviderbaserepositoryref)|base repository ref||
+|**baseRepositorySelector**|[RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositorySelector](#repogithubupboundiov1alpha1pullrequestspecforproviderbaserepositoryselector)|base repository selector||
+|**body**|str|Body of the Pull Request.
Body of the Pull Request.||
+|**headRef**|str|Name of the branch serving as the head of the Pull Request.
Name of the branch serving as the head of the Pull Request.||
+|**headRefRef**|[RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefRef](#repogithubupboundiov1alpha1pullrequestspecforproviderheadrefref)|head ref ref||
+|**headRefSelector**|[RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefSelector](#repogithubupboundiov1alpha1pullrequestspecforproviderheadrefselector)|head ref selector||
+|**maintainerCanModify**|bool|Controls whether the base repository maintainers can modify the Pull Request. Default: false.
Controls whether the base repository maintainers can modify the Pull Request. Default: 'false'.||
+|**owner**|str|Owner of the repository. If not provided, the provider's default owner is used.
Owner of the repository. If not provided, the provider's default owner is used.||
+|**title**|str|The title of the Pull Request.
The title of the Pull Request.||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositoryRef
+
+Reference to a Repository in repo to populate baseRepository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositoryRefPolicy](#repogithubupboundiov1alpha1pullrequestspecforproviderbaserepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositorySelector
+
+Selector for a Repository in repo to populate baseRepository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositorySelectorPolicy](#repogithubupboundiov1alpha1pullrequestspecforproviderbaserepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefRef
+
+Reference to a Branch in repo to populate headRef.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefRefPolicy](#repogithubupboundiov1alpha1pullrequestspecforproviderheadrefrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefSelector
+
+Selector for a Branch in repo to populate headRef.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefSelectorPolicy](#repogithubupboundiov1alpha1pullrequestspecforproviderheadrefselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**baseRef**|str|Name of the branch serving as the base of the Pull Request.
Name of the branch serving as the base of the Pull Request.||
+|**baseRepository**|str|Name of the base repository to retrieve the Pull Requests from.
Name of the base repository to retrieve the Pull Requests from.||
+|**baseRepositoryRef**|[RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositoryRef](#repogithubupboundiov1alpha1pullrequestspecinitproviderbaserepositoryref)|base repository ref||
+|**baseRepositorySelector**|[RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositorySelector](#repogithubupboundiov1alpha1pullrequestspecinitproviderbaserepositoryselector)|base repository selector||
+|**body**|str|Body of the Pull Request.
Body of the Pull Request.||
+|**headRef**|str|Name of the branch serving as the head of the Pull Request.
Name of the branch serving as the head of the Pull Request.||
+|**headRefRef**|[RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefRef](#repogithubupboundiov1alpha1pullrequestspecinitproviderheadrefref)|head ref ref||
+|**headRefSelector**|[RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefSelector](#repogithubupboundiov1alpha1pullrequestspecinitproviderheadrefselector)|head ref selector||
+|**maintainerCanModify**|bool|Controls whether the base repository maintainers can modify the Pull Request. Default: false.
Controls whether the base repository maintainers can modify the Pull Request. Default: 'false'.||
+|**owner**|str|Owner of the repository. If not provided, the provider's default owner is used.
Owner of the repository. If not provided, the provider's default owner is used.||
+|**title**|str|The title of the Pull Request.
The title of the Pull Request.||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositoryRef
+
+Reference to a Repository in repo to populate baseRepository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositoryRefPolicy](#repogithubupboundiov1alpha1pullrequestspecinitproviderbaserepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositorySelector
+
+Selector for a Repository in repo to populate baseRepository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositorySelectorPolicy](#repogithubupboundiov1alpha1pullrequestspecinitproviderbaserepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefRef
+
+Reference to a Branch in repo to populate headRef.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefRefPolicy](#repogithubupboundiov1alpha1pullrequestspecinitproviderheadrefrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefSelector
+
+Selector for a Branch in repo to populate headRef.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefSelectorPolicy](#repogithubupboundiov1alpha1pullrequestspecinitproviderheadrefselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1PullRequestSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1pullrequestspecproviderconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1pullrequestspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1pullrequestspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1pullrequestspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### RepoGithubUpboundIoV1alpha1PullRequestSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### RepoGithubUpboundIoV1alpha1PullRequestStatus
+
+PullRequestStatus defines the observed state of PullRequest.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[RepoGithubUpboundIoV1alpha1PullRequestStatusAtProvider](#repogithubupboundiov1alpha1pullrequeststatusatprovider)|at provider||
+|**conditions**|[[RepoGithubUpboundIoV1alpha1PullRequestStatusConditionsItems0](#repogithubupboundiov1alpha1pullrequeststatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### RepoGithubUpboundIoV1alpha1PullRequestStatusAtProvider
+
+repo github upbound io v1alpha1 pull request status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**baseRef**|str|Name of the branch serving as the base of the Pull Request.
Name of the branch serving as the base of the Pull Request.||
+|**baseRepository**|str|Name of the base repository to retrieve the Pull Requests from.
Name of the base repository to retrieve the Pull Requests from.||
+|**baseSha**|str|Head commit SHA of the Pull Request base.
Head commit SHA of the Pull Request base.||
+|**body**|str|Body of the Pull Request.
Body of the Pull Request.||
+|**draft**|bool|Indicates Whether this Pull Request is a draft.
Indicates Whether this Pull Request is a draft.||
+|**headRef**|str|Name of the branch serving as the head of the Pull Request.
Name of the branch serving as the head of the Pull Request.||
+|**headSha**|str|Head commit SHA of the Pull Request head.
Head commit SHA of the Pull Request head.||
+|**id**|str|id||
+|**labels**|[str]|List of label names set on the Pull Request.
List of names of labels on the PR||
+|**maintainerCanModify**|bool|Controls whether the base repository maintainers can modify the Pull Request. Default: false.
Controls whether the base repository maintainers can modify the Pull Request. Default: 'false'.||
+|**number**|int|The number of the Pull Request within the repository.
The number of the Pull Request within the repository.||
+|**openedAt**|int|Unix timestamp indicating the Pull Request creation time.
Unix timestamp indicating the Pull Request creation time.||
+|**openedBy**|str|GitHub login of the user who opened the Pull Request.
Username of the PR creator||
+|**owner**|str|Owner of the repository. If not provided, the provider's default owner is used.
Owner of the repository. If not provided, the provider's default owner is used.||
+|**state**|str|the current Pull Request state - can be "open", "closed" or "merged".
The current Pull Request state - can be 'open', 'closed' or 'merged'.||
+|**title**|str|The title of the Pull Request.
The title of the Pull Request.||
+|**updatedAt**|int|The timestamp of the last Pull Request update.
The timestamp of the last Pull Request update.||
+### RepoGithubUpboundIoV1alpha1PullRequestStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpec
+
+RepositoryAutolinkReferenceSpec defines the desired state of RepositoryAutolinkReference
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProvider](#repogithubupboundiov1alpha1repositoryautolinkreferencespecforprovider)|for provider||
+|**initProvider**|[RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProvider](#repogithubupboundiov1alpha1repositoryautolinkreferencespecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecProviderConfigRef](#repogithubupboundiov1alpha1repositoryautolinkreferencespecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1repositoryautolinkreferencespecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1repositoryautolinkreferencespecwriteconnectionsecrettoref)|write connection secret to ref||
+### RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProvider
+
+repo github upbound io v1alpha1 repository autolink reference spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**isAlphanumeric**|bool|Whether this autolink reference matches alphanumeric characters. If false, this autolink reference only matches numeric characters. Default is true.
Whether this autolink reference matches alphanumeric characters. If false, this autolink reference only matches numeric characters.||
+|**keyPrefix**|str|This prefix appended by a number will generate a link any time it is found in an issue, pull request, or commit.
This prefix appended by a number will generate a link any time it is found in an issue, pull request, or commit||
+|**repository**|str|The repository of the autolink reference.
The repository name||
+|**repositoryRef**|[RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositoryRef](#repogithubupboundiov1alpha1repositoryautolinkreferencespecforproviderrepositoryref)|repository ref||
+|**repositorySelector**|[RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositorySelector](#repogithubupboundiov1alpha1repositoryautolinkreferencespecforproviderrepositoryselector)|repository selector||
+|**targetUrlTemplate**|str|The template of the target URL used for the links; must be a valid URL and contain for the reference number
The template of the target URL used for the links; must be a valid URL and contain `` for the reference number||
+### RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1repositoryautolinkreferencespecforproviderrepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1repositoryautolinkreferencespecforproviderrepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**isAlphanumeric**|bool|Whether this autolink reference matches alphanumeric characters. If false, this autolink reference only matches numeric characters. Default is true.
Whether this autolink reference matches alphanumeric characters. If false, this autolink reference only matches numeric characters.||
+|**keyPrefix**|str|This prefix appended by a number will generate a link any time it is found in an issue, pull request, or commit.
This prefix appended by a number will generate a link any time it is found in an issue, pull request, or commit||
+|**repository**|str|The repository of the autolink reference.
The repository name||
+|**repositoryRef**|[RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositoryRef](#repogithubupboundiov1alpha1repositoryautolinkreferencespecinitproviderrepositoryref)|repository ref||
+|**repositorySelector**|[RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositorySelector](#repogithubupboundiov1alpha1repositoryautolinkreferencespecinitproviderrepositoryselector)|repository selector||
+|**targetUrlTemplate**|str|The template of the target URL used for the links; must be a valid URL and contain for the reference number
The template of the target URL used for the links; must be a valid URL and contain `` for the reference number||
+### RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1repositoryautolinkreferencespecinitproviderrepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1repositoryautolinkreferencespecinitproviderrepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1repositoryautolinkreferencespecproviderconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1repositoryautolinkreferencespecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1repositoryautolinkreferencespecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1repositoryautolinkreferencespecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceStatus
+
+RepositoryAutolinkReferenceStatus defines the observed state of RepositoryAutolinkReference.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceStatusAtProvider](#repogithubupboundiov1alpha1repositoryautolinkreferencestatusatprovider)|at provider||
+|**conditions**|[[RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceStatusConditionsItems0](#repogithubupboundiov1alpha1repositoryautolinkreferencestatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceStatusAtProvider
+
+repo github upbound io v1alpha1 repository autolink reference status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**etag**|str|An etag representing the autolink reference object.||
+|**id**|str|id||
+|**isAlphanumeric**|bool|Whether this autolink reference matches alphanumeric characters. If false, this autolink reference only matches numeric characters. Default is true.
Whether this autolink reference matches alphanumeric characters. If false, this autolink reference only matches numeric characters.||
+|**keyPrefix**|str|This prefix appended by a number will generate a link any time it is found in an issue, pull request, or commit.
This prefix appended by a number will generate a link any time it is found in an issue, pull request, or commit||
+|**repository**|str|The repository of the autolink reference.
The repository name||
+|**targetUrlTemplate**|str|The template of the target URL used for the links; must be a valid URL and contain for the reference number
The template of the target URL used for the links; must be a valid URL and contain `` for the reference number||
+### RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpec
+
+RepositoryCollaboratorSpec defines the desired state of RepositoryCollaborator
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProvider](#repogithubupboundiov1alpha1repositorycollaboratorspecforprovider)|for provider||
+|**initProvider**|[RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProvider](#repogithubupboundiov1alpha1repositorycollaboratorspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecProviderConfigRef](#repogithubupboundiov1alpha1repositorycollaboratorspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1repositorycollaboratorspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1repositorycollaboratorspecwriteconnectionsecrettoref)|write connection secret to ref||
+### RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProvider
+
+repo github upbound io v1alpha1 repository collaborator spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**permission**|str|The permission of the outside collaborator for the repository.
Must be one of pull, push, maintain, triage or admin or the name of an existing custom repository role within the organization for organization-owned repositories.
Must be push for personal repositories. Defaults to push.
The permission of the outside collaborator for the repository. Must be one of 'pull', 'push', 'maintain', 'triage' or 'admin' or the name of an existing custom repository role within the organization for organization-owned repositories. Must be 'push' for personal repositories. Defaults to 'push'.||
+|**permissionDiffSuppression**|bool|Suppress plan diffs for triage and maintain. Defaults to false.
Suppress plan diffs for triage and maintain. Defaults to 'false'.||
+|**repository**|str|The GitHub repository
The GitHub repository||
+|**repositoryRef**|[RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositoryRef](#repogithubupboundiov1alpha1repositorycollaboratorspecforproviderrepositoryref)|repository ref||
+|**repositorySelector**|[RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositorySelector](#repogithubupboundiov1alpha1repositorycollaboratorspecforproviderrepositoryselector)|repository selector||
+|**username**|str|The user to add to the repository as a collaborator.
The user to add to the repository as a collaborator.||
+### RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1repositorycollaboratorspecforproviderrepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1repositorycollaboratorspecforproviderrepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**permission**|str|The permission of the outside collaborator for the repository.
Must be one of pull, push, maintain, triage or admin or the name of an existing custom repository role within the organization for organization-owned repositories.
Must be push for personal repositories. Defaults to push.
The permission of the outside collaborator for the repository. Must be one of 'pull', 'push', 'maintain', 'triage' or 'admin' or the name of an existing custom repository role within the organization for organization-owned repositories. Must be 'push' for personal repositories. Defaults to 'push'.||
+|**permissionDiffSuppression**|bool|Suppress plan diffs for triage and maintain. Defaults to false.
Suppress plan diffs for triage and maintain. Defaults to 'false'.||
+|**repository**|str|The GitHub repository
The GitHub repository||
+|**repositoryRef**|[RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositoryRef](#repogithubupboundiov1alpha1repositorycollaboratorspecinitproviderrepositoryref)|repository ref||
+|**repositorySelector**|[RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositorySelector](#repogithubupboundiov1alpha1repositorycollaboratorspecinitproviderrepositoryselector)|repository selector||
+|**username**|str|The user to add to the repository as a collaborator.
The user to add to the repository as a collaborator.||
+### RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1repositorycollaboratorspecinitproviderrepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1repositorycollaboratorspecinitproviderrepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1repositorycollaboratorspecproviderconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1repositorycollaboratorspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1repositorycollaboratorspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1repositorycollaboratorspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### RepoGithubUpboundIoV1alpha1RepositoryCollaboratorStatus
+
+RepositoryCollaboratorStatus defines the observed state of RepositoryCollaborator.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[RepoGithubUpboundIoV1alpha1RepositoryCollaboratorStatusAtProvider](#repogithubupboundiov1alpha1repositorycollaboratorstatusatprovider)|at provider||
+|**conditions**|[[RepoGithubUpboundIoV1alpha1RepositoryCollaboratorStatusConditionsItems0](#repogithubupboundiov1alpha1repositorycollaboratorstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### RepoGithubUpboundIoV1alpha1RepositoryCollaboratorStatusAtProvider
+
+repo github upbound io v1alpha1 repository collaborator status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**id**|str|id||
+|**invitationId**|str|ID of the invitation to be used in github_user_invitation_accepter
ID of the invitation to be used in 'github_user_invitation_accepter'||
+|**permission**|str|The permission of the outside collaborator for the repository.
Must be one of pull, push, maintain, triage or admin or the name of an existing custom repository role within the organization for organization-owned repositories.
Must be push for personal repositories. Defaults to push.
The permission of the outside collaborator for the repository. Must be one of 'pull', 'push', 'maintain', 'triage' or 'admin' or the name of an existing custom repository role within the organization for organization-owned repositories. Must be 'push' for personal repositories. Defaults to 'push'.||
+|**permissionDiffSuppression**|bool|Suppress plan diffs for triage and maintain. Defaults to false.
Suppress plan diffs for triage and maintain. Defaults to 'false'.||
+|**repository**|str|The GitHub repository
The GitHub repository||
+|**username**|str|The user to add to the repository as a collaborator.
The user to add to the repository as a collaborator.||
+### RepoGithubUpboundIoV1alpha1RepositoryCollaboratorStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpec
+
+RepositoryFileSpec defines the desired state of RepositoryFile
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProvider](#repogithubupboundiov1alpha1repositoryfilespecforprovider)|for provider||
+|**initProvider**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProvider](#repogithubupboundiov1alpha1repositoryfilespecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecProviderConfigRef](#repogithubupboundiov1alpha1repositoryfilespecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1repositoryfilespecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1repositoryfilespecwriteconnectionsecrettoref)|write connection secret to ref||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProvider
+
+repo github upbound io v1alpha1 repository file spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**autocreateBranch**|bool|Git branch (defaults to the repository's default branch).
The branch must already exist, it will not be created if it does not already exist.
Automatically create the branch if it could not be found. Subsequent reads if the branch is deleted will occur from 'autocreate_branch_source_branch'||
+|**autocreateBranchSourceBranch**|str|Git branch (defaults to the repository's default branch).
The branch must already exist, it will not be created if it does not already exist.
The branch name to start from, if 'autocreate_branch' is set. Defaults to 'main'.||
+|**autocreateBranchSourceSha**|str|The SHA blob of the file.
The commit hash to start from, if 'autocreate_branch' is set. Defaults to the tip of 'autocreate_branch_source_branch'. If provided, 'autocreate_branch_source_branch' is ignored.||
+|**branch**|str|Git branch (defaults to the repository's default branch).
The branch must already exist, it will not be created if it does not already exist.
The branch name, defaults to the repository's default branch||
+|**branchRef**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchRef](#repogithubupboundiov1alpha1repositoryfilespecforproviderbranchref)|branch ref||
+|**branchSelector**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchSelector](#repogithubupboundiov1alpha1repositoryfilespecforproviderbranchselector)|branch selector||
+|**commitAuthor**|str|Committer author name to use. NOTE: GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App. This maybe useful when a branch protection rule requires signed commits.
The commit author name, defaults to the authenticated user's name. GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App.||
+|**commitEmail**|str|Committer email address to use. NOTE: GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App. This may be useful when a branch protection rule requires signed commits.
The commit author email address, defaults to the authenticated user's email address. GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App.||
+|**commitMessage**|str|The commit message when creating, updating or deleting the managed file.
The commit message when creating, updating or deleting the file||
+|**content**|str|The file content.
The file's content||
+|**file**|str|The path of the file to manage.
The file path to manage||
+|**overwriteOnCreate**|bool|Enable overwriting existing files. If set to true it will overwrite an existing file with the same name. If set to false it will fail if there is an existing file with the same name.
Enable overwriting existing files, defaults to "false"||
+|**repository**|str|The repository to create the file in.
The repository name||
+|**repositoryRef**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositoryRef](#repogithubupboundiov1alpha1repositoryfilespecforproviderrepositoryref)|repository ref||
+|**repositorySelector**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositorySelector](#repogithubupboundiov1alpha1repositoryfilespecforproviderrepositoryselector)|repository selector||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchRef
+
+Reference to a Branch in repo to populate branch.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchRefPolicy](#repogithubupboundiov1alpha1repositoryfilespecforproviderbranchrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchSelector
+
+Selector for a Branch in repo to populate branch.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchSelectorPolicy](#repogithubupboundiov1alpha1repositoryfilespecforproviderbranchselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1repositoryfilespecforproviderrepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1repositoryfilespecforproviderrepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**autocreateBranch**|bool|Git branch (defaults to the repository's default branch).
The branch must already exist, it will not be created if it does not already exist.
Automatically create the branch if it could not be found. Subsequent reads if the branch is deleted will occur from 'autocreate_branch_source_branch'||
+|**autocreateBranchSourceBranch**|str|Git branch (defaults to the repository's default branch).
The branch must already exist, it will not be created if it does not already exist.
The branch name to start from, if 'autocreate_branch' is set. Defaults to 'main'.||
+|**autocreateBranchSourceSha**|str|The SHA blob of the file.
The commit hash to start from, if 'autocreate_branch' is set. Defaults to the tip of 'autocreate_branch_source_branch'. If provided, 'autocreate_branch_source_branch' is ignored.||
+|**branch**|str|Git branch (defaults to the repository's default branch).
The branch must already exist, it will not be created if it does not already exist.
The branch name, defaults to the repository's default branch||
+|**branchRef**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchRef](#repogithubupboundiov1alpha1repositoryfilespecinitproviderbranchref)|branch ref||
+|**branchSelector**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchSelector](#repogithubupboundiov1alpha1repositoryfilespecinitproviderbranchselector)|branch selector||
+|**commitAuthor**|str|Committer author name to use. NOTE: GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App. This maybe useful when a branch protection rule requires signed commits.
The commit author name, defaults to the authenticated user's name. GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App.||
+|**commitEmail**|str|Committer email address to use. NOTE: GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App. This may be useful when a branch protection rule requires signed commits.
The commit author email address, defaults to the authenticated user's email address. GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App.||
+|**commitMessage**|str|The commit message when creating, updating or deleting the managed file.
The commit message when creating, updating or deleting the file||
+|**content**|str|The file content.
The file's content||
+|**file**|str|The path of the file to manage.
The file path to manage||
+|**overwriteOnCreate**|bool|Enable overwriting existing files. If set to true it will overwrite an existing file with the same name. If set to false it will fail if there is an existing file with the same name.
Enable overwriting existing files, defaults to "false"||
+|**repository**|str|The repository to create the file in.
The repository name||
+|**repositoryRef**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositoryRef](#repogithubupboundiov1alpha1repositoryfilespecinitproviderrepositoryref)|repository ref||
+|**repositorySelector**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositorySelector](#repogithubupboundiov1alpha1repositoryfilespecinitproviderrepositoryselector)|repository selector||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchRef
+
+Reference to a Branch in repo to populate branch.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchRefPolicy](#repogithubupboundiov1alpha1repositoryfilespecinitproviderbranchrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchSelector
+
+Selector for a Branch in repo to populate branch.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchSelectorPolicy](#repogithubupboundiov1alpha1repositoryfilespecinitproviderbranchselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1repositoryfilespecinitproviderrepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1repositoryfilespecinitproviderrepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1repositoryfilespecproviderconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1repositoryfilespecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1repositoryfilespecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1repositoryfilespecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### RepoGithubUpboundIoV1alpha1RepositoryFileSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### RepoGithubUpboundIoV1alpha1RepositoryFileStatus
+
+RepositoryFileStatus defines the observed state of RepositoryFile.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[RepoGithubUpboundIoV1alpha1RepositoryFileStatusAtProvider](#repogithubupboundiov1alpha1repositoryfilestatusatprovider)|at provider||
+|**conditions**|[[RepoGithubUpboundIoV1alpha1RepositoryFileStatusConditionsItems0](#repogithubupboundiov1alpha1repositoryfilestatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### RepoGithubUpboundIoV1alpha1RepositoryFileStatusAtProvider
+
+repo github upbound io v1alpha1 repository file status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**autocreateBranch**|bool|Git branch (defaults to the repository's default branch).
The branch must already exist, it will not be created if it does not already exist.
Automatically create the branch if it could not be found. Subsequent reads if the branch is deleted will occur from 'autocreate_branch_source_branch'||
+|**autocreateBranchSourceBranch**|str|Git branch (defaults to the repository's default branch).
The branch must already exist, it will not be created if it does not already exist.
The branch name to start from, if 'autocreate_branch' is set. Defaults to 'main'.||
+|**autocreateBranchSourceSha**|str|The SHA blob of the file.
The commit hash to start from, if 'autocreate_branch' is set. Defaults to the tip of 'autocreate_branch_source_branch'. If provided, 'autocreate_branch_source_branch' is ignored.||
+|**branch**|str|Git branch (defaults to the repository's default branch).
The branch must already exist, it will not be created if it does not already exist.
The branch name, defaults to the repository's default branch||
+|**commitAuthor**|str|Committer author name to use. NOTE: GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App. This maybe useful when a branch protection rule requires signed commits.
The commit author name, defaults to the authenticated user's name. GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App.||
+|**commitEmail**|str|Committer email address to use. NOTE: GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App. This may be useful when a branch protection rule requires signed commits.
The commit author email address, defaults to the authenticated user's email address. GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App.||
+|**commitMessage**|str|The commit message when creating, updating or deleting the managed file.
The commit message when creating, updating or deleting the file||
+|**commitSha**|str|The SHA of the commit that modified the file.
The SHA of the commit that modified the file||
+|**content**|str|The file content.
The file's content||
+|**file**|str|The path of the file to manage.
The file path to manage||
+|**id**|str|id||
+|**overwriteOnCreate**|bool|Enable overwriting existing files. If set to true it will overwrite an existing file with the same name. If set to false it will fail if there is an existing file with the same name.
Enable overwriting existing files, defaults to "false"||
+|**ref**|str|The name of the commit/branch/tag.
The name of the commit/branch/tag||
+|**repository**|str|The repository to create the file in.
The repository name||
+|**sha**|str|The SHA blob of the file.
The blob SHA of the file||
+### RepoGithubUpboundIoV1alpha1RepositoryFileStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpec
+
+RepositoryRulesetSpec defines the desired state of RepositoryRuleset
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProvider](#repogithubupboundiov1alpha1repositoryrulesetspecforprovider)|for provider||
+|**initProvider**|[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProvider](#repogithubupboundiov1alpha1repositoryrulesetspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecProviderConfigRef](#repogithubupboundiov1alpha1repositoryrulesetspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1repositoryrulesetspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1repositoryrulesetspecwriteconnectionsecrettoref)|write connection secret to ref||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProvider
+
+repo github upbound io v1alpha1 repository ruleset spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**bypassActors**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderBypassActorsItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderbypassactorsitems0)]|(Block List) The actors that can bypass the rules in this ruleset. (see below for nested schema)
The actors that can bypass the rules in this ruleset.||
+|**conditions**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderConditionsItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderconditionsitems0)]|(Block List, Max: 1) Parameters for a repository ruleset ref name condition. (see below for nested schema)
Parameters for a repository ruleset ref name condition.||
+|**enforcement**|str|(String) Possible values for Enforcement are disabled, active, evaluate. Note: evaluate is currently only supported for owners of type organization.
Possible values for Enforcement are `disabled`, `active`, `evaluate`. Note: `evaluate` is currently only supported for owners of type `organization`.||
+|**name**|str|(String) The name of the ruleset.
The name of the ruleset.||
+|**repository**|str|(String) Name of the repository to apply rulset to.
Name of the repository to apply rulset to.||
+|**repositoryRef**|[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositoryRef](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrepositoryref)|repository ref||
+|**repositorySelector**|[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositorySelector](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrepositoryselector)|repository selector||
+|**rules**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrulesitems0)]|(Block List, Min: 1, Max: 1) Rules within the ruleset. (see below for nested schema)
Rules within the ruleset.||
+|**target**|str|(String) Possible values are branch and tag.
Possible values are `branch` and `tag`.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderBypassActorsItems0
+
+repo github upbound io v1alpha1 repository ruleset spec for provider bypass actors items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**actorId**|int|(Number) The ID of the actor that can bypass a ruleset.
The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`.||
+|**actorType**|str|(String) The type of actor that can bypass a ruleset. Can be one of: RepositoryRole, Team, Integration, OrganizationAdmin.
The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.||
+|**bypassMode**|str|(String) When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: always, pull_request.
When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderConditionsItems0
+
+repo github upbound io v1alpha1 repository ruleset spec for provider conditions items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**refName**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderConditionsItems0RefNameItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderconditionsitems0refnameitems0)]|(Block List, Min: 1, Max: 1) (see below for nested schema)||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderConditionsItems0RefNameItems0
+
+repo github upbound io v1alpha1 repository ruleset spec for provider conditions items0 ref name items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**exclude**|[str]|(List of String) Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.
Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.||
+|**include**|[str]|(List of String) Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts ~DEFAULT_BRANCH to include the default branch or ~ALL to include all branches.
Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0
+
+repo github upbound io v1alpha1 repository ruleset spec for provider rules items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**branchNamePattern**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0BranchNamePatternItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrulesitems0branchnamepatternitems0)]|(Block List, Max: 1) Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with tag_name_pattern as it only applied to rulesets with target branch. (see below for nested schema)
Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `tag_name_pattern` as it only applies to rulesets with target `branch`.||
+|**commitAuthorEmailPattern**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0CommitAuthorEmailPatternItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrulesitems0commitauthoremailpatternitems0)]|(Block List, Max: 1) Parameters to be used for the commit_author_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
Parameters to be used for the commit_author_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.||
+|**commitMessagePattern**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0CommitMessagePatternItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrulesitems0commitmessagepatternitems0)]|(Block List, Max: 1) Parameters to be used for the commit_message_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
Parameters to be used for the commit_message_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.||
+|**committerEmailPattern**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0CommitterEmailPatternItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrulesitems0committeremailpatternitems0)]|(Block List, Max: 1) Parameters to be used for the committer_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
Parameters to be used for the committer_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.||
+|**creation**|bool|(Boolean) Only allow users with bypass permission to create matching refs.
Only allow users with bypass permission to create matching refs.||
+|**deletion**|bool|(Boolean) Only allow users with bypass permissions to delete matching refs.
Only allow users with bypass permissions to delete matching refs.||
+|**nonFastForward**|bool|(Boolean) Prevent users with push access from force pushing to branches.
Prevent users with push access from force pushing to branches.||
+|**pullRequest**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0PullRequestItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrulesitems0pullrequestitems0)]|(Block List, Max: 1) Require all commits be made to a non-target branch and submitted via a pull request before they can be merged. (see below for nested schema)
Require all commits be made to a non-target branch and submitted via a pull request before they can be merged.||
+|**requiredDeployments**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0RequiredDeploymentsItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrulesitems0requireddeploymentsitems0)]|(Block List, Max: 1) Choose which environments must be successfully deployed to before branches can be merged into a branch that matches this rule. (see below for nested schema)
Choose which environments must be successfully deployed to before branches can be merged into a branch that matches this rule.||
+|**requiredLinearHistory**|bool|(Boolean) Prevent merge commits from being pushed to matching branches.
Prevent merge commits from being pushed to matching branches.||
+|**requiredSignatures**|bool|(Boolean) Commits pushed to matching branches must have verified signatures.
Commits pushed to matching branches must have verified signatures.||
+|**requiredStatusChecks**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrulesitems0requiredstatuschecksitems0)]|(Block List, Max: 1) Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed. (see below for nested schema)
Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed.||
+|**tagNamePattern**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0TagNamePatternItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrulesitems0tagnamepatternitems0)]|(Block List, Max: 1) Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with branch_name_pattern as it only applied to rulesets with target tag. (see below for nested schema)
Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `branch_name_pattern` as it only applies to rulesets with target `tag`.||
+|**update**|bool|(Boolean) Only allow users with bypass permission to update matching refs.
Only allow users with bypass permission to update matching refs.||
+|**updateAllowsFetchAndMerge**|bool|(Boolean) Branch can pull changes from its upstream repository. This is only applicable to forked repositories. Requires update to be set to true. Note: behaviour is affected by a known bug on the GitHub side which may cause issues when using this parameter.
Branch can pull changes from its upstream repository. This is only applicable to forked repositories. Requires `update` to be set to `true`.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0BranchNamePatternItems0
+
+repo github upbound io v1alpha1 repository ruleset spec for provider rules items0 branch name pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|(String) How this rule will appear to users.
How this rule will appear to users.||
+|**negate**|bool|(Boolean) If true, the rule will fail if the pattern matches.
If true, the rule will fail if the pattern matches.||
+|**operator**|str|(String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|(String) The pattern to match with.
The pattern to match with.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0CommitAuthorEmailPatternItems0
+
+repo github upbound io v1alpha1 repository ruleset spec for provider rules items0 commit author email pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|(String) How this rule will appear to users.
How this rule will appear to users.||
+|**negate**|bool|(Boolean) If true, the rule will fail if the pattern matches.
If true, the rule will fail if the pattern matches.||
+|**operator**|str|(String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|(String) The pattern to match with.
The pattern to match with.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0CommitMessagePatternItems0
+
+repo github upbound io v1alpha1 repository ruleset spec for provider rules items0 commit message pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|(String) How this rule will appear to users.
How this rule will appear to users.||
+|**negate**|bool|(Boolean) If true, the rule will fail if the pattern matches.
If true, the rule will fail if the pattern matches.||
+|**operator**|str|(String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|(String) The pattern to match with.
The pattern to match with.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0CommitterEmailPatternItems0
+
+repo github upbound io v1alpha1 repository ruleset spec for provider rules items0 committer email pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|(String) How this rule will appear to users.
How this rule will appear to users.||
+|**negate**|bool|(Boolean) If true, the rule will fail if the pattern matches.
If true, the rule will fail if the pattern matches.||
+|**operator**|str|(String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|(String) The pattern to match with.
The pattern to match with.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0PullRequestItems0
+
+repo github upbound io v1alpha1 repository ruleset spec for provider rules items0 pull request items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**dismissStaleReviewsOnPush**|bool|(Boolean) New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to false.
New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to `false`.||
+|**requireCodeOwnerReview**|bool|(Boolean) Require an approving review in pull requests that modify files that have a designated code owner. Defaults to false.
Require an approving review in pull requests that modify files that have a designated code owner. Defaults to `false`.||
+|**requireLastPushApproval**|bool|(Boolean) Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to false.
Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to `false`.||
+|**requiredApprovingReviewCount**|int|(Number) The number of approving reviews that are required before a pull request can be merged. Defaults to 0.
The number of approving reviews that are required before a pull request can be merged. Defaults to `0`.||
+|**requiredReviewThreadResolution**|bool|(Boolean) All conversations on code must be resolved before a pull request can be merged. Defaults to false.
All conversations on code must be resolved before a pull request can be merged. Defaults to `false`.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0RequiredDeploymentsItems0
+
+repo github upbound io v1alpha1 repository ruleset spec for provider rules items0 required deployments items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**requiredDeploymentEnvironments**|[str]|(List of String) The environments that must be successfully deployed to before branches can be merged.
The environments that must be successfully deployed to before branches can be merged.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0
+
+repo github upbound io v1alpha1 repository ruleset spec for provider rules items0 required status checks items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**requiredCheck**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0](#repogithubupboundiov1alpha1repositoryrulesetspecforproviderrulesitems0requiredstatuschecksitems0requiredcheckitems0)]|(Block Set, Min: 1) Status checks that are required. Several can be defined. (see below for nested schema)
Status checks that are required. Several can be defined.||
+|**strictRequiredStatusChecksPolicy**|bool|(Boolean) Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to false.
Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to `false`.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0
+
+repo github upbound io v1alpha1 repository ruleset spec for provider rules items0 required status checks items0 required check items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**context**|str|(String) The status check context name that must be present on the commit.
The status check context name that must be present on the commit.||
+|**integrationId**|int|(Number) The optional integration ID that this status check must originate from.
The optional integration ID that this status check must originate from.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0TagNamePatternItems0
+
+repo github upbound io v1alpha1 repository ruleset spec for provider rules items0 tag name pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|(String) How this rule will appear to users.
How this rule will appear to users.||
+|**negate**|bool|(Boolean) If true, the rule will fail if the pattern matches.
If true, the rule will fail if the pattern matches.||
+|**operator**|str|(String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|(String) The pattern to match with.
The pattern to match with.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**bypassActors**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderBypassActorsItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderbypassactorsitems0)]|(Block List) The actors that can bypass the rules in this ruleset. (see below for nested schema)
The actors that can bypass the rules in this ruleset.||
+|**conditions**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderConditionsItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderconditionsitems0)]|(Block List, Max: 1) Parameters for a repository ruleset ref name condition. (see below for nested schema)
Parameters for a repository ruleset ref name condition.||
+|**enforcement**|str|(String) Possible values for Enforcement are disabled, active, evaluate. Note: evaluate is currently only supported for owners of type organization.
Possible values for Enforcement are `disabled`, `active`, `evaluate`. Note: `evaluate` is currently only supported for owners of type `organization`.||
+|**name**|str|(String) The name of the ruleset.
The name of the ruleset.||
+|**repository**|str|(String) Name of the repository to apply rulset to.
Name of the repository to apply rulset to.||
+|**repositoryRef**|[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositoryRef](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrepositoryref)|repository ref||
+|**repositorySelector**|[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositorySelector](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrepositoryselector)|repository selector||
+|**rules**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrulesitems0)]|(Block List, Min: 1, Max: 1) Rules within the ruleset. (see below for nested schema)
Rules within the ruleset.||
+|**target**|str|(String) Possible values are branch and tag.
Possible values are `branch` and `tag`.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderBypassActorsItems0
+
+repo github upbound io v1alpha1 repository ruleset spec init provider bypass actors items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**actorId**|int|(Number) The ID of the actor that can bypass a ruleset.
The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`.||
+|**actorType**|str|(String) The type of actor that can bypass a ruleset. Can be one of: RepositoryRole, Team, Integration, OrganizationAdmin.
The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.||
+|**bypassMode**|str|(String) When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: always, pull_request.
When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderConditionsItems0
+
+repo github upbound io v1alpha1 repository ruleset spec init provider conditions items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**refName**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderConditionsItems0RefNameItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderconditionsitems0refnameitems0)]|(Block List, Min: 1, Max: 1) (see below for nested schema)||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderConditionsItems0RefNameItems0
+
+repo github upbound io v1alpha1 repository ruleset spec init provider conditions items0 ref name items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**exclude**|[str]|(List of String) Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.
Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.||
+|**include**|[str]|(List of String) Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts ~DEFAULT_BRANCH to include the default branch or ~ALL to include all branches.
Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0
+
+repo github upbound io v1alpha1 repository ruleset spec init provider rules items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**branchNamePattern**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0BranchNamePatternItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrulesitems0branchnamepatternitems0)]|(Block List, Max: 1) Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with tag_name_pattern as it only applied to rulesets with target branch. (see below for nested schema)
Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `tag_name_pattern` as it only applies to rulesets with target `branch`.||
+|**commitAuthorEmailPattern**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0CommitAuthorEmailPatternItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrulesitems0commitauthoremailpatternitems0)]|(Block List, Max: 1) Parameters to be used for the commit_author_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
Parameters to be used for the commit_author_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.||
+|**commitMessagePattern**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0CommitMessagePatternItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrulesitems0commitmessagepatternitems0)]|(Block List, Max: 1) Parameters to be used for the commit_message_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
Parameters to be used for the commit_message_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.||
+|**committerEmailPattern**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0CommitterEmailPatternItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrulesitems0committeremailpatternitems0)]|(Block List, Max: 1) Parameters to be used for the committer_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
Parameters to be used for the committer_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.||
+|**creation**|bool|(Boolean) Only allow users with bypass permission to create matching refs.
Only allow users with bypass permission to create matching refs.||
+|**deletion**|bool|(Boolean) Only allow users with bypass permissions to delete matching refs.
Only allow users with bypass permissions to delete matching refs.||
+|**nonFastForward**|bool|(Boolean) Prevent users with push access from force pushing to branches.
Prevent users with push access from force pushing to branches.||
+|**pullRequest**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0PullRequestItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrulesitems0pullrequestitems0)]|(Block List, Max: 1) Require all commits be made to a non-target branch and submitted via a pull request before they can be merged. (see below for nested schema)
Require all commits be made to a non-target branch and submitted via a pull request before they can be merged.||
+|**requiredDeployments**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0RequiredDeploymentsItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrulesitems0requireddeploymentsitems0)]|(Block List, Max: 1) Choose which environments must be successfully deployed to before branches can be merged into a branch that matches this rule. (see below for nested schema)
Choose which environments must be successfully deployed to before branches can be merged into a branch that matches this rule.||
+|**requiredLinearHistory**|bool|(Boolean) Prevent merge commits from being pushed to matching branches.
Prevent merge commits from being pushed to matching branches.||
+|**requiredSignatures**|bool|(Boolean) Commits pushed to matching branches must have verified signatures.
Commits pushed to matching branches must have verified signatures.||
+|**requiredStatusChecks**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrulesitems0requiredstatuschecksitems0)]|(Block List, Max: 1) Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed. (see below for nested schema)
Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed.||
+|**tagNamePattern**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0TagNamePatternItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrulesitems0tagnamepatternitems0)]|(Block List, Max: 1) Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with branch_name_pattern as it only applied to rulesets with target tag. (see below for nested schema)
Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `branch_name_pattern` as it only applies to rulesets with target `tag`.||
+|**update**|bool|(Boolean) Only allow users with bypass permission to update matching refs.
Only allow users with bypass permission to update matching refs.||
+|**updateAllowsFetchAndMerge**|bool|(Boolean) Branch can pull changes from its upstream repository. This is only applicable to forked repositories. Requires update to be set to true. Note: behaviour is affected by a known bug on the GitHub side which may cause issues when using this parameter.
Branch can pull changes from its upstream repository. This is only applicable to forked repositories. Requires `update` to be set to `true`.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0BranchNamePatternItems0
+
+repo github upbound io v1alpha1 repository ruleset spec init provider rules items0 branch name pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|(String) How this rule will appear to users.
How this rule will appear to users.||
+|**negate**|bool|(Boolean) If true, the rule will fail if the pattern matches.
If true, the rule will fail if the pattern matches.||
+|**operator**|str|(String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|(String) The pattern to match with.
The pattern to match with.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0CommitAuthorEmailPatternItems0
+
+repo github upbound io v1alpha1 repository ruleset spec init provider rules items0 commit author email pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|(String) How this rule will appear to users.
How this rule will appear to users.||
+|**negate**|bool|(Boolean) If true, the rule will fail if the pattern matches.
If true, the rule will fail if the pattern matches.||
+|**operator**|str|(String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|(String) The pattern to match with.
The pattern to match with.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0CommitMessagePatternItems0
+
+repo github upbound io v1alpha1 repository ruleset spec init provider rules items0 commit message pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|(String) How this rule will appear to users.
How this rule will appear to users.||
+|**negate**|bool|(Boolean) If true, the rule will fail if the pattern matches.
If true, the rule will fail if the pattern matches.||
+|**operator**|str|(String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|(String) The pattern to match with.
The pattern to match with.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0CommitterEmailPatternItems0
+
+repo github upbound io v1alpha1 repository ruleset spec init provider rules items0 committer email pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|(String) How this rule will appear to users.
How this rule will appear to users.||
+|**negate**|bool|(Boolean) If true, the rule will fail if the pattern matches.
If true, the rule will fail if the pattern matches.||
+|**operator**|str|(String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|(String) The pattern to match with.
The pattern to match with.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0PullRequestItems0
+
+repo github upbound io v1alpha1 repository ruleset spec init provider rules items0 pull request items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**dismissStaleReviewsOnPush**|bool|(Boolean) New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to false.
New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to `false`.||
+|**requireCodeOwnerReview**|bool|(Boolean) Require an approving review in pull requests that modify files that have a designated code owner. Defaults to false.
Require an approving review in pull requests that modify files that have a designated code owner. Defaults to `false`.||
+|**requireLastPushApproval**|bool|(Boolean) Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to false.
Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to `false`.||
+|**requiredApprovingReviewCount**|int|(Number) The number of approving reviews that are required before a pull request can be merged. Defaults to 0.
The number of approving reviews that are required before a pull request can be merged. Defaults to `0`.||
+|**requiredReviewThreadResolution**|bool|(Boolean) All conversations on code must be resolved before a pull request can be merged. Defaults to false.
All conversations on code must be resolved before a pull request can be merged. Defaults to `false`.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0RequiredDeploymentsItems0
+
+repo github upbound io v1alpha1 repository ruleset spec init provider rules items0 required deployments items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**requiredDeploymentEnvironments**|[str]|(List of String) The environments that must be successfully deployed to before branches can be merged.
The environments that must be successfully deployed to before branches can be merged.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0
+
+repo github upbound io v1alpha1 repository ruleset spec init provider rules items0 required status checks items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**requiredCheck**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0](#repogithubupboundiov1alpha1repositoryrulesetspecinitproviderrulesitems0requiredstatuschecksitems0requiredcheckitems0)]|(Block Set, Min: 1) Status checks that are required. Several can be defined. (see below for nested schema)
Status checks that are required. Several can be defined.||
+|**strictRequiredStatusChecksPolicy**|bool|(Boolean) Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to false.
Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to `false`.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0
+
+repo github upbound io v1alpha1 repository ruleset spec init provider rules items0 required status checks items0 required check items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**context**|str|(String) The status check context name that must be present on the commit.
The status check context name that must be present on the commit.||
+|**integrationId**|int|(Number) The optional integration ID that this status check must originate from.
The optional integration ID that this status check must originate from.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0TagNamePatternItems0
+
+repo github upbound io v1alpha1 repository ruleset spec init provider rules items0 tag name pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|(String) How this rule will appear to users.
How this rule will appear to users.||
+|**negate**|bool|(Boolean) If true, the rule will fail if the pattern matches.
If true, the rule will fail if the pattern matches.||
+|**operator**|str|(String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|(String) The pattern to match with.
The pattern to match with.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1repositoryrulesetspecproviderconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1repositoryrulesetspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1repositoryrulesetspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1repositoryrulesetspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetStatus
+
+RepositoryRulesetStatus defines the observed state of RepositoryRuleset.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProvider](#repogithubupboundiov1alpha1repositoryrulesetstatusatprovider)|at provider||
+|**conditions**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusConditionsItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProvider
+
+repo github upbound io v1alpha1 repository ruleset status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**bypassActors**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderBypassActorsItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderbypassactorsitems0)]|(Block List) The actors that can bypass the rules in this ruleset. (see below for nested schema)
The actors that can bypass the rules in this ruleset.||
+|**conditions**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderConditionsItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderconditionsitems0)]|(Block List, Max: 1) Parameters for a repository ruleset ref name condition. (see below for nested schema)
Parameters for a repository ruleset ref name condition.||
+|**enforcement**|str|(String) Possible values for Enforcement are disabled, active, evaluate. Note: evaluate is currently only supported for owners of type organization.
Possible values for Enforcement are `disabled`, `active`, `evaluate`. Note: `evaluate` is currently only supported for owners of type `organization`.||
+|**etag**|str|(String)||
+|**id**|str|id||
+|**name**|str|(String) The name of the ruleset.
The name of the ruleset.||
+|**nodeId**|str|(String) GraphQL global node id for use with v4 API.
GraphQL global node id for use with v4 API.||
+|**repository**|str|(String) Name of the repository to apply rulset to.
Name of the repository to apply rulset to.||
+|**rules**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderrulesitems0)]|(Block List, Min: 1, Max: 1) Rules within the ruleset. (see below for nested schema)
Rules within the ruleset.||
+|**rulesetId**|int|(Number) GitHub ID for the ruleset.
GitHub ID for the ruleset.||
+|**target**|str|(String) Possible values are branch and tag.
Possible values are `branch` and `tag`.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderBypassActorsItems0
+
+repo github upbound io v1alpha1 repository ruleset status at provider bypass actors items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**actorId**|int|(Number) The ID of the actor that can bypass a ruleset.
The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`.||
+|**actorType**|str|(String) The type of actor that can bypass a ruleset. Can be one of: RepositoryRole, Team, Integration, OrganizationAdmin.
The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.||
+|**bypassMode**|str|(String) When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: always, pull_request.
When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderConditionsItems0
+
+repo github upbound io v1alpha1 repository ruleset status at provider conditions items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**refName**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderConditionsItems0RefNameItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderconditionsitems0refnameitems0)]|(Block List, Min: 1, Max: 1) (see below for nested schema)||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderConditionsItems0RefNameItems0
+
+repo github upbound io v1alpha1 repository ruleset status at provider conditions items0 ref name items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**exclude**|[str]|(List of String) Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.
Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.||
+|**include**|[str]|(List of String) Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts ~DEFAULT_BRANCH to include the default branch or ~ALL to include all branches.
Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0
+
+repo github upbound io v1alpha1 repository ruleset status at provider rules items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**branchNamePattern**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0BranchNamePatternItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderrulesitems0branchnamepatternitems0)]|(Block List, Max: 1) Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with tag_name_pattern as it only applied to rulesets with target branch. (see below for nested schema)
Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `tag_name_pattern` as it only applies to rulesets with target `branch`.||
+|**commitAuthorEmailPattern**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0CommitAuthorEmailPatternItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderrulesitems0commitauthoremailpatternitems0)]|(Block List, Max: 1) Parameters to be used for the commit_author_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
Parameters to be used for the commit_author_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.||
+|**commitMessagePattern**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0CommitMessagePatternItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderrulesitems0commitmessagepatternitems0)]|(Block List, Max: 1) Parameters to be used for the commit_message_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
Parameters to be used for the commit_message_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.||
+|**committerEmailPattern**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0CommitterEmailPatternItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderrulesitems0committeremailpatternitems0)]|(Block List, Max: 1) Parameters to be used for the committer_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
Parameters to be used for the committer_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.||
+|**creation**|bool|(Boolean) Only allow users with bypass permission to create matching refs.
Only allow users with bypass permission to create matching refs.||
+|**deletion**|bool|(Boolean) Only allow users with bypass permissions to delete matching refs.
Only allow users with bypass permissions to delete matching refs.||
+|**nonFastForward**|bool|(Boolean) Prevent users with push access from force pushing to branches.
Prevent users with push access from force pushing to branches.||
+|**pullRequest**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0PullRequestItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderrulesitems0pullrequestitems0)]|(Block List, Max: 1) Require all commits be made to a non-target branch and submitted via a pull request before they can be merged. (see below for nested schema)
Require all commits be made to a non-target branch and submitted via a pull request before they can be merged.||
+|**requiredDeployments**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0RequiredDeploymentsItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderrulesitems0requireddeploymentsitems0)]|(Block List, Max: 1) Choose which environments must be successfully deployed to before branches can be merged into a branch that matches this rule. (see below for nested schema)
Choose which environments must be successfully deployed to before branches can be merged into a branch that matches this rule.||
+|**requiredLinearHistory**|bool|(Boolean) Prevent merge commits from being pushed to matching branches.
Prevent merge commits from being pushed to matching branches.||
+|**requiredSignatures**|bool|(Boolean) Commits pushed to matching branches must have verified signatures.
Commits pushed to matching branches must have verified signatures.||
+|**requiredStatusChecks**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderrulesitems0requiredstatuschecksitems0)]|(Block List, Max: 1) Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed. (see below for nested schema)
Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed.||
+|**tagNamePattern**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0TagNamePatternItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderrulesitems0tagnamepatternitems0)]|(Block List, Max: 1) Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with branch_name_pattern as it only applied to rulesets with target tag. (see below for nested schema)
Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `branch_name_pattern` as it only applies to rulesets with target `tag`.||
+|**update**|bool|(Boolean) Only allow users with bypass permission to update matching refs.
Only allow users with bypass permission to update matching refs.||
+|**updateAllowsFetchAndMerge**|bool|(Boolean) Branch can pull changes from its upstream repository. This is only applicable to forked repositories. Requires update to be set to true. Note: behaviour is affected by a known bug on the GitHub side which may cause issues when using this parameter.
Branch can pull changes from its upstream repository. This is only applicable to forked repositories. Requires `update` to be set to `true`.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0BranchNamePatternItems0
+
+repo github upbound io v1alpha1 repository ruleset status at provider rules items0 branch name pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|(String) How this rule will appear to users.
How this rule will appear to users.||
+|**negate**|bool|(Boolean) If true, the rule will fail if the pattern matches.
If true, the rule will fail if the pattern matches.||
+|**operator**|str|(String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|(String) The pattern to match with.
The pattern to match with.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0CommitAuthorEmailPatternItems0
+
+repo github upbound io v1alpha1 repository ruleset status at provider rules items0 commit author email pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|(String) How this rule will appear to users.
How this rule will appear to users.||
+|**negate**|bool|(Boolean) If true, the rule will fail if the pattern matches.
If true, the rule will fail if the pattern matches.||
+|**operator**|str|(String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|(String) The pattern to match with.
The pattern to match with.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0CommitMessagePatternItems0
+
+repo github upbound io v1alpha1 repository ruleset status at provider rules items0 commit message pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|(String) How this rule will appear to users.
How this rule will appear to users.||
+|**negate**|bool|(Boolean) If true, the rule will fail if the pattern matches.
If true, the rule will fail if the pattern matches.||
+|**operator**|str|(String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|(String) The pattern to match with.
The pattern to match with.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0CommitterEmailPatternItems0
+
+repo github upbound io v1alpha1 repository ruleset status at provider rules items0 committer email pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|(String) How this rule will appear to users.
How this rule will appear to users.||
+|**negate**|bool|(Boolean) If true, the rule will fail if the pattern matches.
If true, the rule will fail if the pattern matches.||
+|**operator**|str|(String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|(String) The pattern to match with.
The pattern to match with.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0PullRequestItems0
+
+repo github upbound io v1alpha1 repository ruleset status at provider rules items0 pull request items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**dismissStaleReviewsOnPush**|bool|(Boolean) New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to false.
New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to `false`.||
+|**requireCodeOwnerReview**|bool|(Boolean) Require an approving review in pull requests that modify files that have a designated code owner. Defaults to false.
Require an approving review in pull requests that modify files that have a designated code owner. Defaults to `false`.||
+|**requireLastPushApproval**|bool|(Boolean) Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to false.
Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to `false`.||
+|**requiredApprovingReviewCount**|int|(Number) The number of approving reviews that are required before a pull request can be merged. Defaults to 0.
The number of approving reviews that are required before a pull request can be merged. Defaults to `0`.||
+|**requiredReviewThreadResolution**|bool|(Boolean) All conversations on code must be resolved before a pull request can be merged. Defaults to false.
All conversations on code must be resolved before a pull request can be merged. Defaults to `false`.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0RequiredDeploymentsItems0
+
+repo github upbound io v1alpha1 repository ruleset status at provider rules items0 required deployments items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**requiredDeploymentEnvironments**|[str]|(List of String) The environments that must be successfully deployed to before branches can be merged.
The environments that must be successfully deployed to before branches can be merged.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0
+
+repo github upbound io v1alpha1 repository ruleset status at provider rules items0 required status checks items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**requiredCheck**|[[RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0](#repogithubupboundiov1alpha1repositoryrulesetstatusatproviderrulesitems0requiredstatuschecksitems0requiredcheckitems0)]|(Block Set, Min: 1) Status checks that are required. Several can be defined. (see below for nested schema)
Status checks that are required. Several can be defined.||
+|**strictRequiredStatusChecksPolicy**|bool|(Boolean) Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to false.
Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to `false`.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0
+
+repo github upbound io v1alpha1 repository ruleset status at provider rules items0 required status checks items0 required check items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**context**|str|(String) The status check context name that must be present on the commit.
The status check context name that must be present on the commit.||
+|**integrationId**|int|(Number) The optional integration ID that this status check must originate from.
The optional integration ID that this status check must originate from.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0TagNamePatternItems0
+
+repo github upbound io v1alpha1 repository ruleset status at provider rules items0 tag name pattern items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name**|str|(String) How this rule will appear to users.
How this rule will appear to users.||
+|**negate**|bool|(Boolean) If true, the rule will fail if the pattern matches.
If true, the rule will fail if the pattern matches.||
+|**operator**|str|(String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.||
+|**pattern**|str|(String) The pattern to match with.
The pattern to match with.||
+### RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### RepoGithubUpboundIoV1alpha1RepositorySpec
+
+RepositorySpec defines the desired state of Repository
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[RepoGithubUpboundIoV1alpha1RepositorySpecForProvider](#repogithubupboundiov1alpha1repositoryspecforprovider)|for provider||
+|**initProvider**|[RepoGithubUpboundIoV1alpha1RepositorySpecInitProvider](#repogithubupboundiov1alpha1repositoryspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[RepoGithubUpboundIoV1alpha1RepositorySpecProviderConfigRef](#repogithubupboundiov1alpha1repositoryspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1repositoryspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[RepoGithubUpboundIoV1alpha1RepositorySpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1repositoryspecwriteconnectionsecrettoref)|write connection secret to ref||
+### RepoGithubUpboundIoV1alpha1RepositorySpecForProvider
+
+repo github upbound io v1alpha1 repository spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**allowAutoMerge**|bool|Set to true to allow auto-merging pull requests on the repository.
Set to 'true' to allow auto-merging pull requests on the repository.||
+|**allowMergeCommit**|bool|(including the related merge_commit_title and merge_commit_message)
Set to 'false' to disable merge commits on the repository.||
+|**allowRebaseMerge**|bool|Set to false to disable rebase merges on the repository.
Set to 'false' to disable rebase merges on the repository.||
+|**allowSquashMerge**|bool|(including the related squash_merge_commit_title and squash_merge_commit_message)
Set to 'false' to disable squash merges on the repository.||
+|**allowUpdateBranch**|bool|Set to true to always suggest updating pull request branches.
Set to 'true' to always suggest updating pull request branches.||
+|**archiveOnDestroy**|bool|Set to true to archive the repository instead of deleting on destroy.
Set to 'true' to archive the repository instead of deleting on destroy.||
+|**archived**|bool|Specifies if the repository should be archived. Defaults to false. NOTE Currently, the API does not support unarchiving.
Specifies if the repository should be archived. Defaults to 'false'. NOTE Currently, the API does not support unarchiving.||
+|**autoInit**|bool|Set to true to produce an initial commit in the repository.
Set to 'true' to produce an initial commit in the repository.||
+|**defaultBranch**|str|(Deprecated: Use github_branch_default resource instead) The name of the default branch of the repository. NOTE: This can only be set after a repository has already been created,
and after a correct reference has been created for the target branch inside the repository. This means a user will have to omit this parameter from the
initial repository creation and create the target branch inside of the repository prior to setting this attribute.
Can only be set after initial repository creation, and only if the target branch exists||
+|**deleteBranchOnMerge**|bool|Automatically delete head branch after a pull request is merged. Defaults to false.
Automatically delete head branch after a pull request is merged. Defaults to 'false'.||
+|**description**|str|A description of the repository.
A description of the repository.||
+|**gitignoreTemplate**|str|Use the name of the template without the extension. For example, "Haskell".
Use the name of the template without the extension. For example, 'Haskell'.||
+|**hasDiscussions**|bool|Set to true to enable GitHub Discussions on the repository. Defaults to false.
Set to 'true' to enable GitHub Discussions on the repository. Defaults to 'false'.||
+|**hasDownloads**|bool|Set to true to enable the (deprecated) downloads features on the repository.
Set to 'true' to enable the (deprecated) downloads features on the repository.||
+|**hasIssues**|bool|Set to true to enable the GitHub Issues features
on the repository.
Set to 'true' to enable the GitHub Issues features on the repository||
+|**hasProjects**|bool|Set to true to enable the GitHub Projects features on the repository. Per the GitHub documentation when in an organization that has disabled repository projects it will default to false and will otherwise default to true. If you specify true when it has been disabled it will return an error.
Set to 'true' to enable the GitHub Projects features on the repository. Per the GitHub documentation when in an organization that has disabled repository projects it will default to 'false' and will otherwise default to 'true'. If you specify 'true' when it has been disabled it will return an error.||
+|**hasWiki**|bool|Set to true to enable the GitHub Wiki features on
the repository.
Set to 'true' to enable the GitHub Wiki features on the repository.||
+|**homepageUrl**|str|URL of a page describing the project.
URL of a page describing the project.||
+|**ignoreVulnerabilityAlertsDuringRead**|bool|Set to true to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read.
Set to true to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read.||
+|**isTemplate**|bool|Set to true to tell GitHub that this is a template repository.
Set to 'true' to tell GitHub that this is a template repository.||
+|**licenseTemplate**|str|Use the name of the template without the extension. For example, "mit" or "mpl-2.0".
Use the name of the template without the extension. For example, 'mit' or 'mpl-2.0'.||
+|**mergeCommitMessage**|str|Can be PR_BODY, PR_TITLE, or BLANK for a default merge commit message. Applicable only if allow_merge_commit is true.
Can be 'PR_BODY', 'PR_TITLE', or 'BLANK' for a default merge commit message.||
+|**mergeCommitTitle**|str|Can be PR_TITLE or MERGE_MESSAGE for a default merge commit title. Applicable only if allow_merge_commit is true.
Can be 'PR_TITLE' or 'MERGE_MESSAGE' for a default merge commit title.||
+|**name**|str|The name of the repository.
The name of the repository.||
+|**pages**|[[RepoGithubUpboundIoV1alpha1RepositorySpecForProviderPagesItems0](#repogithubupboundiov1alpha1repositoryspecforproviderpagesitems0)]|The repository's GitHub Pages configuration. See GitHub Pages Configuration below for details.
The repository's GitHub Pages configuration||
+|**private**|bool|Set to true to create a private repository.
Repositories are created as public (e.g. open source) by default.||
+|**securityAndAnalysis**|[[RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0](#repogithubupboundiov1alpha1repositoryspecforprovidersecurityandanalysisitems0)]|The repository's security and analysis configuration. See Security and Analysis Configuration below for details.
Security and analysis settings for the repository. To use this parameter you must have admin permissions for the repository or be an owner or security manager for the organization that owns the repository.||
+|**squashMergeCommitMessage**|str|Can be PR_BODY, COMMIT_MESSAGES, or BLANK for a default squash merge commit message. Applicable only if allow_squash_merge is true.
Can be 'PR_BODY', 'COMMIT_MESSAGES', or 'BLANK' for a default squash merge commit message.||
+|**squashMergeCommitTitle**|str|Can be PR_TITLE or COMMIT_OR_PR_TITLE for a default squash merge commit title. Applicable only if allow_squash_merge is true.
Can be 'PR_TITLE' or 'COMMIT_OR_PR_TITLE' for a default squash merge commit title.||
+|**template**|[[RepoGithubUpboundIoV1alpha1RepositorySpecForProviderTemplateItems0](#repogithubupboundiov1alpha1repositoryspecforprovidertemplateitems0)]|Use a template repository to create this resource. See Template Repositories below for details.
Use a template repository to create this resource.||
+|**topics**|[str]|The list of topics of the repository.
The list of topics of the repository.||
+|**visibility**|str|Can be public or private. If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be internal. The visibility parameter overrides the private parameter.
Can be 'public' or 'private'. If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be 'internal'.||
+|**vulnerabilityAlerts**|bool|Set to true to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default.) See GitHub Documentation for details. Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings.
Set to 'true' to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default). Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings.||
+|**webCommitSignoffRequired**|bool|Require contributors to sign off on web-based commits. See more here. Defaults to false.
Require contributors to sign off on web-based commits. Defaults to 'false'.||
+### RepoGithubUpboundIoV1alpha1RepositorySpecForProviderPagesItems0
+
+repo github upbound io v1alpha1 repository spec for provider pages items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**buildType**|str|The type of GitHub Pages site to build. Can be legacy or workflow. If you use legacy as build type you need to set the option source.
The type the page should be sourced.||
+|**cname**|str|The custom domain for the repository. This can only be set after the repository has been created.
The custom domain for the repository. This can only be set after the repository has been created.||
+|**source**|[[RepoGithubUpboundIoV1alpha1RepositorySpecForProviderPagesItems0SourceItems0](#repogithubupboundiov1alpha1repositoryspecforproviderpagesitems0sourceitems0)]|The source branch and directory for the rendered Pages site. See GitHub Pages Source below for details.
The source branch and directory for the rendered Pages site.||
+### RepoGithubUpboundIoV1alpha1RepositorySpecForProviderPagesItems0SourceItems0
+
+repo github upbound io v1alpha1 repository spec for provider pages items0 source items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**branch**|str|The repository branch used to publish the site's source files. (i.e. main or gh-pages.
The repository branch used to publish the site's source files. (i.e. 'main' or 'gh-pages')||
+|**path**|str|The repository directory from which the site publishes (Default: /).
The repository directory from which the site publishes (Default: '/')||
+### RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0
+
+repo github upbound io v1alpha1 repository spec for provider security and analysis items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**advancedSecurity**|[[RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0AdvancedSecurityItems0](#repogithubupboundiov1alpha1repositoryspecforprovidersecurityandanalysisitems0advancedsecurityitems0)]|The advanced security configuration for the repository. See Advanced Security Configuration below for details. If a repository's visibility is public, advanced security is always enabled and cannot be changed, so this setting cannot be supplied.
The advanced security configuration for the repository. If a repository's visibility is 'public', advanced security is always enabled and cannot be changed, so this setting cannot be supplied.||
+|**secretScanning**|[[RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0SecretScanningItems0](#repogithubupboundiov1alpha1repositoryspecforprovidersecurityandanalysisitems0secretscanningitems0)]|The secret scanning configuration for the repository. See Secret Scanning Configuration below for details.
The secret scanning configuration for the repository.||
+|**secretScanningPushProtection**|[[RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0SecretScanningPushProtectionItems0](#repogithubupboundiov1alpha1repositoryspecforprovidersecurityandanalysisitems0secretscanningpushprotectionitems0)]|The secret scanning push protection configuration for the repository. See Secret Scanning Push Protection Configuration below for details.
The secret scanning push protection configuration for the repository.||
+### RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0AdvancedSecurityItems0
+
+repo github upbound io v1alpha1 repository spec for provider security and analysis items0 advanced security items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**status**|str|Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
Set to 'enabled' to enable advanced security features on the repository. Can be 'enabled' or 'disabled'.||
+### RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0SecretScanningItems0
+
+repo github upbound io v1alpha1 repository spec for provider security and analysis items0 secret scanning items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**status**|str|Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
Set to 'enabled' to enable secret scanning on the repository. Can be 'enabled' or 'disabled'. If set to 'enabled', the repository's visibility must be 'public' or 'security_and_analysis[0].advanced_security[0].status' must also be set to 'enabled'.||
+### RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0SecretScanningPushProtectionItems0
+
+repo github upbound io v1alpha1 repository spec for provider security and analysis items0 secret scanning push protection items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**status**|str|Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
Set to 'enabled' to enable secret scanning push protection on the repository. Can be 'enabled' or 'disabled'. If set to 'enabled', the repository's visibility must be 'public' or 'security_and_analysis[0].advanced_security[0].status' must also be set to 'enabled'.||
+### RepoGithubUpboundIoV1alpha1RepositorySpecForProviderTemplateItems0
+
+repo github upbound io v1alpha1 repository spec for provider template items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**includeAllBranches**|bool|: Whether the new repository should include all the branches from the template repository (defaults to false, which includes only the default branch from the template).
Whether the new repository should include all the branches from the template repository (defaults to 'false', which includes only the default branch from the template).||
+|**owner**|str|: The GitHub organization or user the template repository is owned by.
The GitHub organization or user the template repository is owned by.||
+|**repository**|str|: The name of the template repository.
The name of the template repository.||
+### RepoGithubUpboundIoV1alpha1RepositorySpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**allowAutoMerge**|bool|Set to true to allow auto-merging pull requests on the repository.
Set to 'true' to allow auto-merging pull requests on the repository.||
+|**allowMergeCommit**|bool|(including the related merge_commit_title and merge_commit_message)
Set to 'false' to disable merge commits on the repository.||
+|**allowRebaseMerge**|bool|Set to false to disable rebase merges on the repository.
Set to 'false' to disable rebase merges on the repository.||
+|**allowSquashMerge**|bool|(including the related squash_merge_commit_title and squash_merge_commit_message)
Set to 'false' to disable squash merges on the repository.||
+|**allowUpdateBranch**|bool|Set to true to always suggest updating pull request branches.
Set to 'true' to always suggest updating pull request branches.||
+|**archiveOnDestroy**|bool|Set to true to archive the repository instead of deleting on destroy.
Set to 'true' to archive the repository instead of deleting on destroy.||
+|**archived**|bool|Specifies if the repository should be archived. Defaults to false. NOTE Currently, the API does not support unarchiving.
Specifies if the repository should be archived. Defaults to 'false'. NOTE Currently, the API does not support unarchiving.||
+|**autoInit**|bool|Set to true to produce an initial commit in the repository.
Set to 'true' to produce an initial commit in the repository.||
+|**defaultBranch**|str|(Deprecated: Use github_branch_default resource instead) The name of the default branch of the repository. NOTE: This can only be set after a repository has already been created,
and after a correct reference has been created for the target branch inside the repository. This means a user will have to omit this parameter from the
initial repository creation and create the target branch inside of the repository prior to setting this attribute.
Can only be set after initial repository creation, and only if the target branch exists||
+|**deleteBranchOnMerge**|bool|Automatically delete head branch after a pull request is merged. Defaults to false.
Automatically delete head branch after a pull request is merged. Defaults to 'false'.||
+|**description**|str|A description of the repository.
A description of the repository.||
+|**gitignoreTemplate**|str|Use the name of the template without the extension. For example, "Haskell".
Use the name of the template without the extension. For example, 'Haskell'.||
+|**hasDiscussions**|bool|Set to true to enable GitHub Discussions on the repository. Defaults to false.
Set to 'true' to enable GitHub Discussions on the repository. Defaults to 'false'.||
+|**hasDownloads**|bool|Set to true to enable the (deprecated) downloads features on the repository.
Set to 'true' to enable the (deprecated) downloads features on the repository.||
+|**hasIssues**|bool|Set to true to enable the GitHub Issues features
on the repository.
Set to 'true' to enable the GitHub Issues features on the repository||
+|**hasProjects**|bool|Set to true to enable the GitHub Projects features on the repository. Per the GitHub documentation when in an organization that has disabled repository projects it will default to false and will otherwise default to true. If you specify true when it has been disabled it will return an error.
Set to 'true' to enable the GitHub Projects features on the repository. Per the GitHub documentation when in an organization that has disabled repository projects it will default to 'false' and will otherwise default to 'true'. If you specify 'true' when it has been disabled it will return an error.||
+|**hasWiki**|bool|Set to true to enable the GitHub Wiki features on
the repository.
Set to 'true' to enable the GitHub Wiki features on the repository.||
+|**homepageUrl**|str|URL of a page describing the project.
URL of a page describing the project.||
+|**ignoreVulnerabilityAlertsDuringRead**|bool|Set to true to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read.
Set to true to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read.||
+|**isTemplate**|bool|Set to true to tell GitHub that this is a template repository.
Set to 'true' to tell GitHub that this is a template repository.||
+|**licenseTemplate**|str|Use the name of the template without the extension. For example, "mit" or "mpl-2.0".
Use the name of the template without the extension. For example, 'mit' or 'mpl-2.0'.||
+|**mergeCommitMessage**|str|Can be PR_BODY, PR_TITLE, or BLANK for a default merge commit message. Applicable only if allow_merge_commit is true.
Can be 'PR_BODY', 'PR_TITLE', or 'BLANK' for a default merge commit message.||
+|**mergeCommitTitle**|str|Can be PR_TITLE or MERGE_MESSAGE for a default merge commit title. Applicable only if allow_merge_commit is true.
Can be 'PR_TITLE' or 'MERGE_MESSAGE' for a default merge commit title.||
+|**name**|str|The name of the repository.
The name of the repository.||
+|**pages**|[[RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderPagesItems0](#repogithubupboundiov1alpha1repositoryspecinitproviderpagesitems0)]|The repository's GitHub Pages configuration. See GitHub Pages Configuration below for details.
The repository's GitHub Pages configuration||
+|**private**|bool|Set to true to create a private repository.
Repositories are created as public (e.g. open source) by default.||
+|**securityAndAnalysis**|[[RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0](#repogithubupboundiov1alpha1repositoryspecinitprovidersecurityandanalysisitems0)]|The repository's security and analysis configuration. See Security and Analysis Configuration below for details.
Security and analysis settings for the repository. To use this parameter you must have admin permissions for the repository or be an owner or security manager for the organization that owns the repository.||
+|**squashMergeCommitMessage**|str|Can be PR_BODY, COMMIT_MESSAGES, or BLANK for a default squash merge commit message. Applicable only if allow_squash_merge is true.
Can be 'PR_BODY', 'COMMIT_MESSAGES', or 'BLANK' for a default squash merge commit message.||
+|**squashMergeCommitTitle**|str|Can be PR_TITLE or COMMIT_OR_PR_TITLE for a default squash merge commit title. Applicable only if allow_squash_merge is true.
Can be 'PR_TITLE' or 'COMMIT_OR_PR_TITLE' for a default squash merge commit title.||
+|**template**|[[RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderTemplateItems0](#repogithubupboundiov1alpha1repositoryspecinitprovidertemplateitems0)]|Use a template repository to create this resource. See Template Repositories below for details.
Use a template repository to create this resource.||
+|**topics**|[str]|The list of topics of the repository.
The list of topics of the repository.||
+|**visibility**|str|Can be public or private. If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be internal. The visibility parameter overrides the private parameter.
Can be 'public' or 'private'. If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be 'internal'.||
+|**vulnerabilityAlerts**|bool|Set to true to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default.) See GitHub Documentation for details. Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings.
Set to 'true' to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default). Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings.||
+|**webCommitSignoffRequired**|bool|Require contributors to sign off on web-based commits. See more here. Defaults to false.
Require contributors to sign off on web-based commits. Defaults to 'false'.||
+### RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderPagesItems0
+
+repo github upbound io v1alpha1 repository spec init provider pages items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**buildType**|str|The type of GitHub Pages site to build. Can be legacy or workflow. If you use legacy as build type you need to set the option source.
The type the page should be sourced.||
+|**cname**|str|The custom domain for the repository. This can only be set after the repository has been created.
The custom domain for the repository. This can only be set after the repository has been created.||
+|**source**|[[RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderPagesItems0SourceItems0](#repogithubupboundiov1alpha1repositoryspecinitproviderpagesitems0sourceitems0)]|The source branch and directory for the rendered Pages site. See GitHub Pages Source below for details.
The source branch and directory for the rendered Pages site.||
+### RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderPagesItems0SourceItems0
+
+repo github upbound io v1alpha1 repository spec init provider pages items0 source items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**branch**|str|The repository branch used to publish the site's source files. (i.e. main or gh-pages.
The repository branch used to publish the site's source files. (i.e. 'main' or 'gh-pages')||
+|**path**|str|The repository directory from which the site publishes (Default: /).
The repository directory from which the site publishes (Default: '/')||
+### RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0
+
+repo github upbound io v1alpha1 repository spec init provider security and analysis items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**advancedSecurity**|[[RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0AdvancedSecurityItems0](#repogithubupboundiov1alpha1repositoryspecinitprovidersecurityandanalysisitems0advancedsecurityitems0)]|The advanced security configuration for the repository. See Advanced Security Configuration below for details. If a repository's visibility is public, advanced security is always enabled and cannot be changed, so this setting cannot be supplied.
The advanced security configuration for the repository. If a repository's visibility is 'public', advanced security is always enabled and cannot be changed, so this setting cannot be supplied.||
+|**secretScanning**|[[RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0SecretScanningItems0](#repogithubupboundiov1alpha1repositoryspecinitprovidersecurityandanalysisitems0secretscanningitems0)]|The secret scanning configuration for the repository. See Secret Scanning Configuration below for details.
The secret scanning configuration for the repository.||
+|**secretScanningPushProtection**|[[RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0SecretScanningPushProtectionItems0](#repogithubupboundiov1alpha1repositoryspecinitprovidersecurityandanalysisitems0secretscanningpushprotectionitems0)]|The secret scanning push protection configuration for the repository. See Secret Scanning Push Protection Configuration below for details.
The secret scanning push protection configuration for the repository.||
+### RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0AdvancedSecurityItems0
+
+repo github upbound io v1alpha1 repository spec init provider security and analysis items0 advanced security items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**status**|str|Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
Set to 'enabled' to enable advanced security features on the repository. Can be 'enabled' or 'disabled'.||
+### RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0SecretScanningItems0
+
+repo github upbound io v1alpha1 repository spec init provider security and analysis items0 secret scanning items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**status**|str|Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
Set to 'enabled' to enable secret scanning on the repository. Can be 'enabled' or 'disabled'. If set to 'enabled', the repository's visibility must be 'public' or 'security_and_analysis[0].advanced_security[0].status' must also be set to 'enabled'.||
+### RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0SecretScanningPushProtectionItems0
+
+repo github upbound io v1alpha1 repository spec init provider security and analysis items0 secret scanning push protection items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**status**|str|Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
Set to 'enabled' to enable secret scanning push protection on the repository. Can be 'enabled' or 'disabled'. If set to 'enabled', the repository's visibility must be 'public' or 'security_and_analysis[0].advanced_security[0].status' must also be set to 'enabled'.||
+### RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderTemplateItems0
+
+repo github upbound io v1alpha1 repository spec init provider template items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**includeAllBranches**|bool|: Whether the new repository should include all the branches from the template repository (defaults to false, which includes only the default branch from the template).
Whether the new repository should include all the branches from the template repository (defaults to 'false', which includes only the default branch from the template).||
+|**owner**|str|: The GitHub organization or user the template repository is owned by.
The GitHub organization or user the template repository is owned by.||
+|**repository**|str|: The name of the template repository.
The name of the template repository.||
+### RepoGithubUpboundIoV1alpha1RepositorySpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositorySpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1repositoryspecproviderconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositorySpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1repositoryspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1repositoryspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1repositoryspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### RepoGithubUpboundIoV1alpha1RepositorySpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### RepoGithubUpboundIoV1alpha1RepositoryStatus
+
+RepositoryStatus defines the observed state of Repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[RepoGithubUpboundIoV1alpha1RepositoryStatusAtProvider](#repogithubupboundiov1alpha1repositorystatusatprovider)|at provider||
+|**conditions**|[[RepoGithubUpboundIoV1alpha1RepositoryStatusConditionsItems0](#repogithubupboundiov1alpha1repositorystatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### RepoGithubUpboundIoV1alpha1RepositoryStatusAtProvider
+
+repo github upbound io v1alpha1 repository status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**allowAutoMerge**|bool|Set to true to allow auto-merging pull requests on the repository.
Set to 'true' to allow auto-merging pull requests on the repository.||
+|**allowMergeCommit**|bool|(including the related merge_commit_title and merge_commit_message)
Set to 'false' to disable merge commits on the repository.||
+|**allowRebaseMerge**|bool|Set to false to disable rebase merges on the repository.
Set to 'false' to disable rebase merges on the repository.||
+|**allowSquashMerge**|bool|(including the related squash_merge_commit_title and squash_merge_commit_message)
Set to 'false' to disable squash merges on the repository.||
+|**allowUpdateBranch**|bool|Set to true to always suggest updating pull request branches.
Set to 'true' to always suggest updating pull request branches.||
+|**archiveOnDestroy**|bool|Set to true to archive the repository instead of deleting on destroy.
Set to 'true' to archive the repository instead of deleting on destroy.||
+|**archived**|bool|Specifies if the repository should be archived. Defaults to false. NOTE Currently, the API does not support unarchiving.
Specifies if the repository should be archived. Defaults to 'false'. NOTE Currently, the API does not support unarchiving.||
+|**autoInit**|bool|Set to true to produce an initial commit in the repository.
Set to 'true' to produce an initial commit in the repository.||
+|**defaultBranch**|str|(Deprecated: Use github_branch_default resource instead) The name of the default branch of the repository. NOTE: This can only be set after a repository has already been created,
and after a correct reference has been created for the target branch inside the repository. This means a user will have to omit this parameter from the
initial repository creation and create the target branch inside of the repository prior to setting this attribute.
Can only be set after initial repository creation, and only if the target branch exists||
+|**deleteBranchOnMerge**|bool|Automatically delete head branch after a pull request is merged. Defaults to false.
Automatically delete head branch after a pull request is merged. Defaults to 'false'.||
+|**description**|str|A description of the repository.
A description of the repository.||
+|**etag**|str|etag||
+|**fullName**|str|A string of the form "orgname/reponame".
A string of the form 'orgname/reponame'.||
+|**gitCloneUrl**|str|URL that can be provided to git clone to clone the repository anonymously via the git protocol.
URL that can be provided to 'git clone' to clone the repository anonymously via the git protocol.||
+|**gitignoreTemplate**|str|Use the name of the template without the extension. For example, "Haskell".
Use the name of the template without the extension. For example, 'Haskell'.||
+|**hasDiscussions**|bool|Set to true to enable GitHub Discussions on the repository. Defaults to false.
Set to 'true' to enable GitHub Discussions on the repository. Defaults to 'false'.||
+|**hasDownloads**|bool|Set to true to enable the (deprecated) downloads features on the repository.
Set to 'true' to enable the (deprecated) downloads features on the repository.||
+|**hasIssues**|bool|Set to true to enable the GitHub Issues features
on the repository.
Set to 'true' to enable the GitHub Issues features on the repository||
+|**hasProjects**|bool|Set to true to enable the GitHub Projects features on the repository. Per the GitHub documentation when in an organization that has disabled repository projects it will default to false and will otherwise default to true. If you specify true when it has been disabled it will return an error.
Set to 'true' to enable the GitHub Projects features on the repository. Per the GitHub documentation when in an organization that has disabled repository projects it will default to 'false' and will otherwise default to 'true'. If you specify 'true' when it has been disabled it will return an error.||
+|**hasWiki**|bool|Set to true to enable the GitHub Wiki features on
the repository.
Set to 'true' to enable the GitHub Wiki features on the repository.||
+|**homepageUrl**|str|URL of a page describing the project.
URL of a page describing the project.||
+|**htmlUrl**|str|URL to the repository on the web.
URL to the repository on the web.||
+|**httpCloneUrl**|str|URL that can be provided to git clone to clone the repository via HTTPS.
URL that can be provided to 'git clone' to clone the repository via HTTPS.||
+|**id**|str|id||
+|**ignoreVulnerabilityAlertsDuringRead**|bool|Set to true to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read.
Set to true to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read.||
+|**isTemplate**|bool|Set to true to tell GitHub that this is a template repository.
Set to 'true' to tell GitHub that this is a template repository.||
+|**licenseTemplate**|str|Use the name of the template without the extension. For example, "mit" or "mpl-2.0".
Use the name of the template without the extension. For example, 'mit' or 'mpl-2.0'.||
+|**mergeCommitMessage**|str|Can be PR_BODY, PR_TITLE, or BLANK for a default merge commit message. Applicable only if allow_merge_commit is true.
Can be 'PR_BODY', 'PR_TITLE', or 'BLANK' for a default merge commit message.||
+|**mergeCommitTitle**|str|Can be PR_TITLE or MERGE_MESSAGE for a default merge commit title. Applicable only if allow_merge_commit is true.
Can be 'PR_TITLE' or 'MERGE_MESSAGE' for a default merge commit title.||
+|**name**|str|The name of the repository.
The name of the repository.||
+|**nodeId**|str|GraphQL global node id for use with v4 API
GraphQL global node id for use with v4 API.||
+|**pages**|[[RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderPagesItems0](#repogithubupboundiov1alpha1repositorystatusatproviderpagesitems0)]|The repository's GitHub Pages configuration. See GitHub Pages Configuration below for details.
The repository's GitHub Pages configuration||
+|**primaryLanguage**|str|The primary language used in the repository.||
+|**private**|bool|Set to true to create a private repository.
Repositories are created as public (e.g. open source) by default.||
+|**repoId**|int|GitHub ID for the repository
GitHub ID for the repository.||
+|**securityAndAnalysis**|[[RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0](#repogithubupboundiov1alpha1repositorystatusatprovidersecurityandanalysisitems0)]|The repository's security and analysis configuration. See Security and Analysis Configuration below for details.
Security and analysis settings for the repository. To use this parameter you must have admin permissions for the repository or be an owner or security manager for the organization that owns the repository.||
+|**squashMergeCommitMessage**|str|Can be PR_BODY, COMMIT_MESSAGES, or BLANK for a default squash merge commit message. Applicable only if allow_squash_merge is true.
Can be 'PR_BODY', 'COMMIT_MESSAGES', or 'BLANK' for a default squash merge commit message.||
+|**squashMergeCommitTitle**|str|Can be PR_TITLE or COMMIT_OR_PR_TITLE for a default squash merge commit title. Applicable only if allow_squash_merge is true.
Can be 'PR_TITLE' or 'COMMIT_OR_PR_TITLE' for a default squash merge commit title.||
+|**sshCloneUrl**|str|URL that can be provided to git clone to clone the repository via SSH.
URL that can be provided to 'git clone' to clone the repository via SSH.||
+|**svnUrl**|str|URL that can be provided to svn checkout to check out the repository via GitHub's Subversion protocol emulation.
URL that can be provided to 'svn checkout' to check out the repository via GitHub's Subversion protocol emulation.||
+|**template**|[[RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderTemplateItems0](#repogithubupboundiov1alpha1repositorystatusatprovidertemplateitems0)]|Use a template repository to create this resource. See Template Repositories below for details.
Use a template repository to create this resource.||
+|**topics**|[str]|The list of topics of the repository.
The list of topics of the repository.||
+|**visibility**|str|Can be public or private. If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be internal. The visibility parameter overrides the private parameter.
Can be 'public' or 'private'. If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be 'internal'.||
+|**vulnerabilityAlerts**|bool|Set to true to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default.) See GitHub Documentation for details. Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings.
Set to 'true' to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default). Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings.||
+|**webCommitSignoffRequired**|bool|Require contributors to sign off on web-based commits. See more here. Defaults to false.
Require contributors to sign off on web-based commits. Defaults to 'false'.||
+### RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderPagesItems0
+
+repo github upbound io v1alpha1 repository status at provider pages items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**buildType**|str|The type of GitHub Pages site to build. Can be legacy or workflow. If you use legacy as build type you need to set the option source.
The type the page should be sourced.||
+|**cname**|str|The custom domain for the repository. This can only be set after the repository has been created.
The custom domain for the repository. This can only be set after the repository has been created.||
+|**custom404**|bool|Whether the rendered GitHub Pages site has a custom 404 page.
Whether the rendered GitHub Pages site has a custom 404 page||
+|**htmlUrl**|str|URL to the repository on the web.
URL to the repository on the web.||
+|**source**|[[RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderPagesItems0SourceItems0](#repogithubupboundiov1alpha1repositorystatusatproviderpagesitems0sourceitems0)]|The source branch and directory for the rendered Pages site. See GitHub Pages Source below for details.
The source branch and directory for the rendered Pages site.||
+|**status**|str|Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
The GitHub Pages site's build status e.g. building or built.||
+|**url**|str|url||
+### RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderPagesItems0SourceItems0
+
+repo github upbound io v1alpha1 repository status at provider pages items0 source items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**branch**|str|The repository branch used to publish the site's source files. (i.e. main or gh-pages.
The repository branch used to publish the site's source files. (i.e. 'main' or 'gh-pages')||
+|**path**|str|The repository directory from which the site publishes (Default: /).
The repository directory from which the site publishes (Default: '/')||
+### RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0
+
+repo github upbound io v1alpha1 repository status at provider security and analysis items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**advancedSecurity**|[[RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0AdvancedSecurityItems0](#repogithubupboundiov1alpha1repositorystatusatprovidersecurityandanalysisitems0advancedsecurityitems0)]|The advanced security configuration for the repository. See Advanced Security Configuration below for details. If a repository's visibility is public, advanced security is always enabled and cannot be changed, so this setting cannot be supplied.
The advanced security configuration for the repository. If a repository's visibility is 'public', advanced security is always enabled and cannot be changed, so this setting cannot be supplied.||
+|**secretScanning**|[[RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0SecretScanningItems0](#repogithubupboundiov1alpha1repositorystatusatprovidersecurityandanalysisitems0secretscanningitems0)]|The secret scanning configuration for the repository. See Secret Scanning Configuration below for details.
The secret scanning configuration for the repository.||
+|**secretScanningPushProtection**|[[RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0SecretScanningPushProtectionItems0](#repogithubupboundiov1alpha1repositorystatusatprovidersecurityandanalysisitems0secretscanningpushprotectionitems0)]|The secret scanning push protection configuration for the repository. See Secret Scanning Push Protection Configuration below for details.
The secret scanning push protection configuration for the repository.||
+### RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0AdvancedSecurityItems0
+
+repo github upbound io v1alpha1 repository status at provider security and analysis items0 advanced security items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**status**|str|Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
Set to 'enabled' to enable advanced security features on the repository. Can be 'enabled' or 'disabled'.||
+### RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0SecretScanningItems0
+
+repo github upbound io v1alpha1 repository status at provider security and analysis items0 secret scanning items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**status**|str|Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
Set to 'enabled' to enable secret scanning on the repository. Can be 'enabled' or 'disabled'. If set to 'enabled', the repository's visibility must be 'public' or 'security_and_analysis[0].advanced_security[0].status' must also be set to 'enabled'.||
+### RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0SecretScanningPushProtectionItems0
+
+repo github upbound io v1alpha1 repository status at provider security and analysis items0 secret scanning push protection items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**status**|str|Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
Set to 'enabled' to enable secret scanning push protection on the repository. Can be 'enabled' or 'disabled'. If set to 'enabled', the repository's visibility must be 'public' or 'security_and_analysis[0].advanced_security[0].status' must also be set to 'enabled'.||
+### RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderTemplateItems0
+
+repo github upbound io v1alpha1 repository status at provider template items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**includeAllBranches**|bool|: Whether the new repository should include all the branches from the template repository (defaults to false, which includes only the default branch from the template).
Whether the new repository should include all the branches from the template repository (defaults to 'false', which includes only the default branch from the template).||
+|**owner**|str|: The GitHub organization or user the template repository is owned by.
The GitHub organization or user the template repository is owned by.||
+|**repository**|str|: The name of the template repository.
The name of the template repository.||
+### RepoGithubUpboundIoV1alpha1RepositoryStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpec
+
+RepositoryWebhookSpec defines the desired state of RepositoryWebhook
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProvider](#repogithubupboundiov1alpha1repositorywebhookspecforprovider)|for provider||
+|**initProvider**|[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProvider](#repogithubupboundiov1alpha1repositorywebhookspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecProviderConfigRef](#repogithubupboundiov1alpha1repositorywebhookspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1repositorywebhookspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1repositorywebhookspecwriteconnectionsecrettoref)|write connection secret to ref||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProvider
+
+repo github upbound io v1alpha1 repository webhook spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**active**|bool|Indicate if the webhook should receive events. Defaults to true.
Indicate if the webhook should receive events. Defaults to 'true'.||
+|**configuration**|[[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderConfigurationItems0](#repogithubupboundiov1alpha1repositorywebhookspecforproviderconfigurationitems0)]|Configuration block for the webhook. Detailed below.
Configuration for the webhook.||
+|**events**|[str]|A list of events which should trigger the webhook. See a list of available events.
A list of events which should trigger the webhook||
+|**repository**|str|The repository of the webhook.
The repository of the webhook.||
+|**repositoryRef**|[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositoryRef](#repogithubupboundiov1alpha1repositorywebhookspecforproviderrepositoryref)|repository ref||
+|**repositorySelector**|[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositorySelector](#repogithubupboundiov1alpha1repositorywebhookspecforproviderrepositoryselector)|repository selector||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderConfigurationItems0
+
+repo github upbound io v1alpha1 repository webhook spec for provider configuration items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**contentType**|str|The content type for the payload. Valid values are either form or json.
The content type for the payload. Valid values are either 'form' or 'json'.||
+|**insecureSsl**|bool|Insecure SSL boolean toggle. Defaults to false.
Insecure SSL boolean toggle. Defaults to 'false'.||
+|**secretSecretRef**|[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderConfigurationItems0SecretSecretRef](#repogithubupboundiov1alpha1repositorywebhookspecforproviderconfigurationitems0secretsecretref)|secret secret ref||
+|**urlSecretRef**|[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderConfigurationItems0URLSecretRef](#repogithubupboundiov1alpha1repositorywebhookspecforproviderconfigurationitems0urlsecretref)|url secret ref||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderConfigurationItems0SecretSecretRef
+
+The shared secret for the webhook. See API documentation. The shared secret for the webhook
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key to select.||
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderConfigurationItems0URLSecretRef
+
+The URL of the webhook. The URL of the webhook.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key to select.||
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositoryRef
+
+Reference to a Repository to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1repositorywebhookspecforproviderrepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositorySelector
+
+Selector for a Repository to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1repositorywebhookspecforproviderrepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**active**|bool|Indicate if the webhook should receive events. Defaults to true.
Indicate if the webhook should receive events. Defaults to 'true'.||
+|**configuration**|[[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderConfigurationItems0](#repogithubupboundiov1alpha1repositorywebhookspecinitproviderconfigurationitems0)]|Configuration block for the webhook. Detailed below.
Configuration for the webhook.||
+|**events**|[str]|A list of events which should trigger the webhook. See a list of available events.
A list of events which should trigger the webhook||
+|**repository**|str|The repository of the webhook.
The repository of the webhook.||
+|**repositoryRef**|[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositoryRef](#repogithubupboundiov1alpha1repositorywebhookspecinitproviderrepositoryref)|repository ref||
+|**repositorySelector**|[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositorySelector](#repogithubupboundiov1alpha1repositorywebhookspecinitproviderrepositoryselector)|repository selector||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderConfigurationItems0
+
+repo github upbound io v1alpha1 repository webhook spec init provider configuration items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**contentType**|str|The content type for the payload. Valid values are either form or json.
The content type for the payload. Valid values are either 'form' or 'json'.||
+|**insecureSsl**|bool|Insecure SSL boolean toggle. Defaults to false.
Insecure SSL boolean toggle. Defaults to 'false'.||
+|**secretSecretRef**|[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderConfigurationItems0SecretSecretRef](#repogithubupboundiov1alpha1repositorywebhookspecinitproviderconfigurationitems0secretsecretref)|secret secret ref||
+|**urlSecretRef** `required`|[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderConfigurationItems0URLSecretRef](#repogithubupboundiov1alpha1repositorywebhookspecinitproviderconfigurationitems0urlsecretref)|url secret ref||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderConfigurationItems0SecretSecretRef
+
+The shared secret for the webhook. See API documentation. The shared secret for the webhook
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key to select.||
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderConfigurationItems0URLSecretRef
+
+The URL of the webhook. The URL of the webhook.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key to select.||
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositoryRef
+
+Reference to a Repository to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1repositorywebhookspecinitproviderrepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositorySelector
+
+Selector for a Repository to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1repositorywebhookspecinitproviderrepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1repositorywebhookspecproviderconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1repositorywebhookspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1repositorywebhookspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1repositorywebhookspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookStatus
+
+RepositoryWebhookStatus defines the observed state of RepositoryWebhook.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[RepoGithubUpboundIoV1alpha1RepositoryWebhookStatusAtProvider](#repogithubupboundiov1alpha1repositorywebhookstatusatprovider)|at provider||
+|**conditions**|[[RepoGithubUpboundIoV1alpha1RepositoryWebhookStatusConditionsItems0](#repogithubupboundiov1alpha1repositorywebhookstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookStatusAtProvider
+
+repo github upbound io v1alpha1 repository webhook status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**active**|bool|Indicate if the webhook should receive events. Defaults to true.
Indicate if the webhook should receive events. Defaults to 'true'.||
+|**configuration**|[[RepoGithubUpboundIoV1alpha1RepositoryWebhookStatusAtProviderConfigurationItems0](#repogithubupboundiov1alpha1repositorywebhookstatusatproviderconfigurationitems0)]|Configuration block for the webhook. Detailed below.
Configuration for the webhook.||
+|**etag**|str|etag||
+|**events**|[str]|A list of events which should trigger the webhook. See a list of available events.
A list of events which should trigger the webhook||
+|**id**|str|id||
+|**repository**|str|The repository of the webhook.
The repository of the webhook.||
+|**url**|str|URL of the webhook. This is a sensitive attribute because it may include basic auth credentials.
Configuration block for the webhook||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookStatusAtProviderConfigurationItems0
+
+repo github upbound io v1alpha1 repository webhook status at provider configuration items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**contentType**|str|The content type for the payload. Valid values are either form or json.
The content type for the payload. Valid values are either 'form' or 'json'.||
+|**insecureSsl**|bool|Insecure SSL boolean toggle. Defaults to false.
Insecure SSL boolean toggle. Defaults to 'false'.||
+### RepoGithubUpboundIoV1alpha1RepositoryWebhookStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### RepoGithubUpboundIoV1alpha1TagProtectionSpec
+
+TagProtectionSpec defines the desired state of TagProtection
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[RepoGithubUpboundIoV1alpha1TagProtectionSpecForProvider](#repogithubupboundiov1alpha1tagprotectionspecforprovider)|for provider||
+|**initProvider**|[RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProvider](#repogithubupboundiov1alpha1tagprotectionspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[RepoGithubUpboundIoV1alpha1TagProtectionSpecProviderConfigRef](#repogithubupboundiov1alpha1tagprotectionspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsTo](#repogithubupboundiov1alpha1tagprotectionspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[RepoGithubUpboundIoV1alpha1TagProtectionSpecWriteConnectionSecretToRef](#repogithubupboundiov1alpha1tagprotectionspecwriteconnectionsecrettoref)|write connection secret to ref||
+### RepoGithubUpboundIoV1alpha1TagProtectionSpecForProvider
+
+repo github upbound io v1alpha1 tag protection spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**pattern**|str|The pattern of the tag to protect.
The pattern of the tag to protect.||
+|**repository**|str|Name of the repository to add the tag protection to.
Name of the repository to add the tag protection to.||
+|**repositoryRef**|[RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositoryRef](#repogithubupboundiov1alpha1tagprotectionspecforproviderrepositoryref)|repository ref||
+|**repositorySelector**|[RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositorySelector](#repogithubupboundiov1alpha1tagprotectionspecforproviderrepositoryselector)|repository selector||
+### RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1tagprotectionspecforproviderrepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1tagprotectionspecforproviderrepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**pattern**|str|The pattern of the tag to protect.
The pattern of the tag to protect.||
+|**repository**|str|Name of the repository to add the tag protection to.
Name of the repository to add the tag protection to.||
+|**repositoryRef**|[RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositoryRef](#repogithubupboundiov1alpha1tagprotectionspecinitproviderrepositoryref)|repository ref||
+|**repositorySelector**|[RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositorySelector](#repogithubupboundiov1alpha1tagprotectionspecinitproviderrepositoryselector)|repository selector||
+### RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositoryRefPolicy](#repogithubupboundiov1alpha1tagprotectionspecinitproviderrepositoryrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositorySelectorPolicy](#repogithubupboundiov1alpha1tagprotectionspecinitproviderrepositoryselectorpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1TagProtectionSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1TagProtectionSpecProviderConfigRefPolicy](#repogithubupboundiov1alpha1tagprotectionspecproviderconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1TagProtectionSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsToConfigRef](#repogithubupboundiov1alpha1tagprotectionspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsToMetadata](#repogithubupboundiov1alpha1tagprotectionspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsToConfigRefPolicy](#repogithubupboundiov1alpha1tagprotectionspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### RepoGithubUpboundIoV1alpha1TagProtectionSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### RepoGithubUpboundIoV1alpha1TagProtectionStatus
+
+TagProtectionStatus defines the observed state of TagProtection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[RepoGithubUpboundIoV1alpha1TagProtectionStatusAtProvider](#repogithubupboundiov1alpha1tagprotectionstatusatprovider)|at provider||
+|**conditions**|[[RepoGithubUpboundIoV1alpha1TagProtectionStatusConditionsItems0](#repogithubupboundiov1alpha1tagprotectionstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### RepoGithubUpboundIoV1alpha1TagProtectionStatusAtProvider
+
+repo github upbound io v1alpha1 tag protection status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**id**|str|The ID of the tag protection.||
+|**pattern**|str|The pattern of the tag to protect.
The pattern of the tag to protect.||
+|**repository**|str|Name of the repository to add the tag protection to.
Name of the repository to add the tag protection to.||
+|**tagProtectionId**|int|The ID of the tag protection.
The ID of the tag protection.||
+### RepoGithubUpboundIoV1alpha1TagProtectionStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### Repository
+
+Repository is the Schema for the Repositorys API. Creates and manages repositories within GitHub organizations or personal accounts
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"repo.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"repo.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"Repository"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"Repository"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[RepoGithubUpboundIoV1alpha1RepositorySpec](#repogithubupboundiov1alpha1repositoryspec)|spec||
+|**status**|[RepoGithubUpboundIoV1alpha1RepositoryStatus](#repogithubupboundiov1alpha1repositorystatus)|status||
+### RepositoryAccessLevel
+
+RepositoryAccessLevel is the Schema for the RepositoryAccessLevels API. Manages Actions and Reusable Workflow access for a GitHub repository
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"actions.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"actions.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"RepositoryAccessLevel"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"RepositoryAccessLevel"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpec](#actionsgithubupboundiov1alpha1repositoryaccesslevelspec)|spec||
+|**status**|[ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelStatus](#actionsgithubupboundiov1alpha1repositoryaccesslevelstatus)|status||
+### RepositoryAutolinkReference
+
+RepositoryAutolinkReference is the Schema for the RepositoryAutolinkReferences API. Creates and manages autolink references for a single repository
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"repo.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"repo.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"RepositoryAutolinkReference"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"RepositoryAutolinkReference"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpec](#repogithubupboundiov1alpha1repositoryautolinkreferencespec)|spec||
+|**status**|[RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceStatus](#repogithubupboundiov1alpha1repositoryautolinkreferencestatus)|status||
+### RepositoryCollaborator
+
+RepositoryCollaborator is the Schema for the RepositoryCollaborators API. Provides a GitHub repository collaborator resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"repo.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"repo.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"RepositoryCollaborator"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"RepositoryCollaborator"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpec](#repogithubupboundiov1alpha1repositorycollaboratorspec)|spec||
+|**status**|[RepoGithubUpboundIoV1alpha1RepositoryCollaboratorStatus](#repogithubupboundiov1alpha1repositorycollaboratorstatus)|status||
+### RepositoryFile
+
+RepositoryFile is the Schema for the RepositoryFiles API. Creates and manages files within a GitHub repository
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"repo.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"repo.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"RepositoryFile"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"RepositoryFile"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[RepoGithubUpboundIoV1alpha1RepositoryFileSpec](#repogithubupboundiov1alpha1repositoryfilespec)|spec||
+|**status**|[RepoGithubUpboundIoV1alpha1RepositoryFileStatus](#repogithubupboundiov1alpha1repositoryfilestatus)|status||
+### RepositoryPermissions
+
+RepositoryPermissions is the Schema for the RepositoryPermissionss API. Enables and manages Actions permissions for a GitHub repository
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"actions.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"actions.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"RepositoryPermissions"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"RepositoryPermissions"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpec](#actionsgithubupboundiov1alpha1repositorypermissionsspec)|spec||
+|**status**|[ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatus](#actionsgithubupboundiov1alpha1repositorypermissionsstatus)|status||
+### RepositoryRuleset
+
+RepositoryRuleset is the Schema for the RepositoryRulesets API. Creates a GitHub repository ruleset.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"repo.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"repo.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"RepositoryRuleset"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"RepositoryRuleset"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[RepoGithubUpboundIoV1alpha1RepositoryRulesetSpec](#repogithubupboundiov1alpha1repositoryrulesetspec)|spec||
+|**status**|[RepoGithubUpboundIoV1alpha1RepositoryRulesetStatus](#repogithubupboundiov1alpha1repositoryrulesetstatus)|status||
+### RepositoryWebhook
+
+RepositoryWebhook is the Schema for the RepositoryWebhooks API. Creates and manages repository webhooks within GitHub organizations or personal accounts
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"repo.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"repo.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"RepositoryWebhook"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"RepositoryWebhook"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[RepoGithubUpboundIoV1alpha1RepositoryWebhookSpec](#repogithubupboundiov1alpha1repositorywebhookspec)|spec||
+|**status**|[RepoGithubUpboundIoV1alpha1RepositoryWebhookStatus](#repogithubupboundiov1alpha1repositorywebhookstatus)|status||
+### RunnerGroup
+
+RunnerGroup is the Schema for the RunnerGroups API. Creates and manages an Actions Runner Group within a GitHub organization
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"actions.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"actions.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"RunnerGroup"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"RunnerGroup"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[ActionsGithubUpboundIoV1alpha1RunnerGroupSpec](#actionsgithubupboundiov1alpha1runnergroupspec)|spec||
+|**status**|[ActionsGithubUpboundIoV1alpha1RunnerGroupStatus](#actionsgithubupboundiov1alpha1runnergroupstatus)|status||
+### StoreConfig
+
+A StoreConfig configures how GCP controller should store connection details.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"StoreConfig"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"StoreConfig"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[GithubUpboundIoV1alpha1StoreConfigSpec](#githubupboundiov1alpha1storeconfigspec)|spec||
+|**status**|[GithubUpboundIoV1alpha1StoreConfigStatus](#githubupboundiov1alpha1storeconfigstatus)|status||
+### TagProtection
+
+TagProtection is the Schema for the TagProtections API. Creates and manages repository tag protection within GitHub organizations or personal accounts
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"repo.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"repo.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"TagProtection"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"TagProtection"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[RepoGithubUpboundIoV1alpha1TagProtectionSpec](#repogithubupboundiov1alpha1tagprotectionspec)|spec||
+|**status**|[RepoGithubUpboundIoV1alpha1TagProtectionStatus](#repogithubupboundiov1alpha1tagprotectionstatus)|status||
+### Team
+
+Team is the Schema for the Teams API. Provides a GitHub team resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"team.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"team.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"Team"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"Team"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[TeamGithubUpboundIoV1alpha1TeamSpec](#teamgithubupboundiov1alpha1teamspec)|spec||
+|**status**|[TeamGithubUpboundIoV1alpha1TeamStatus](#teamgithubupboundiov1alpha1teamstatus)|status||
+### TeamGithubUpboundIoV1alpha1EmuGroupMappingSpec
+
+EmuGroupMappingSpec defines the desired state of EmuGroupMapping
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProvider](#teamgithubupboundiov1alpha1emugroupmappingspecforprovider)|for provider||
+|**initProvider**|[TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProvider](#teamgithubupboundiov1alpha1emugroupmappingspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecProviderConfigRef](#teamgithubupboundiov1alpha1emugroupmappingspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsTo](#teamgithubupboundiov1alpha1emugroupmappingspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecWriteConnectionSecretToRef](#teamgithubupboundiov1alpha1emugroupmappingspecwriteconnectionsecrettoref)|write connection secret to ref||
+### TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProvider
+
+team github upbound io v1alpha1 emu group mapping spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**groupId**|int|Integer corresponding to the external group ID to be linked
Integer corresponding to the external group ID to be linked.||
+|**teamSlug**|str|Slug of the GitHub team
Slug of the GitHub team.||
+|**teamSlugRef**|[TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugRef](#teamgithubupboundiov1alpha1emugroupmappingspecforproviderteamslugref)|team slug ref||
+|**teamSlugSelector**|[TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugSelector](#teamgithubupboundiov1alpha1emugroupmappingspecforproviderteamslugselector)|team slug selector||
+### TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugRef
+
+Reference to a Team in team to populate teamSlug.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugRefPolicy](#teamgithubupboundiov1alpha1emugroupmappingspecforproviderteamslugrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugSelector
+
+Selector for a Team in team to populate teamSlug.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugSelectorPolicy](#teamgithubupboundiov1alpha1emugroupmappingspecforproviderteamslugselectorpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**groupId**|int|Integer corresponding to the external group ID to be linked
Integer corresponding to the external group ID to be linked.||
+|**teamSlug**|str|Slug of the GitHub team
Slug of the GitHub team.||
+|**teamSlugRef**|[TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugRef](#teamgithubupboundiov1alpha1emugroupmappingspecinitproviderteamslugref)|team slug ref||
+|**teamSlugSelector**|[TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugSelector](#teamgithubupboundiov1alpha1emugroupmappingspecinitproviderteamslugselector)|team slug selector||
+### TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugRef
+
+Reference to a Team in team to populate teamSlug.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugRefPolicy](#teamgithubupboundiov1alpha1emugroupmappingspecinitproviderteamslugrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugSelector
+
+Selector for a Team in team to populate teamSlug.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugSelectorPolicy](#teamgithubupboundiov1alpha1emugroupmappingspecinitproviderteamslugselectorpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecProviderConfigRefPolicy](#teamgithubupboundiov1alpha1emugroupmappingspecproviderconfigrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsToConfigRef](#teamgithubupboundiov1alpha1emugroupmappingspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsToMetadata](#teamgithubupboundiov1alpha1emugroupmappingspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsToConfigRefPolicy](#teamgithubupboundiov1alpha1emugroupmappingspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### TeamGithubUpboundIoV1alpha1EmuGroupMappingStatus
+
+EmuGroupMappingStatus defines the observed state of EmuGroupMapping.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[TeamGithubUpboundIoV1alpha1EmuGroupMappingStatusAtProvider](#teamgithubupboundiov1alpha1emugroupmappingstatusatprovider)|at provider||
+|**conditions**|[[TeamGithubUpboundIoV1alpha1EmuGroupMappingStatusConditionsItems0](#teamgithubupboundiov1alpha1emugroupmappingstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### TeamGithubUpboundIoV1alpha1EmuGroupMappingStatusAtProvider
+
+team github upbound io v1alpha1 emu group mapping status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**etag**|str|etag||
+|**groupId**|int|Integer corresponding to the external group ID to be linked
Integer corresponding to the external group ID to be linked.||
+|**id**|str|id||
+|**teamSlug**|str|Slug of the GitHub team
Slug of the GitHub team.||
+### TeamGithubUpboundIoV1alpha1EmuGroupMappingStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### TeamGithubUpboundIoV1alpha1MembersSpec
+
+MembersSpec defines the desired state of Members
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[TeamGithubUpboundIoV1alpha1MembersSpecForProvider](#teamgithubupboundiov1alpha1membersspecforprovider)|for provider||
+|**initProvider**|[TeamGithubUpboundIoV1alpha1MembersSpecInitProvider](#teamgithubupboundiov1alpha1membersspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[TeamGithubUpboundIoV1alpha1MembersSpecProviderConfigRef](#teamgithubupboundiov1alpha1membersspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsTo](#teamgithubupboundiov1alpha1membersspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[TeamGithubUpboundIoV1alpha1MembersSpecWriteConnectionSecretToRef](#teamgithubupboundiov1alpha1membersspecwriteconnectionsecrettoref)|write connection secret to ref||
+### TeamGithubUpboundIoV1alpha1MembersSpecForProvider
+
+team github upbound io v1alpha1 members spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**members**|[[TeamGithubUpboundIoV1alpha1MembersSpecForProviderMembersItems0](#teamgithubupboundiov1alpha1membersspecforprovidermembersitems0)]|List of team members. See Members below for details.
List of team members.||
+|**teamId**|str|The team id or the team slug
The GitHub team id or slug||
+|**teamIdRef**|[TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDRef](#teamgithubupboundiov1alpha1membersspecforproviderteamidref)|team Id ref||
+|**teamIdSelector**|[TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDSelector](#teamgithubupboundiov1alpha1membersspecforproviderteamidselector)|team Id selector||
+### TeamGithubUpboundIoV1alpha1MembersSpecForProviderMembersItems0
+
+team github upbound io v1alpha1 members spec for provider members items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**role**|str|The role of the user within the team.
Must be one of member or maintainer. Defaults to member.
The role of the user within the team. Must be one of 'member' or 'maintainer'.||
+|**username**|str|The user to add to the team.
The user to add to the team.||
+### TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDRef
+
+Reference to a Team in team to populate teamId.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDRefPolicy](#teamgithubupboundiov1alpha1membersspecforproviderteamidrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDSelector
+
+Selector for a Team in team to populate teamId.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDSelectorPolicy](#teamgithubupboundiov1alpha1membersspecforproviderteamidselectorpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1MembersSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**members**|[[TeamGithubUpboundIoV1alpha1MembersSpecInitProviderMembersItems0](#teamgithubupboundiov1alpha1membersspecinitprovidermembersitems0)]|List of team members. See Members below for details.
List of team members.||
+|**teamId**|str|The team id or the team slug
The GitHub team id or slug||
+|**teamIdRef**|[TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDRef](#teamgithubupboundiov1alpha1membersspecinitproviderteamidref)|team Id ref||
+|**teamIdSelector**|[TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDSelector](#teamgithubupboundiov1alpha1membersspecinitproviderteamidselector)|team Id selector||
+### TeamGithubUpboundIoV1alpha1MembersSpecInitProviderMembersItems0
+
+team github upbound io v1alpha1 members spec init provider members items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**role**|str|The role of the user within the team.
Must be one of member or maintainer. Defaults to member.
The role of the user within the team. Must be one of 'member' or 'maintainer'.||
+|**username**|str|The user to add to the team.
The user to add to the team.||
+### TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDRef
+
+Reference to a Team in team to populate teamId.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDRefPolicy](#teamgithubupboundiov1alpha1membersspecinitproviderteamidrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDSelector
+
+Selector for a Team in team to populate teamId.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDSelectorPolicy](#teamgithubupboundiov1alpha1membersspecinitproviderteamidselectorpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1MembersSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1MembersSpecProviderConfigRefPolicy](#teamgithubupboundiov1alpha1membersspecproviderconfigrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1MembersSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsToConfigRef](#teamgithubupboundiov1alpha1membersspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsToMetadata](#teamgithubupboundiov1alpha1membersspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsToConfigRefPolicy](#teamgithubupboundiov1alpha1membersspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### TeamGithubUpboundIoV1alpha1MembersSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### TeamGithubUpboundIoV1alpha1MembersStatus
+
+MembersStatus defines the observed state of Members.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[TeamGithubUpboundIoV1alpha1MembersStatusAtProvider](#teamgithubupboundiov1alpha1membersstatusatprovider)|at provider||
+|**conditions**|[[TeamGithubUpboundIoV1alpha1MembersStatusConditionsItems0](#teamgithubupboundiov1alpha1membersstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### TeamGithubUpboundIoV1alpha1MembersStatusAtProvider
+
+team github upbound io v1alpha1 members status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**id**|str|id||
+|**members**|[[TeamGithubUpboundIoV1alpha1MembersStatusAtProviderMembersItems0](#teamgithubupboundiov1alpha1membersstatusatprovidermembersitems0)]|List of team members. See Members below for details.
List of team members.||
+|**teamId**|str|The team id or the team slug
The GitHub team id or slug||
+### TeamGithubUpboundIoV1alpha1MembersStatusAtProviderMembersItems0
+
+team github upbound io v1alpha1 members status at provider members items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**role**|str|The role of the user within the team.
Must be one of member or maintainer. Defaults to member.
The role of the user within the team. Must be one of 'member' or 'maintainer'.||
+|**username**|str|The user to add to the team.
The user to add to the team.||
+### TeamGithubUpboundIoV1alpha1MembersStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### TeamGithubUpboundIoV1alpha1TeamMembershipSpec
+
+TeamMembershipSpec defines the desired state of TeamMembership
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProvider](#teamgithubupboundiov1alpha1teammembershipspecforprovider)|for provider||
+|**initProvider**|[TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProvider](#teamgithubupboundiov1alpha1teammembershipspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[TeamGithubUpboundIoV1alpha1TeamMembershipSpecProviderConfigRef](#teamgithubupboundiov1alpha1teammembershipspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsTo](#teamgithubupboundiov1alpha1teammembershipspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[TeamGithubUpboundIoV1alpha1TeamMembershipSpecWriteConnectionSecretToRef](#teamgithubupboundiov1alpha1teammembershipspecwriteconnectionsecrettoref)|write connection secret to ref||
+### TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProvider
+
+team github upbound io v1alpha1 team membership spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**role**|str|The role of the user within the team.
Must be one of member or maintainer. Defaults to member.
The role of the user within the team. Must be one of 'member' or 'maintainer'.||
+|**teamId**|str|The GitHub team id or the GitHub team slug
The GitHub team id or the GitHub team slug.||
+|**teamIdRef**|[TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDRef](#teamgithubupboundiov1alpha1teammembershipspecforproviderteamidref)|team Id ref||
+|**teamIdSelector**|[TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDSelector](#teamgithubupboundiov1alpha1teammembershipspecforproviderteamidselector)|team Id selector||
+|**username**|str|The user to add to the team.
The user to add to the team.||
+### TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDRef
+
+Reference to a Team in team to populate teamId.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDRefPolicy](#teamgithubupboundiov1alpha1teammembershipspecforproviderteamidrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDSelector
+
+Selector for a Team in team to populate teamId.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDSelectorPolicy](#teamgithubupboundiov1alpha1teammembershipspecforproviderteamidselectorpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**role**|str|The role of the user within the team.
Must be one of member or maintainer. Defaults to member.
The role of the user within the team. Must be one of 'member' or 'maintainer'.||
+|**teamId**|str|The GitHub team id or the GitHub team slug
The GitHub team id or the GitHub team slug.||
+|**teamIdRef**|[TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDRef](#teamgithubupboundiov1alpha1teammembershipspecinitproviderteamidref)|team Id ref||
+|**teamIdSelector**|[TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDSelector](#teamgithubupboundiov1alpha1teammembershipspecinitproviderteamidselector)|team Id selector||
+|**username**|str|The user to add to the team.
The user to add to the team.||
+### TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDRef
+
+Reference to a Team in team to populate teamId.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDRefPolicy](#teamgithubupboundiov1alpha1teammembershipspecinitproviderteamidrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDSelector
+
+Selector for a Team in team to populate teamId.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDSelectorPolicy](#teamgithubupboundiov1alpha1teammembershipspecinitproviderteamidselectorpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamMembershipSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamMembershipSpecProviderConfigRefPolicy](#teamgithubupboundiov1alpha1teammembershipspecproviderconfigrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamMembershipSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsToConfigRef](#teamgithubupboundiov1alpha1teammembershipspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsToMetadata](#teamgithubupboundiov1alpha1teammembershipspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsToConfigRefPolicy](#teamgithubupboundiov1alpha1teammembershipspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### TeamGithubUpboundIoV1alpha1TeamMembershipSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### TeamGithubUpboundIoV1alpha1TeamMembershipStatus
+
+TeamMembershipStatus defines the observed state of TeamMembership.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[TeamGithubUpboundIoV1alpha1TeamMembershipStatusAtProvider](#teamgithubupboundiov1alpha1teammembershipstatusatprovider)|at provider||
+|**conditions**|[[TeamGithubUpboundIoV1alpha1TeamMembershipStatusConditionsItems0](#teamgithubupboundiov1alpha1teammembershipstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### TeamGithubUpboundIoV1alpha1TeamMembershipStatusAtProvider
+
+team github upbound io v1alpha1 team membership status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**etag**|str|etag||
+|**id**|str|id||
+|**role**|str|The role of the user within the team.
Must be one of member or maintainer. Defaults to member.
The role of the user within the team. Must be one of 'member' or 'maintainer'.||
+|**teamId**|str|The GitHub team id or the GitHub team slug
The GitHub team id or the GitHub team slug.||
+|**username**|str|The user to add to the team.
The user to add to the team.||
+### TeamGithubUpboundIoV1alpha1TeamMembershipStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpec
+
+TeamRepositorySpec defines the desired state of TeamRepository
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProvider](#teamgithubupboundiov1alpha1teamrepositoryspecforprovider)|for provider||
+|**initProvider**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProvider](#teamgithubupboundiov1alpha1teamrepositoryspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecProviderConfigRef](#teamgithubupboundiov1alpha1teamrepositoryspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsTo](#teamgithubupboundiov1alpha1teamrepositoryspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecWriteConnectionSecretToRef](#teamgithubupboundiov1alpha1teamrepositoryspecwriteconnectionsecrettoref)|write connection secret to ref||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProvider
+
+team github upbound io v1alpha1 team repository spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**permission**|str|The permissions of team members regarding the repository.
Must be one of pull, triage, push, maintain, admin or the name of an existing custom repository role within the organisation. Defaults to pull.
The permissions of team members regarding the repository. Must be one of 'pull', 'triage', 'push', 'maintain', 'admin' or the name of an existing custom repository role within the organisation.||
+|**repository**|str|The repository to add to the team.
The repository to add to the team.||
+|**repositoryRef**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositoryRef](#teamgithubupboundiov1alpha1teamrepositoryspecforproviderrepositoryref)|repository ref||
+|**repositorySelector**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositorySelector](#teamgithubupboundiov1alpha1teamrepositoryspecforproviderrepositoryselector)|repository selector||
+|**teamId**|str|The GitHub team id or the GitHub team slug
ID or slug of team||
+|**teamIdRef**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDRef](#teamgithubupboundiov1alpha1teamrepositoryspecforproviderteamidref)|team Id ref||
+|**teamIdSelector**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDSelector](#teamgithubupboundiov1alpha1teamrepositoryspecforproviderteamidselector)|team Id selector||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositoryRefPolicy](#teamgithubupboundiov1alpha1teamrepositoryspecforproviderrepositoryrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositorySelectorPolicy](#teamgithubupboundiov1alpha1teamrepositoryspecforproviderrepositoryselectorpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDRef
+
+Reference to a Team in team to populate teamId.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDRefPolicy](#teamgithubupboundiov1alpha1teamrepositoryspecforproviderteamidrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDSelector
+
+Selector for a Team in team to populate teamId.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDSelectorPolicy](#teamgithubupboundiov1alpha1teamrepositoryspecforproviderteamidselectorpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**permission**|str|The permissions of team members regarding the repository.
Must be one of pull, triage, push, maintain, admin or the name of an existing custom repository role within the organisation. Defaults to pull.
The permissions of team members regarding the repository. Must be one of 'pull', 'triage', 'push', 'maintain', 'admin' or the name of an existing custom repository role within the organisation.||
+|**repository**|str|The repository to add to the team.
The repository to add to the team.||
+|**repositoryRef**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositoryRef](#teamgithubupboundiov1alpha1teamrepositoryspecinitproviderrepositoryref)|repository ref||
+|**repositorySelector**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositorySelector](#teamgithubupboundiov1alpha1teamrepositoryspecinitproviderrepositoryselector)|repository selector||
+|**teamId**|str|The GitHub team id or the GitHub team slug
ID or slug of team||
+|**teamIdRef**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDRef](#teamgithubupboundiov1alpha1teamrepositoryspecinitproviderteamidref)|team Id ref||
+|**teamIdSelector**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDSelector](#teamgithubupboundiov1alpha1teamrepositoryspecinitproviderteamidselector)|team Id selector||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositoryRef
+
+Reference to a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositoryRefPolicy](#teamgithubupboundiov1alpha1teamrepositoryspecinitproviderrepositoryrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositoryRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositorySelector
+
+Selector for a Repository in repo to populate repository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositorySelectorPolicy](#teamgithubupboundiov1alpha1teamrepositoryspecinitproviderrepositoryselectorpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositorySelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDRef
+
+Reference to a Team in team to populate teamId.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDRefPolicy](#teamgithubupboundiov1alpha1teamrepositoryspecinitproviderteamidrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDSelector
+
+Selector for a Team in team to populate teamId.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDSelectorPolicy](#teamgithubupboundiov1alpha1teamrepositoryspecinitproviderteamidselectorpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecProviderConfigRefPolicy](#teamgithubupboundiov1alpha1teamrepositoryspecproviderconfigrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsToConfigRef](#teamgithubupboundiov1alpha1teamrepositoryspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsToMetadata](#teamgithubupboundiov1alpha1teamrepositoryspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsToConfigRefPolicy](#teamgithubupboundiov1alpha1teamrepositoryspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### TeamGithubUpboundIoV1alpha1TeamRepositorySpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### TeamGithubUpboundIoV1alpha1TeamRepositoryStatus
+
+TeamRepositoryStatus defines the observed state of TeamRepository.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[TeamGithubUpboundIoV1alpha1TeamRepositoryStatusAtProvider](#teamgithubupboundiov1alpha1teamrepositorystatusatprovider)|at provider||
+|**conditions**|[[TeamGithubUpboundIoV1alpha1TeamRepositoryStatusConditionsItems0](#teamgithubupboundiov1alpha1teamrepositorystatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### TeamGithubUpboundIoV1alpha1TeamRepositoryStatusAtProvider
+
+team github upbound io v1alpha1 team repository status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**etag**|str|etag||
+|**id**|str|id||
+|**permission**|str|The permissions of team members regarding the repository.
Must be one of pull, triage, push, maintain, admin or the name of an existing custom repository role within the organisation. Defaults to pull.
The permissions of team members regarding the repository. Must be one of 'pull', 'triage', 'push', 'maintain', 'admin' or the name of an existing custom repository role within the organisation.||
+|**repository**|str|The repository to add to the team.
The repository to add to the team.||
+|**teamId**|str|The GitHub team id or the GitHub team slug
ID or slug of team||
+### TeamGithubUpboundIoV1alpha1TeamRepositoryStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### TeamGithubUpboundIoV1alpha1TeamSettingsSpec
+
+TeamSettingsSpec defines the desired state of TeamSettings
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProvider](#teamgithubupboundiov1alpha1teamsettingsspecforprovider)|for provider||
+|**initProvider**|[TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProvider](#teamgithubupboundiov1alpha1teamsettingsspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[TeamGithubUpboundIoV1alpha1TeamSettingsSpecProviderConfigRef](#teamgithubupboundiov1alpha1teamsettingsspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsTo](#teamgithubupboundiov1alpha1teamsettingsspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[TeamGithubUpboundIoV1alpha1TeamSettingsSpecWriteConnectionSecretToRef](#teamgithubupboundiov1alpha1teamsettingsspecwriteconnectionsecrettoref)|write connection secret to ref||
+### TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProvider
+
+team github upbound io v1alpha1 team settings spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**reviewRequestDelegation**|[[TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderReviewRequestDelegationItems0](#teamgithubupboundiov1alpha1teamsettingsspecforproviderreviewrequestdelegationitems0)]|The settings for delegating code reviews to individuals on behalf of the team. If this block is present, even without any fields, then review request delegation will be enabled for the team. See GitHub Review Request Delegation below for details. See GitHub's documentation for more configuration details.
The settings for delegating code reviews to individuals on behalf of the team. If this block is present, even without any fields, then review request delegation will be enabled for the team.||
+|**teamId**|str|The GitHub team id or the GitHub team slug
The GitHub team id or the GitHub team slug.||
+|**teamIdRef**|[TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDRef](#teamgithubupboundiov1alpha1teamsettingsspecforproviderteamidref)|team Id ref||
+|**teamIdSelector**|[TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDSelector](#teamgithubupboundiov1alpha1teamsettingsspecforproviderteamidselector)|team Id selector||
+### TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderReviewRequestDelegationItems0
+
+team github upbound io v1alpha1 team settings spec for provider review request delegation items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**algorithm**|str|The algorithm to use when assigning pull requests to team members. Supported values are ROUND_ROBIN and LOAD_BALANCE. Default value is ROUND_ROBIN
The algorithm to use when assigning pull requests to team members. Supported values are 'ROUND_ROBIN' and 'LOAD_BALANCE'.||
+|**memberCount**|int|The number of team members to assign to a pull request
The number of team members to assign to a pull request.||
+|**notify**|bool|whether to notify the entire team when at least one member is also assigned to the pull request
whether to notify the entire team when at least one member is also assigned to the pull request.||
+### TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDRef
+
+Reference to a Team in team to populate teamId.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDRefPolicy](#teamgithubupboundiov1alpha1teamsettingsspecforproviderteamidrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDSelector
+
+Selector for a Team in team to populate teamId.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDSelectorPolicy](#teamgithubupboundiov1alpha1teamsettingsspecforproviderteamidselectorpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**reviewRequestDelegation**|[[TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderReviewRequestDelegationItems0](#teamgithubupboundiov1alpha1teamsettingsspecinitproviderreviewrequestdelegationitems0)]|The settings for delegating code reviews to individuals on behalf of the team. If this block is present, even without any fields, then review request delegation will be enabled for the team. See GitHub Review Request Delegation below for details. See GitHub's documentation for more configuration details.
The settings for delegating code reviews to individuals on behalf of the team. If this block is present, even without any fields, then review request delegation will be enabled for the team.||
+|**teamId**|str|The GitHub team id or the GitHub team slug
The GitHub team id or the GitHub team slug.||
+|**teamIdRef**|[TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDRef](#teamgithubupboundiov1alpha1teamsettingsspecinitproviderteamidref)|team Id ref||
+|**teamIdSelector**|[TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDSelector](#teamgithubupboundiov1alpha1teamsettingsspecinitproviderteamidselector)|team Id selector||
+### TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderReviewRequestDelegationItems0
+
+team github upbound io v1alpha1 team settings spec init provider review request delegation items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**algorithm**|str|The algorithm to use when assigning pull requests to team members. Supported values are ROUND_ROBIN and LOAD_BALANCE. Default value is ROUND_ROBIN
The algorithm to use when assigning pull requests to team members. Supported values are 'ROUND_ROBIN' and 'LOAD_BALANCE'.||
+|**memberCount**|int|The number of team members to assign to a pull request
The number of team members to assign to a pull request.||
+|**notify**|bool|whether to notify the entire team when at least one member is also assigned to the pull request
whether to notify the entire team when at least one member is also assigned to the pull request.||
+### TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDRef
+
+Reference to a Team in team to populate teamId.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDRefPolicy](#teamgithubupboundiov1alpha1teamsettingsspecinitproviderteamidrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDSelector
+
+Selector for a Team in team to populate teamId.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchControllerRef**|bool|MatchControllerRef ensures an object with the same controller reference
as the selecting object is selected.||
+|**matchLabels**|{str:str}|MatchLabels ensures an object with matching labels is selected.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDSelectorPolicy](#teamgithubupboundiov1alpha1teamsettingsspecinitproviderteamidselectorpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDSelectorPolicy
+
+Policies for selection.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamSettingsSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamSettingsSpecProviderConfigRefPolicy](#teamgithubupboundiov1alpha1teamsettingsspecproviderconfigrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamSettingsSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsToConfigRef](#teamgithubupboundiov1alpha1teamsettingsspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsToMetadata](#teamgithubupboundiov1alpha1teamsettingsspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsToConfigRefPolicy](#teamgithubupboundiov1alpha1teamsettingsspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### TeamGithubUpboundIoV1alpha1TeamSettingsSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### TeamGithubUpboundIoV1alpha1TeamSettingsStatus
+
+TeamSettingsStatus defines the observed state of TeamSettings.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[TeamGithubUpboundIoV1alpha1TeamSettingsStatusAtProvider](#teamgithubupboundiov1alpha1teamsettingsstatusatprovider)|at provider||
+|**conditions**|[[TeamGithubUpboundIoV1alpha1TeamSettingsStatusConditionsItems0](#teamgithubupboundiov1alpha1teamsettingsstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### TeamGithubUpboundIoV1alpha1TeamSettingsStatusAtProvider
+
+team github upbound io v1alpha1 team settings status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**id**|str|id||
+|**reviewRequestDelegation**|[[TeamGithubUpboundIoV1alpha1TeamSettingsStatusAtProviderReviewRequestDelegationItems0](#teamgithubupboundiov1alpha1teamsettingsstatusatproviderreviewrequestdelegationitems0)]|The settings for delegating code reviews to individuals on behalf of the team. If this block is present, even without any fields, then review request delegation will be enabled for the team. See GitHub Review Request Delegation below for details. See GitHub's documentation for more configuration details.
The settings for delegating code reviews to individuals on behalf of the team. If this block is present, even without any fields, then review request delegation will be enabled for the team.||
+|**teamId**|str|The GitHub team id or the GitHub team slug
The GitHub team id or the GitHub team slug.||
+|**teamSlug**|str|The slug of the Team within the Organization.||
+|**teamUid**|str|The unique ID of the Team on GitHub. Corresponds to the ID of the 'github_team_settings' resource.||
+### TeamGithubUpboundIoV1alpha1TeamSettingsStatusAtProviderReviewRequestDelegationItems0
+
+team github upbound io v1alpha1 team settings status at provider review request delegation items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**algorithm**|str|The algorithm to use when assigning pull requests to team members. Supported values are ROUND_ROBIN and LOAD_BALANCE. Default value is ROUND_ROBIN
The algorithm to use when assigning pull requests to team members. Supported values are 'ROUND_ROBIN' and 'LOAD_BALANCE'.||
+|**memberCount**|int|The number of team members to assign to a pull request
The number of team members to assign to a pull request.||
+|**notify**|bool|whether to notify the entire team when at least one member is also assigned to the pull request
whether to notify the entire team when at least one member is also assigned to the pull request.||
+### TeamGithubUpboundIoV1alpha1TeamSettingsStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### TeamGithubUpboundIoV1alpha1TeamSpec
+
+TeamSpec defines the desired state of Team
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[TeamGithubUpboundIoV1alpha1TeamSpecForProvider](#teamgithubupboundiov1alpha1teamspecforprovider)|for provider||
+|**initProvider**|[TeamGithubUpboundIoV1alpha1TeamSpecInitProvider](#teamgithubupboundiov1alpha1teamspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[TeamGithubUpboundIoV1alpha1TeamSpecProviderConfigRef](#teamgithubupboundiov1alpha1teamspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsTo](#teamgithubupboundiov1alpha1teamspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[TeamGithubUpboundIoV1alpha1TeamSpecWriteConnectionSecretToRef](#teamgithubupboundiov1alpha1teamspecwriteconnectionsecrettoref)|write connection secret to ref||
+### TeamGithubUpboundIoV1alpha1TeamSpecForProvider
+
+team github upbound io v1alpha1 team spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**createDefaultMaintainer**|bool|Adds a default maintainer to the team. Defaults to false and adds the creating user to the team when true.
Adds a default maintainer to the team. Adds the creating user to the team when 'true'.||
+|**description**|str|A description of the team.
A description of the team.||
+|**ldapDn**|str|The LDAP Distinguished Name of the group where membership will be synchronized. Only available in GitHub Enterprise Server.
The LDAP Distinguished Name of the group where membership will be synchronized. Only available in GitHub Enterprise Server.||
+|**name**|str|The name of the team.
The name of the team.||
+|**parentTeamId**|str|The ID or slug of the parent team, if this is a nested team.
The ID or slug of the parent team, if this is a nested team.||
+|**parentTeamReadId**|str|The ID of the created team.
The id of the parent team read in Github.||
+|**parentTeamReadSlug**|str|The slug of the created team, which may or may not differ from name,
depending on whether name contains "URL-unsafe" characters.
Useful when referencing the team in github_branch_protection.
The id of the parent team read in Github.||
+|**privacy**|str|The level of privacy for the team. Must be one of secret or closed.
Defaults to secret.
The level of privacy for the team. Must be one of 'secret' or 'closed'.||
+### TeamGithubUpboundIoV1alpha1TeamSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**createDefaultMaintainer**|bool|Adds a default maintainer to the team. Defaults to false and adds the creating user to the team when true.
Adds a default maintainer to the team. Adds the creating user to the team when 'true'.||
+|**description**|str|A description of the team.
A description of the team.||
+|**ldapDn**|str|The LDAP Distinguished Name of the group where membership will be synchronized. Only available in GitHub Enterprise Server.
The LDAP Distinguished Name of the group where membership will be synchronized. Only available in GitHub Enterprise Server.||
+|**name**|str|The name of the team.
The name of the team.||
+|**parentTeamId**|str|The ID or slug of the parent team, if this is a nested team.
The ID or slug of the parent team, if this is a nested team.||
+|**parentTeamReadId**|str|The ID of the created team.
The id of the parent team read in Github.||
+|**parentTeamReadSlug**|str|The slug of the created team, which may or may not differ from name,
depending on whether name contains "URL-unsafe" characters.
Useful when referencing the team in github_branch_protection.
The id of the parent team read in Github.||
+|**privacy**|str|The level of privacy for the team. Must be one of secret or closed.
Defaults to secret.
The level of privacy for the team. Must be one of 'secret' or 'closed'.||
+### TeamGithubUpboundIoV1alpha1TeamSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamSpecProviderConfigRefPolicy](#teamgithubupboundiov1alpha1teamspecproviderconfigrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsToConfigRef](#teamgithubupboundiov1alpha1teamspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsToMetadata](#teamgithubupboundiov1alpha1teamspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsToConfigRefPolicy](#teamgithubupboundiov1alpha1teamspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### TeamGithubUpboundIoV1alpha1TeamSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### TeamGithubUpboundIoV1alpha1TeamStatus
+
+TeamStatus defines the observed state of Team.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[TeamGithubUpboundIoV1alpha1TeamStatusAtProvider](#teamgithubupboundiov1alpha1teamstatusatprovider)|at provider||
+|**conditions**|[[TeamGithubUpboundIoV1alpha1TeamStatusConditionsItems0](#teamgithubupboundiov1alpha1teamstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### TeamGithubUpboundIoV1alpha1TeamStatusAtProvider
+
+team github upbound io v1alpha1 team status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**createDefaultMaintainer**|bool|Adds a default maintainer to the team. Defaults to false and adds the creating user to the team when true.
Adds a default maintainer to the team. Adds the creating user to the team when 'true'.||
+|**description**|str|A description of the team.
A description of the team.||
+|**etag**|str|etag||
+|**id**|str|The ID of the created team.||
+|**ldapDn**|str|The LDAP Distinguished Name of the group where membership will be synchronized. Only available in GitHub Enterprise Server.
The LDAP Distinguished Name of the group where membership will be synchronized. Only available in GitHub Enterprise Server.||
+|**membersCount**|int|members count||
+|**name**|str|The name of the team.
The name of the team.||
+|**nodeId**|str|The Node ID of the created team.
The Node ID of the created team.||
+|**parentTeamId**|str|The ID or slug of the parent team, if this is a nested team.
The ID or slug of the parent team, if this is a nested team.||
+|**parentTeamReadId**|str|The ID of the created team.
The id of the parent team read in Github.||
+|**parentTeamReadSlug**|str|The slug of the created team, which may or may not differ from name,
depending on whether name contains "URL-unsafe" characters.
Useful when referencing the team in github_branch_protection.
The id of the parent team read in Github.||
+|**privacy**|str|The level of privacy for the team. Must be one of secret or closed.
Defaults to secret.
The level of privacy for the team. Must be one of 'secret' or 'closed'.||
+|**slug**|str|The slug of the created team, which may or may not differ from name,
depending on whether name contains "URL-unsafe" characters.
Useful when referencing the team in github_branch_protection.
The slug of the created team.||
+### TeamGithubUpboundIoV1alpha1TeamStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpec
+
+TeamSyncGroupMappingSpec defines the desired state of TeamSyncGroupMapping
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecForProvider](#teamgithubupboundiov1alpha1teamsyncgroupmappingspecforprovider)|for provider||
+|**initProvider**|[TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecInitProvider](#teamgithubupboundiov1alpha1teamsyncgroupmappingspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecProviderConfigRef](#teamgithubupboundiov1alpha1teamsyncgroupmappingspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsTo](#teamgithubupboundiov1alpha1teamsyncgroupmappingspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecWriteConnectionSecretToRef](#teamgithubupboundiov1alpha1teamsyncgroupmappingspecwriteconnectionsecrettoref)|write connection secret to ref||
+### TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecForProvider
+
+team github upbound io v1alpha1 team sync group mapping spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**group**|[[TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecForProviderGroupItems0](#teamgithubupboundiov1alpha1teamsyncgroupmappingspecforprovidergroupitems0)]|An Array of GitHub Identity Provider Groups (or empty []). Each group block consists of the fields documented below.
An Array of GitHub Identity Provider Groups (or empty []).||
+|**teamSlug**|str|Slug of the team
Slug of the team.||
+### TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecForProviderGroupItems0
+
+team github upbound io v1alpha1 team sync group mapping spec for provider group items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**groupDescription**|str|The description of the IdP group.
The description of the IdP group.||
+|**groupId**|str|The ID of the IdP group.
The ID of the IdP group.||
+|**groupName**|str|The name of the IdP group.
The name of the IdP group.||
+### TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**group**|[[TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecInitProviderGroupItems0](#teamgithubupboundiov1alpha1teamsyncgroupmappingspecinitprovidergroupitems0)]|An Array of GitHub Identity Provider Groups (or empty []). Each group block consists of the fields documented below.
An Array of GitHub Identity Provider Groups (or empty []).||
+|**teamSlug**|str|Slug of the team
Slug of the team.||
+### TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecInitProviderGroupItems0
+
+team github upbound io v1alpha1 team sync group mapping spec init provider group items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**groupDescription**|str|The description of the IdP group.
The description of the IdP group.||
+|**groupId**|str|The ID of the IdP group.
The ID of the IdP group.||
+|**groupName**|str|The name of the IdP group.
The name of the IdP group.||
+### TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecProviderConfigRefPolicy](#teamgithubupboundiov1alpha1teamsyncgroupmappingspecproviderconfigrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsToConfigRef](#teamgithubupboundiov1alpha1teamsyncgroupmappingspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsToMetadata](#teamgithubupboundiov1alpha1teamsyncgroupmappingspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsToConfigRefPolicy](#teamgithubupboundiov1alpha1teamsyncgroupmappingspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatus
+
+TeamSyncGroupMappingStatus defines the observed state of TeamSyncGroupMapping.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatusAtProvider](#teamgithubupboundiov1alpha1teamsyncgroupmappingstatusatprovider)|at provider||
+|**conditions**|[[TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatusConditionsItems0](#teamgithubupboundiov1alpha1teamsyncgroupmappingstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatusAtProvider
+
+team github upbound io v1alpha1 team sync group mapping status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**etag**|str|etag||
+|**group**|[[TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatusAtProviderGroupItems0](#teamgithubupboundiov1alpha1teamsyncgroupmappingstatusatprovidergroupitems0)]|An Array of GitHub Identity Provider Groups (or empty []). Each group block consists of the fields documented below.
An Array of GitHub Identity Provider Groups (or empty []).||
+|**id**|str|id||
+|**teamSlug**|str|Slug of the team
Slug of the team.||
+### TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatusAtProviderGroupItems0
+
+team github upbound io v1alpha1 team sync group mapping status at provider group items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**groupDescription**|str|The description of the IdP group.
The description of the IdP group.||
+|**groupId**|str|The ID of the IdP group.
The ID of the IdP group.||
+|**groupName**|str|The name of the IdP group.
The name of the IdP group.||
+### TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### TeamMembership
+
+TeamMembership is the Schema for the TeamMemberships API. Provides a GitHub team membership resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"team.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"team.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"TeamMembership"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"TeamMembership"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[TeamGithubUpboundIoV1alpha1TeamMembershipSpec](#teamgithubupboundiov1alpha1teammembershipspec)|spec||
+|**status**|[TeamGithubUpboundIoV1alpha1TeamMembershipStatus](#teamgithubupboundiov1alpha1teammembershipstatus)|status||
+### TeamRepository
+
+TeamRepository is the Schema for the TeamRepositorys API. Manages the associations between teams and repositories.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"team.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"team.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"TeamRepository"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"TeamRepository"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[TeamGithubUpboundIoV1alpha1TeamRepositorySpec](#teamgithubupboundiov1alpha1teamrepositoryspec)|spec||
+|**status**|[TeamGithubUpboundIoV1alpha1TeamRepositoryStatus](#teamgithubupboundiov1alpha1teamrepositorystatus)|status||
+### TeamSettings
+
+TeamSettings is the Schema for the TeamSettingss API. Manages the team settings (in particular the request review delegation settings)
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"team.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"team.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"TeamSettings"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"TeamSettings"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[TeamGithubUpboundIoV1alpha1TeamSettingsSpec](#teamgithubupboundiov1alpha1teamsettingsspec)|spec||
+|**status**|[TeamGithubUpboundIoV1alpha1TeamSettingsStatus](#teamgithubupboundiov1alpha1teamsettingsstatus)|status||
+### TeamSyncGroupMapping
+
+TeamSyncGroupMapping is the Schema for the TeamSyncGroupMappings API. Creates and manages the connections between a team and its IdP group(s).
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"team.github.upbound.io/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"team.github.upbound.io/v1alpha1"|
+|**kind** `required` `readOnly`|"TeamSyncGroupMapping"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"TeamSyncGroupMapping"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpec](#teamgithubupboundiov1alpha1teamsyncgroupmappingspec)|spec||
+|**status**|[TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatus](#teamgithubupboundiov1alpha1teamsyncgroupmappingstatus)|status||
+### UserGithubUpboundIoV1alpha1MembershipSpec
+
+MembershipSpec defines the desired state of Membership
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**deletionPolicy**|"Orphan" | "Delete"|DeletionPolicy specifies what will happen to the underlying external
when this managed resource is deleted - either "Delete" or "Orphan" the
external resource.
This field is planned to be deprecated in favor of the ManagementPolicies
field in a future release. Currently, both could be set independently and
non-default values would be honored if the feature flag is enabled.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223|"Delete"|
+|**forProvider** `required`|[UserGithubUpboundIoV1alpha1MembershipSpecForProvider](#usergithubupboundiov1alpha1membershipspecforprovider)|for provider||
+|**initProvider**|[UserGithubUpboundIoV1alpha1MembershipSpecInitProvider](#usergithubupboundiov1alpha1membershipspecinitprovider)|init provider||
+|**managementPolicies**|[str]|THIS IS A BETA FIELD. It is on by default but can be opted out
through a Crossplane feature flag.
ManagementPolicies specify the array of actions Crossplane is allowed to
take on the managed and external resources.
This field is planned to replace the DeletionPolicy field in a future
release. Currently, both could be set independently and non-default
values would be honored if the feature flag is enabled. If both are
custom, the DeletionPolicy field will be ignored.
See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md|["*"]|
+|**providerConfigRef**|[UserGithubUpboundIoV1alpha1MembershipSpecProviderConfigRef](#usergithubupboundiov1alpha1membershipspecproviderconfigref)|provider config ref||
+|**publishConnectionDetailsTo**|[UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsTo](#usergithubupboundiov1alpha1membershipspecpublishconnectiondetailsto)|publish connection details to||
+|**writeConnectionSecretToRef**|[UserGithubUpboundIoV1alpha1MembershipSpecWriteConnectionSecretToRef](#usergithubupboundiov1alpha1membershipspecwriteconnectionsecrettoref)|write connection secret to ref||
+### UserGithubUpboundIoV1alpha1MembershipSpecForProvider
+
+user github upbound io v1alpha1 membership spec for provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**downgradeOnDestroy**|bool|Defaults to false. If set to true,
when this resource is destroyed, the member will not be removed
from the organization. Instead, the member's role will be
downgraded to 'member'.
Instead of removing the member from the org, you can choose to downgrade their membership to 'member' when this resource is destroyed. This is useful when wanting to downgrade admins while keeping them in the organization||
+|**role**|str|The role of the user within the organization.
Must be one of member or admin. Defaults to member.
admin role represents the owner role available via GitHub UI.
The role of the user within the organization. Must be one of 'member' or 'admin'.||
+|**username**|str|The user to add to the organization.
The user to add to the organization.||
+### UserGithubUpboundIoV1alpha1MembershipSpecInitProvider
+
+THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**downgradeOnDestroy**|bool|Defaults to false. If set to true,
when this resource is destroyed, the member will not be removed
from the organization. Instead, the member's role will be
downgraded to 'member'.
Instead of removing the member from the org, you can choose to downgrade their membership to 'member' when this resource is destroyed. This is useful when wanting to downgrade admins while keeping them in the organization||
+|**role**|str|The role of the user within the organization.
Must be one of member or admin. Defaults to member.
admin role represents the owner role available via GitHub UI.
The role of the user within the organization. Must be one of 'member' or 'admin'.||
+|**username**|str|The user to add to the organization.
The user to add to the organization.||
+### UserGithubUpboundIoV1alpha1MembershipSpecProviderConfigRef
+
+ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[UserGithubUpboundIoV1alpha1MembershipSpecProviderConfigRefPolicy](#usergithubupboundiov1alpha1membershipspecproviderconfigrefpolicy)|policy||
+### UserGithubUpboundIoV1alpha1MembershipSpecProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsTo
+
+PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configRef**|[UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsToConfigRef](#usergithubupboundiov1alpha1membershipspecpublishconnectiondetailstoconfigref)|config ref||
+|**metadata**|[UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsToMetadata](#usergithubupboundiov1alpha1membershipspecpublishconnectiondetailstometadata)|metadata||
+|**name** `required`|str|Name is the name of the connection secret.||
+### UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsToConfigRef
+
+SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsToConfigRefPolicy](#usergithubupboundiov1alpha1membershipspecpublishconnectiondetailstoconfigrefpolicy)|policy||
+### UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsToConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsToMetadata
+
+Metadata is the metadata for connection secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations are the annotations to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.annotations".
- It is up to Secret Store implementation for others store types.||
+|**labels**|{str:str}|Labels are the labels/tags to be added to connection secret.
- For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store types.||
+|**type**|str|||
+### UserGithubUpboundIoV1alpha1MembershipSpecWriteConnectionSecretToRef
+
+WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### UserGithubUpboundIoV1alpha1MembershipStatus
+
+MembershipStatus defines the observed state of Membership.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**atProvider**|[UserGithubUpboundIoV1alpha1MembershipStatusAtProvider](#usergithubupboundiov1alpha1membershipstatusatprovider)|at provider||
+|**conditions**|[[UserGithubUpboundIoV1alpha1MembershipStatusConditionsItems0](#usergithubupboundiov1alpha1membershipstatusconditionsitems0)]|Conditions of the resource.||
+|**observedGeneration**|int|ObservedGeneration is the latest metadata.generation
which resulted in either a ready state, or stalled due to error
it can not recover from without human intervention.||
+### UserGithubUpboundIoV1alpha1MembershipStatusAtProvider
+
+user github upbound io v1alpha1 membership status at provider
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**downgradeOnDestroy**|bool|Defaults to false. If set to true,
when this resource is destroyed, the member will not be removed
from the organization. Instead, the member's role will be
downgraded to 'member'.
Instead of removing the member from the org, you can choose to downgrade their membership to 'member' when this resource is destroyed. This is useful when wanting to downgrade admins while keeping them in the organization||
+|**etag**|str|etag||
+|**id**|str|id||
+|**role**|str|The role of the user within the organization.
Must be one of member or admin. Defaults to member.
admin role represents the owner role available via GitHub UI.
The role of the user within the organization. Must be one of 'member' or 'admin'.||
+|**username**|str|The user to add to the organization.
The user to add to the organization.||
+### UserGithubUpboundIoV1alpha1MembershipStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### GithubUpboundIoV1beta1ProviderConfigSpec
+
+A ProviderConfigSpec defines the desired state of a ProviderConfig.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**credentials** `required`|[GithubUpboundIoV1beta1ProviderConfigSpecCredentials](#githubupboundiov1beta1providerconfigspeccredentials)|credentials||
+### GithubUpboundIoV1beta1ProviderConfigSpecCredentials
+
+Credentials required to authenticate to this provider.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**env**|[GithubUpboundIoV1beta1ProviderConfigSpecCredentialsEnv](#githubupboundiov1beta1providerconfigspeccredentialsenv)|env||
+|**fs**|[GithubUpboundIoV1beta1ProviderConfigSpecCredentialsFs](#githubupboundiov1beta1providerconfigspeccredentialsfs)|fs||
+|**secretRef**|[GithubUpboundIoV1beta1ProviderConfigSpecCredentialsSecretRef](#githubupboundiov1beta1providerconfigspeccredentialssecretref)|secret ref||
+|**source** `required`|"None" | "Secret" | "InjectedIdentity" | "Environment" | "Filesystem"|Source of the provider credentials.||
+### GithubUpboundIoV1beta1ProviderConfigSpecCredentialsEnv
+
+Env is a reference to an environment variable that contains credentials that must be used to connect to the provider.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name is the name of an environment variable.||
+### GithubUpboundIoV1beta1ProviderConfigSpecCredentialsFs
+
+Fs is a reference to a filesystem location that contains credentials that must be used to connect to the provider.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**path** `required`|str|Path is a filesystem path.||
+### GithubUpboundIoV1beta1ProviderConfigSpecCredentialsSecretRef
+
+A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key to select.||
+|**name** `required`|str|Name of the secret.||
+|**namespace** `required`|str|Namespace of the secret.||
+### GithubUpboundIoV1beta1ProviderConfigStatus
+
+A ProviderConfigStatus reflects the observed state of a ProviderConfig.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**conditions**|[[GithubUpboundIoV1beta1ProviderConfigStatusConditionsItems0](#githubupboundiov1beta1providerconfigstatusconditionsitems0)]|Conditions of the resource.||
+|**users**|int|Users of this provider configuration.||
+### GithubUpboundIoV1beta1ProviderConfigStatusConditionsItems0
+
+A Condition that may apply to a resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**lastTransitionTime** `required`|str|LastTransitionTime is the last time this condition transitioned from one
status to another.||
+|**message**|str|A Message containing details about this condition's last transition from
one status to another, if any.||
+|**observedGeneration**|int|ObservedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.||
+|**reason** `required`|str|A Reason for this condition's last transition from one status to another.||
+|**status** `required`|str|Status of this condition; is it currently True, False, or Unknown?||
+|**type** `required`|str|||
+### GithubUpboundIoV1beta1ProviderConfigUsageProviderConfigRef
+
+ProviderConfigReference to the provider config being used.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referenced object.||
+|**policy**|[GithubUpboundIoV1beta1ProviderConfigUsageProviderConfigRefPolicy](#githubupboundiov1beta1providerconfigusageproviderconfigrefpolicy)|policy||
+### GithubUpboundIoV1beta1ProviderConfigUsageProviderConfigRefPolicy
+
+Policies for referencing.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**resolution**|"Required" | "Optional"|Resolution specifies whether resolution of this reference is required.
The default is 'Required', which means the reconcile will fail if the
reference cannot be resolved. 'Optional' means this reference will be
a no-op if it cannot be resolved.|"Required"|
+|**resolve**|"Always" | "IfNotPresent"|Resolve specifies when this reference should be resolved. The default
is 'IfNotPresent', which will attempt to resolve the reference only when
the corresponding field is not present. Use 'Always' to resolve the
reference on every reconcile.||
+### GithubUpboundIoV1beta1ProviderConfigUsageResourceRef
+
+ResourceReference to the managed resource using the provider config.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required`|str|APIVersion of the referenced object.||
+|**kind** `required`|str|Kind of the referenced object.||
+|**name** `required`|str|Name of the referenced object.||
+|**uid**|str|UID of the referenced object.||
+### ProviderConfig
+
+ProviderConfig configures how the provider will connect to Github.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"github.upbound.io/v1beta1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"github.upbound.io/v1beta1"|
+|**kind** `required` `readOnly`|"ProviderConfig"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"ProviderConfig"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec** `required`|[GithubUpboundIoV1beta1ProviderConfigSpec](#githubupboundiov1beta1providerconfigspec)|spec||
+|**status**|[GithubUpboundIoV1beta1ProviderConfigStatus](#githubupboundiov1beta1providerconfigstatus)|status||
+### ProviderConfigUsage
+
+A ProviderConfigUsage indicates that a resource is using a ProviderConfig.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"github.upbound.io/v1beta1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"github.upbound.io/v1beta1"|
+|**kind** `required` `readOnly`|"ProviderConfigUsage"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"ProviderConfigUsage"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**providerConfigRef** `required`|[GithubUpboundIoV1beta1ProviderConfigUsageProviderConfigRef](#githubupboundiov1beta1providerconfigusageproviderconfigref)|provider config ref||
+|**resourceRef** `required`|[GithubUpboundIoV1beta1ProviderConfigUsageResourceRef](#githubupboundiov1beta1providerconfigusageresourceref)|resource ref||
+
diff --git a/crossplane-provider-upjet-github/crds/crds.yaml b/crossplane-provider-upjet-github/crds/crds.yaml
new file mode 100644
index 00000000..e571f5d3
--- /dev/null
+++ b/crossplane-provider-upjet-github/crds/crds.yaml
@@ -0,0 +1,24122 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: actionssecrets.actions.github.upbound.io
+spec:
+ group: actions.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: ActionsSecret
+ listKind: ActionsSecretList
+ plural: actionssecrets
+ singular: actionssecret
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ActionsSecret is the Schema for the ActionsSecrets API. Creates
+ and manages an Action Secret within a GitHub repository
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ActionsSecretSpec defines the desired state of ActionsSecret
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ encryptedValueSecretRef:
+ description: |-
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ plaintextValueSecretRef:
+ description: |-
+ Plaintext value of the secret to be encrypted
+ Plaintext value of the secret to be encrypted.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ repository:
+ description: |-
+ Name of the repository
+ Name of the repository.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ secretName:
+ description: |-
+ Name of the secret
+ Name of the secret.
+ type: string
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ encryptedValueSecretRef:
+ description: |-
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ plaintextValueSecretRef:
+ description: |-
+ Plaintext value of the secret to be encrypted
+ Plaintext value of the secret to be encrypted.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ repository:
+ description: |-
+ Name of the repository
+ Name of the repository.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ secretName:
+ description: |-
+ Name of the secret
+ Name of the secret.
+ type: string
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: ActionsSecretStatus defines the observed state of ActionsSecret.
+ properties:
+ atProvider:
+ properties:
+ createdAt:
+ description: |-
+ Date of actions_secret creation.
+ Date of 'actions_secret' creation.
+ type: string
+ id:
+ type: string
+ repository:
+ description: |-
+ Name of the repository
+ Name of the repository.
+ type: string
+ secretName:
+ description: |-
+ Name of the secret
+ Name of the secret.
+ type: string
+ updatedAt:
+ description: |-
+ Date of actions_secret update.
+ Date of 'actions_secret' update.
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: actionsvariables.actions.github.upbound.io
+spec:
+ group: actions.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: ActionsVariable
+ listKind: ActionsVariableList
+ plural: actionsvariables
+ singular: actionsvariable
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ActionsVariable is the Schema for the ActionsVariables API. Creates
+ and manages an Action variable within a GitHub repository
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ActionsVariableSpec defines the desired state of ActionsVariable
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ repository:
+ description: |-
+ Name of the repository
+ Name of the repository.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ value:
+ description: |-
+ Value of the variable
+ Value of the variable.
+ type: string
+ variableName:
+ description: |-
+ Name of the variable
+ Name of the variable.
+ type: string
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ repository:
+ description: |-
+ Name of the repository
+ Name of the repository.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ value:
+ description: |-
+ Value of the variable
+ Value of the variable.
+ type: string
+ variableName:
+ description: |-
+ Name of the variable
+ Name of the variable.
+ type: string
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: ActionsVariableStatus defines the observed state of ActionsVariable.
+ properties:
+ atProvider:
+ properties:
+ createdAt:
+ description: |-
+ Date of actions_variable creation.
+ Date of 'actions_variable' creation.
+ type: string
+ id:
+ type: string
+ repository:
+ description: |-
+ Name of the repository
+ Name of the repository.
+ type: string
+ updatedAt:
+ description: |-
+ Date of actions_variable update.
+ Date of 'actions_variable' update.
+ type: string
+ value:
+ description: |-
+ Value of the variable
+ Value of the variable.
+ type: string
+ variableName:
+ description: |-
+ Name of the variable
+ Name of the variable.
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: environmentsecrets.actions.github.upbound.io
+spec:
+ group: actions.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: EnvironmentSecret
+ listKind: EnvironmentSecretList
+ plural: environmentsecrets
+ singular: environmentsecret
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: EnvironmentSecret is the Schema for the EnvironmentSecrets API.
+ Creates and manages an Action Secret within a GitHub repository environment
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: EnvironmentSecretSpec defines the desired state of EnvironmentSecret
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ encryptedValueSecretRef:
+ description: |-
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ environment:
+ description: |-
+ Name of the environment.
+ Name of the environment.
+ type: string
+ environmentRef:
+ description: Reference to a Environment in repo to populate environment.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ environmentSelector:
+ description: Selector for a Environment in repo to populate environment.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ plaintextValueSecretRef:
+ description: |-
+ Plaintext value of the secret to be encrypted.
+ Plaintext value of the secret to be encrypted.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ repository:
+ description: |-
+ Name of the repository.
+ Name of the repository.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ secretName:
+ description: |-
+ Name of the secret.
+ Name of the secret.
+ type: string
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ encryptedValueSecretRef:
+ description: |-
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ environment:
+ description: |-
+ Name of the environment.
+ Name of the environment.
+ type: string
+ environmentRef:
+ description: Reference to a Environment in repo to populate environment.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ environmentSelector:
+ description: Selector for a Environment in repo to populate environment.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ plaintextValueSecretRef:
+ description: |-
+ Plaintext value of the secret to be encrypted.
+ Plaintext value of the secret to be encrypted.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ repository:
+ description: |-
+ Name of the repository.
+ Name of the repository.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ secretName:
+ description: |-
+ Name of the secret.
+ Name of the secret.
+ type: string
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: EnvironmentSecretStatus defines the observed state of EnvironmentSecret.
+ properties:
+ atProvider:
+ properties:
+ createdAt:
+ description: |-
+ Date of actions_environment_secret creation.
+ Date of 'actions_environment_secret' creation.
+ type: string
+ environment:
+ description: |-
+ Name of the environment.
+ Name of the environment.
+ type: string
+ id:
+ type: string
+ repository:
+ description: |-
+ Name of the repository.
+ Name of the repository.
+ type: string
+ secretName:
+ description: |-
+ Name of the secret.
+ Name of the secret.
+ type: string
+ updatedAt:
+ description: |-
+ Date of actions_environment_secret update.
+ Date of 'actions_environment_secret' update.
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: environmentvariables.actions.github.upbound.io
+spec:
+ group: actions.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: EnvironmentVariable
+ listKind: EnvironmentVariableList
+ plural: environmentvariables
+ singular: environmentvariable
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: EnvironmentVariable is the Schema for the EnvironmentVariables
+ API. Creates and manages an Action variable within a GitHub repository environment
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: EnvironmentVariableSpec defines the desired state of EnvironmentVariable
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ environment:
+ description: |-
+ Name of the environment.
+ Name of the environment.
+ type: string
+ environmentRef:
+ description: Reference to a Environment in repo to populate environment.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ environmentSelector:
+ description: Selector for a Environment in repo to populate environment.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ repository:
+ description: |-
+ Name of the repository.
+ Name of the repository.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ value:
+ description: |-
+ Value of the variable
+ Value of the variable.
+ type: string
+ variableName:
+ description: |-
+ Name of the variable.
+ Name of the variable.
+ type: string
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ environment:
+ description: |-
+ Name of the environment.
+ Name of the environment.
+ type: string
+ environmentRef:
+ description: Reference to a Environment in repo to populate environment.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ environmentSelector:
+ description: Selector for a Environment in repo to populate environment.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ repository:
+ description: |-
+ Name of the repository.
+ Name of the repository.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ value:
+ description: |-
+ Value of the variable
+ Value of the variable.
+ type: string
+ variableName:
+ description: |-
+ Name of the variable.
+ Name of the variable.
+ type: string
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: EnvironmentVariableStatus defines the observed state of EnvironmentVariable.
+ properties:
+ atProvider:
+ properties:
+ createdAt:
+ description: |-
+ Date of actions_environment_secret creation.
+ Date of 'actions_variable' creation.
+ type: string
+ environment:
+ description: |-
+ Name of the environment.
+ Name of the environment.
+ type: string
+ id:
+ type: string
+ repository:
+ description: |-
+ Name of the repository.
+ Name of the repository.
+ type: string
+ updatedAt:
+ description: |-
+ Date of actions_environment_secret update.
+ Date of 'actions_variable' update.
+ type: string
+ value:
+ description: |-
+ Value of the variable
+ Value of the variable.
+ type: string
+ variableName:
+ description: |-
+ Name of the variable.
+ Name of the variable.
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: organizationactionssecrets.actions.github.upbound.io
+spec:
+ group: actions.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: OrganizationActionsSecret
+ listKind: OrganizationActionsSecretList
+ plural: organizationactionssecrets
+ singular: organizationactionssecret
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: OrganizationActionsSecret is the Schema for the OrganizationActionsSecrets
+ API. Creates and manages an Action Secret within a GitHub organization
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OrganizationActionsSecretSpec defines the desired state of
+ OrganizationActionsSecret
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ encryptedValueSecretRef:
+ description: |-
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ plaintextValueSecretRef:
+ description: |-
+ Plaintext value of the secret to be encrypted
+ Plaintext value of the secret to be encrypted.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ secretName:
+ description: |-
+ Name of the secret
+ Name of the secret.
+ type: string
+ selectedRepositoryIds:
+ description: |-
+ An array of repository ids that can access the organization secret.
+ An array of repository ids that can access the organization secret.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ visibility:
+ description: |-
+ Configures the access that repositories have to the organization secret.
+ Must be one of all, private, selected. selected_repository_ids is required if set to selected.
+ Configures the access that repositories have to the organization secret. Must be one of 'all', 'private', or 'selected'. 'selected_repository_ids' is required if set to 'selected'.
+ type: string
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ encryptedValueSecretRef:
+ description: |-
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ plaintextValueSecretRef:
+ description: |-
+ Plaintext value of the secret to be encrypted
+ Plaintext value of the secret to be encrypted.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ secretName:
+ description: |-
+ Name of the secret
+ Name of the secret.
+ type: string
+ selectedRepositoryIds:
+ description: |-
+ An array of repository ids that can access the organization secret.
+ An array of repository ids that can access the organization secret.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ visibility:
+ description: |-
+ Configures the access that repositories have to the organization secret.
+ Must be one of all, private, selected. selected_repository_ids is required if set to selected.
+ Configures the access that repositories have to the organization secret. Must be one of 'all', 'private', or 'selected'. 'selected_repository_ids' is required if set to 'selected'.
+ type: string
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: OrganizationActionsSecretStatus defines the observed state
+ of OrganizationActionsSecret.
+ properties:
+ atProvider:
+ properties:
+ createdAt:
+ description: |-
+ Date of actions_secret creation.
+ Date of 'actions_secret' creation.
+ type: string
+ id:
+ type: string
+ secretName:
+ description: |-
+ Name of the secret
+ Name of the secret.
+ type: string
+ selectedRepositoryIds:
+ description: |-
+ An array of repository ids that can access the organization secret.
+ An array of repository ids that can access the organization secret.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ updatedAt:
+ description: |-
+ Date of actions_secret update.
+ Date of 'actions_secret' update.
+ type: string
+ visibility:
+ description: |-
+ Configures the access that repositories have to the organization secret.
+ Must be one of all, private, selected. selected_repository_ids is required if set to selected.
+ Configures the access that repositories have to the organization secret. Must be one of 'all', 'private', or 'selected'. 'selected_repository_ids' is required if set to 'selected'.
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: organizationactionsvariables.actions.github.upbound.io
+spec:
+ group: actions.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: OrganizationActionsVariable
+ listKind: OrganizationActionsVariableList
+ plural: organizationactionsvariables
+ singular: organizationactionsvariable
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: OrganizationActionsVariable is the Schema for the OrganizationActionsVariables
+ API. Creates and manages an Action variable within a GitHub organization
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OrganizationActionsVariableSpec defines the desired state
+ of OrganizationActionsVariable
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ selectedRepositoryIds:
+ description: |-
+ An array of repository ids that can access the organization variable.
+ An array of repository ids that can access the organization variable.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ value:
+ description: |-
+ Value of the variable
+ Value of the variable.
+ type: string
+ variableName:
+ description: |-
+ Name of the variable
+ Name of the variable.
+ type: string
+ visibility:
+ description: |-
+ Configures the access that repositories have to the organization variable.
+ Must be one of all, private, selected. selected_repository_ids is required if set to selected.
+ Configures the access that repositories have to the organization variable. Must be one of 'all', 'private', or 'selected'. 'selected_repository_ids' is required if set to 'selected'.
+ type: string
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ selectedRepositoryIds:
+ description: |-
+ An array of repository ids that can access the organization variable.
+ An array of repository ids that can access the organization variable.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ value:
+ description: |-
+ Value of the variable
+ Value of the variable.
+ type: string
+ variableName:
+ description: |-
+ Name of the variable
+ Name of the variable.
+ type: string
+ visibility:
+ description: |-
+ Configures the access that repositories have to the organization variable.
+ Must be one of all, private, selected. selected_repository_ids is required if set to selected.
+ Configures the access that repositories have to the organization variable. Must be one of 'all', 'private', or 'selected'. 'selected_repository_ids' is required if set to 'selected'.
+ type: string
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: OrganizationActionsVariableStatus defines the observed state
+ of OrganizationActionsVariable.
+ properties:
+ atProvider:
+ properties:
+ createdAt:
+ description: |-
+ Date of actions_variable creation.
+ Date of 'actions_variable' creation.
+ type: string
+ id:
+ type: string
+ selectedRepositoryIds:
+ description: |-
+ An array of repository ids that can access the organization variable.
+ An array of repository ids that can access the organization variable.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ updatedAt:
+ description: |-
+ Date of actions_variable update.
+ Date of 'actions_variable' update.
+ type: string
+ value:
+ description: |-
+ Value of the variable
+ Value of the variable.
+ type: string
+ variableName:
+ description: |-
+ Name of the variable
+ Name of the variable.
+ type: string
+ visibility:
+ description: |-
+ Configures the access that repositories have to the organization variable.
+ Must be one of all, private, selected. selected_repository_ids is required if set to selected.
+ Configures the access that repositories have to the organization variable. Must be one of 'all', 'private', or 'selected'. 'selected_repository_ids' is required if set to 'selected'.
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: organizationpermissions.actions.github.upbound.io
+spec:
+ group: actions.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: OrganizationPermissions
+ listKind: OrganizationPermissionsList
+ plural: organizationpermissions
+ singular: organizationpermissions
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: OrganizationPermissions is the Schema for the OrganizationPermissionss
+ API. Creates and manages Actions permissions within a GitHub organization
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OrganizationPermissionsSpec defines the desired state of
+ OrganizationPermissions
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ allowedActions:
+ description: |-
+ The permissions policy that controls the actions that are allowed to run. Can be one of: all, local_only, or selected.
+ The permissions policy that controls the actions that are allowed to run. Can be one of: 'all', 'local_only', or 'selected'.
+ type: string
+ allowedActionsConfig:
+ description: |-
+ Sets the actions that are allowed in an organization. Only available when allowed_actions = selected. See Allowed Actions Config below for details.
+ Sets the actions that are allowed in an organization. Only available when 'allowed_actions' = 'selected'
+ items:
+ properties:
+ githubOwnedAllowed:
+ description: |-
+ Whether GitHub-owned actions are allowed in the organization.
+ Whether GitHub-owned actions are allowed in the organization.
+ type: boolean
+ patternsAllowed:
+ description: |-
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@, monalisa/octocat@v2, monalisa/."
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, 'monalisa/octocat@', 'monalisa/octocat@v2', 'monalisa/'.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ verifiedAllowed:
+ description: |-
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to 'true' to allow all GitHub Marketplace actions by verified creators.
+ type: boolean
+ type: object
+ type: array
+ enabledRepositories:
+ description: |-
+ The policy that controls the repositories in the organization that are allowed to run GitHub Actions. Can be one of: all, none, or selected.
+ The policy that controls the repositories in the organization that are allowed to run GitHub Actions. Can be one of: 'all', 'none', or 'selected'.
+ type: string
+ enabledRepositoriesConfig:
+ description: |-
+ Sets the list of selected repositories that are enabled for GitHub Actions in an organization. Only available when enabled_repositories = selected. See Enabled Repositories Config below for details.
+ Sets the list of selected repositories that are enabled for GitHub Actions in an organization. Only available when 'enabled_repositories' = 'selected'.
+ items:
+ properties:
+ repositoryIds:
+ description: |-
+ List of repository IDs to enable for GitHub Actions.
+ List of repository IDs to enable for GitHub Actions.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ type: array
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ allowedActions:
+ description: |-
+ The permissions policy that controls the actions that are allowed to run. Can be one of: all, local_only, or selected.
+ The permissions policy that controls the actions that are allowed to run. Can be one of: 'all', 'local_only', or 'selected'.
+ type: string
+ allowedActionsConfig:
+ description: |-
+ Sets the actions that are allowed in an organization. Only available when allowed_actions = selected. See Allowed Actions Config below for details.
+ Sets the actions that are allowed in an organization. Only available when 'allowed_actions' = 'selected'
+ items:
+ properties:
+ githubOwnedAllowed:
+ description: |-
+ Whether GitHub-owned actions are allowed in the organization.
+ Whether GitHub-owned actions are allowed in the organization.
+ type: boolean
+ patternsAllowed:
+ description: |-
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@, monalisa/octocat@v2, monalisa/."
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, 'monalisa/octocat@', 'monalisa/octocat@v2', 'monalisa/'.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ verifiedAllowed:
+ description: |-
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to 'true' to allow all GitHub Marketplace actions by verified creators.
+ type: boolean
+ type: object
+ type: array
+ enabledRepositories:
+ description: |-
+ The policy that controls the repositories in the organization that are allowed to run GitHub Actions. Can be one of: all, none, or selected.
+ The policy that controls the repositories in the organization that are allowed to run GitHub Actions. Can be one of: 'all', 'none', or 'selected'.
+ type: string
+ enabledRepositoriesConfig:
+ description: |-
+ Sets the list of selected repositories that are enabled for GitHub Actions in an organization. Only available when enabled_repositories = selected. See Enabled Repositories Config below for details.
+ Sets the list of selected repositories that are enabled for GitHub Actions in an organization. Only available when 'enabled_repositories' = 'selected'.
+ items:
+ properties:
+ repositoryIds:
+ description: |-
+ List of repository IDs to enable for GitHub Actions.
+ List of repository IDs to enable for GitHub Actions.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ type: array
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: OrganizationPermissionsStatus defines the observed state
+ of OrganizationPermissions.
+ properties:
+ atProvider:
+ properties:
+ allowedActions:
+ description: |-
+ The permissions policy that controls the actions that are allowed to run. Can be one of: all, local_only, or selected.
+ The permissions policy that controls the actions that are allowed to run. Can be one of: 'all', 'local_only', or 'selected'.
+ type: string
+ allowedActionsConfig:
+ description: |-
+ Sets the actions that are allowed in an organization. Only available when allowed_actions = selected. See Allowed Actions Config below for details.
+ Sets the actions that are allowed in an organization. Only available when 'allowed_actions' = 'selected'
+ items:
+ properties:
+ githubOwnedAllowed:
+ description: |-
+ Whether GitHub-owned actions are allowed in the organization.
+ Whether GitHub-owned actions are allowed in the organization.
+ type: boolean
+ patternsAllowed:
+ description: |-
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@, monalisa/octocat@v2, monalisa/."
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, 'monalisa/octocat@', 'monalisa/octocat@v2', 'monalisa/'.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ verifiedAllowed:
+ description: |-
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to 'true' to allow all GitHub Marketplace actions by verified creators.
+ type: boolean
+ type: object
+ type: array
+ enabledRepositories:
+ description: |-
+ The policy that controls the repositories in the organization that are allowed to run GitHub Actions. Can be one of: all, none, or selected.
+ The policy that controls the repositories in the organization that are allowed to run GitHub Actions. Can be one of: 'all', 'none', or 'selected'.
+ type: string
+ enabledRepositoriesConfig:
+ description: |-
+ Sets the list of selected repositories that are enabled for GitHub Actions in an organization. Only available when enabled_repositories = selected. See Enabled Repositories Config below for details.
+ Sets the list of selected repositories that are enabled for GitHub Actions in an organization. Only available when 'enabled_repositories' = 'selected'.
+ items:
+ properties:
+ repositoryIds:
+ description: |-
+ List of repository IDs to enable for GitHub Actions.
+ List of repository IDs to enable for GitHub Actions.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ type: array
+ id:
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: repositoryaccesslevels.actions.github.upbound.io
+spec:
+ group: actions.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: RepositoryAccessLevel
+ listKind: RepositoryAccessLevelList
+ plural: repositoryaccesslevels
+ singular: repositoryaccesslevel
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: RepositoryAccessLevel is the Schema for the RepositoryAccessLevels
+ API. Manages Actions and Reusable Workflow access for a GitHub repository
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: RepositoryAccessLevelSpec defines the desired state of RepositoryAccessLevel
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ accessLevel:
+ description: |-
+ Where the actions or reusable workflows of the repository may be used. Possible values are none, user, organization, or enterprise.
+ Where the actions or reusable workflows of the repository may be used. Possible values are 'none', 'user', 'organization', or 'enterprise'.
+ type: string
+ repository:
+ description: |-
+ The GitHub repository
+ The GitHub repository.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ accessLevel:
+ description: |-
+ Where the actions or reusable workflows of the repository may be used. Possible values are none, user, organization, or enterprise.
+ Where the actions or reusable workflows of the repository may be used. Possible values are 'none', 'user', 'organization', or 'enterprise'.
+ type: string
+ repository:
+ description: |-
+ The GitHub repository
+ The GitHub repository.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: RepositoryAccessLevelStatus defines the observed state of
+ RepositoryAccessLevel.
+ properties:
+ atProvider:
+ properties:
+ accessLevel:
+ description: |-
+ Where the actions or reusable workflows of the repository may be used. Possible values are none, user, organization, or enterprise.
+ Where the actions or reusable workflows of the repository may be used. Possible values are 'none', 'user', 'organization', or 'enterprise'.
+ type: string
+ id:
+ type: string
+ repository:
+ description: |-
+ The GitHub repository
+ The GitHub repository.
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: repositorypermissions.actions.github.upbound.io
+spec:
+ group: actions.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: RepositoryPermissions
+ listKind: RepositoryPermissionsList
+ plural: repositorypermissions
+ singular: repositorypermissions
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: RepositoryPermissions is the Schema for the RepositoryPermissionss
+ API. Enables and manages Actions permissions for a GitHub repository
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: RepositoryPermissionsSpec defines the desired state of RepositoryPermissions
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ allowedActions:
+ description: |-
+ The permissions policy that controls the actions that are allowed to run. Can be one of: all, local_only, or selected.
+ The permissions policy that controls the actions that are allowed to run. Can be one of: 'all', 'local_only', or 'selected'.
+ type: string
+ allowedActionsConfig:
+ description: |-
+ Sets the actions that are allowed in an repository. Only available when allowed_actions = selected. See Allowed Actions Config below for details.
+ Sets the actions that are allowed in an repository. Only available when 'allowed_actions' = 'selected'.
+ items:
+ properties:
+ githubOwnedAllowed:
+ description: |-
+ Whether GitHub-owned actions are allowed in the repository.
+ Whether GitHub-owned actions are allowed in the repository.
+ type: boolean
+ patternsAllowed:
+ description: |-
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@, monalisa/octocat@v2, monalisa/."
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, 'monalisa/octocat@', 'monalisa/octocat@v2', 'monalisa/'.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ verifiedAllowed:
+ description: |-
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to 'true' to allow all GitHub Marketplace actions by verified creators.
+ type: boolean
+ type: object
+ type: array
+ enabled:
+ description: |-
+ Should GitHub actions be enabled on this repository?
+ Should GitHub actions be enabled on this repository.
+ type: boolean
+ repository:
+ description: |-
+ The GitHub repository
+ The GitHub repository.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ allowedActions:
+ description: |-
+ The permissions policy that controls the actions that are allowed to run. Can be one of: all, local_only, or selected.
+ The permissions policy that controls the actions that are allowed to run. Can be one of: 'all', 'local_only', or 'selected'.
+ type: string
+ allowedActionsConfig:
+ description: |-
+ Sets the actions that are allowed in an repository. Only available when allowed_actions = selected. See Allowed Actions Config below for details.
+ Sets the actions that are allowed in an repository. Only available when 'allowed_actions' = 'selected'.
+ items:
+ properties:
+ githubOwnedAllowed:
+ description: |-
+ Whether GitHub-owned actions are allowed in the repository.
+ Whether GitHub-owned actions are allowed in the repository.
+ type: boolean
+ patternsAllowed:
+ description: |-
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@, monalisa/octocat@v2, monalisa/."
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, 'monalisa/octocat@', 'monalisa/octocat@v2', 'monalisa/'.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ verifiedAllowed:
+ description: |-
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to 'true' to allow all GitHub Marketplace actions by verified creators.
+ type: boolean
+ type: object
+ type: array
+ enabled:
+ description: |-
+ Should GitHub actions be enabled on this repository?
+ Should GitHub actions be enabled on this repository.
+ type: boolean
+ repository:
+ description: |-
+ The GitHub repository
+ The GitHub repository.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: RepositoryPermissionsStatus defines the observed state of
+ RepositoryPermissions.
+ properties:
+ atProvider:
+ properties:
+ allowedActions:
+ description: |-
+ The permissions policy that controls the actions that are allowed to run. Can be one of: all, local_only, or selected.
+ The permissions policy that controls the actions that are allowed to run. Can be one of: 'all', 'local_only', or 'selected'.
+ type: string
+ allowedActionsConfig:
+ description: |-
+ Sets the actions that are allowed in an repository. Only available when allowed_actions = selected. See Allowed Actions Config below for details.
+ Sets the actions that are allowed in an repository. Only available when 'allowed_actions' = 'selected'.
+ items:
+ properties:
+ githubOwnedAllowed:
+ description: |-
+ Whether GitHub-owned actions are allowed in the repository.
+ Whether GitHub-owned actions are allowed in the repository.
+ type: boolean
+ patternsAllowed:
+ description: |-
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@, monalisa/octocat@v2, monalisa/."
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, 'monalisa/octocat@', 'monalisa/octocat@v2', 'monalisa/'.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ verifiedAllowed:
+ description: |-
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to 'true' to allow all GitHub Marketplace actions by verified creators.
+ type: boolean
+ type: object
+ type: array
+ enabled:
+ description: |-
+ Should GitHub actions be enabled on this repository?
+ Should GitHub actions be enabled on this repository.
+ type: boolean
+ id:
+ type: string
+ repository:
+ description: |-
+ The GitHub repository
+ The GitHub repository.
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: runnergroups.actions.github.upbound.io
+spec:
+ group: actions.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: RunnerGroup
+ listKind: RunnerGroupList
+ plural: runnergroups
+ singular: runnergroup
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: RunnerGroup is the Schema for the RunnerGroups API. Creates and
+ manages an Actions Runner Group within a GitHub organization
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: RunnerGroupSpec defines the desired state of RunnerGroup
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ allowsPublicRepositories:
+ description: |-
+ Whether public repositories can be added to the runner group. Defaults to false.
+ Whether public repositories can be added to the runner group.
+ type: boolean
+ name:
+ description: |-
+ Name of the runner group
+ Name of the runner group.
+ type: string
+ nameRef:
+ description: Reference to a Repository in repo to populate name.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ nameSelector:
+ description: Selector for a Repository in repo to populate name.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ restrictedToWorkflows:
+ description: |-
+ If true, the runner group will be restricted to running only the workflows specified in the selected_workflows array. Defaults to false.
+ If 'true', the runner group will be restricted to running only the workflows specified in the 'selected_workflows' array. Defaults to 'false'.
+ type: boolean
+ selectedRepositoryIds:
+ description: |-
+ IDs of the repositories which should be added to the runner group
+ List of repository IDs that can access the runner group.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ selectedWorkflows:
+ description: |-
+ List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to true.
+ List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to 'true'.
+ items:
+ type: string
+ type: array
+ visibility:
+ description: |-
+ Visibility of a runner group. Whether the runner group can include all, selected, or private repositories. A value of private is not currently supported due to limitations in the GitHub API.
+ The visibility of the runner group.
+ type: string
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ allowsPublicRepositories:
+ description: |-
+ Whether public repositories can be added to the runner group. Defaults to false.
+ Whether public repositories can be added to the runner group.
+ type: boolean
+ name:
+ description: |-
+ Name of the runner group
+ Name of the runner group.
+ type: string
+ nameRef:
+ description: Reference to a Repository in repo to populate name.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ nameSelector:
+ description: Selector for a Repository in repo to populate name.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ restrictedToWorkflows:
+ description: |-
+ If true, the runner group will be restricted to running only the workflows specified in the selected_workflows array. Defaults to false.
+ If 'true', the runner group will be restricted to running only the workflows specified in the 'selected_workflows' array. Defaults to 'false'.
+ type: boolean
+ selectedRepositoryIds:
+ description: |-
+ IDs of the repositories which should be added to the runner group
+ List of repository IDs that can access the runner group.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ selectedWorkflows:
+ description: |-
+ List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to true.
+ List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to 'true'.
+ items:
+ type: string
+ type: array
+ visibility:
+ description: |-
+ Visibility of a runner group. Whether the runner group can include all, selected, or private repositories. A value of private is not currently supported due to limitations in the GitHub API.
+ The visibility of the runner group.
+ type: string
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: RunnerGroupStatus defines the observed state of RunnerGroup.
+ properties:
+ atProvider:
+ properties:
+ allowsPublicRepositories:
+ description: |-
+ Whether public repositories can be added to the runner group. Defaults to false.
+ Whether public repositories can be added to the runner group.
+ type: boolean
+ default:
+ description: |-
+ Whether this is the default runner group
+ Whether this is the default runner group.
+ type: boolean
+ etag:
+ description: |-
+ An etag representing the runner group object
+ An etag representing the runner group object
+ type: string
+ id:
+ type: string
+ inherited:
+ description: |-
+ Whether the runner group is inherited from the enterprise level
+ Whether the runner group is inherited from the enterprise level
+ type: boolean
+ name:
+ description: |-
+ Name of the runner group
+ Name of the runner group.
+ type: string
+ restrictedToWorkflows:
+ description: |-
+ If true, the runner group will be restricted to running only the workflows specified in the selected_workflows array. Defaults to false.
+ If 'true', the runner group will be restricted to running only the workflows specified in the 'selected_workflows' array. Defaults to 'false'.
+ type: boolean
+ runnersUrl:
+ description: |-
+ The GitHub API URL for the runner group's runners
+ The GitHub API URL for the runner group's runners.
+ type: string
+ selectedRepositoriesUrl:
+ description: |-
+ GitHub API URL for the runner group's repositories
+ GitHub API URL for the runner group's repositories.
+ type: string
+ selectedRepositoryIds:
+ description: |-
+ IDs of the repositories which should be added to the runner group
+ List of repository IDs that can access the runner group.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ selectedWorkflows:
+ description: |-
+ List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to true.
+ List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to 'true'.
+ items:
+ type: string
+ type: array
+ visibility:
+ description: |-
+ Visibility of a runner group. Whether the runner group can include all, selected, or private repositories. A value of private is not currently supported due to limitations in the GitHub API.
+ The visibility of the runner group.
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: organizations.enterprise.github.upbound.io
+spec:
+ group: enterprise.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: Organization
+ listKind: OrganizationList
+ plural: organizations
+ singular: organization
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: Organization is the Schema for the Organizations API. Create
+ and manages a GitHub enterprise organization.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OrganizationSpec defines the desired state of Organization
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ adminLogins:
+ description: |-
+ List of organization owner usernames.
+ List of organization owner usernames.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ billingEmail:
+ description: |-
+ The billing email address.
+ The billing email address.
+ type: string
+ description:
+ description: |-
+ The description of the organization.
+ The description of the organization.
+ type: string
+ displayName:
+ description: |-
+ The display name of the organization.
+ The display name of the organization.
+ type: string
+ enterpriseId:
+ description: |-
+ The ID of the enterprise.
+ The ID of the enterprise.
+ type: string
+ name:
+ description: |-
+ The name of the organization.
+ The name of the organization.
+ type: string
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ adminLogins:
+ description: |-
+ List of organization owner usernames.
+ List of organization owner usernames.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ billingEmail:
+ description: |-
+ The billing email address.
+ The billing email address.
+ type: string
+ description:
+ description: |-
+ The description of the organization.
+ The description of the organization.
+ type: string
+ displayName:
+ description: |-
+ The display name of the organization.
+ The display name of the organization.
+ type: string
+ enterpriseId:
+ description: |-
+ The ID of the enterprise.
+ The ID of the enterprise.
+ type: string
+ name:
+ description: |-
+ The name of the organization.
+ The name of the organization.
+ type: string
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: OrganizationStatus defines the observed state of Organization.
+ properties:
+ atProvider:
+ properties:
+ adminLogins:
+ description: |-
+ List of organization owner usernames.
+ List of organization owner usernames.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ billingEmail:
+ description: |-
+ The billing email address.
+ The billing email address.
+ type: string
+ databaseId:
+ description: |-
+ The ID of the organization.
+ The database ID of the organization.
+ format: int64
+ type: integer
+ description:
+ description: |-
+ The description of the organization.
+ The description of the organization.
+ type: string
+ displayName:
+ description: |-
+ The display name of the organization.
+ The display name of the organization.
+ type: string
+ enterpriseId:
+ description: |-
+ The ID of the enterprise.
+ The ID of the enterprise.
+ type: string
+ id:
+ description: The node ID of the organization for use with the
+ v4 API.
+ type: string
+ name:
+ description: |-
+ The name of the organization.
+ The name of the organization.
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: organizationrulesets.enterprise.github.upbound.io
+spec:
+ group: enterprise.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: OrganizationRuleset
+ listKind: OrganizationRulesetList
+ plural: organizationrulesets
+ singular: organizationruleset
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: OrganizationRuleset is the Schema for the OrganizationRulesets
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OrganizationRulesetSpec defines the desired state of OrganizationRuleset
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ bypassActors:
+ description: The actors that can bypass the rules in this ruleset.
+ items:
+ properties:
+ actorId:
+ description: The ID of the actor that can bypass a ruleset.
+ When `actor_type` is `OrganizationAdmin`, this should
+ be set to `1`.
+ format: int64
+ type: integer
+ actorType:
+ description: 'The type of actor that can bypass a ruleset.
+ Can be one of: `RepositoryRole`, `Team`, `Integration`,
+ `OrganizationAdmin`.'
+ type: string
+ bypassMode:
+ description: 'When the specified actor can bypass the ruleset.
+ pull_request means that an actor can only bypass rules
+ on pull requests. Can be one of: `always`, `pull_request`.'
+ type: string
+ type: object
+ type: array
+ conditions:
+ description: Parameters for an organization ruleset condition.
+ `ref_name` is required alongside one of `repository_name` or
+ `repository_id`.
+ items:
+ properties:
+ refName:
+ items:
+ properties:
+ exclude:
+ description: Array of ref names or patterns to exclude.
+ The condition will not pass if any of these patterns
+ match.
+ items:
+ type: string
+ type: array
+ include:
+ description: Array of ref names or patterns to include.
+ One of these patterns must match for the condition
+ to pass. Also accepts `~DEFAULT_BRANCH` to include
+ the default branch or `~ALL` to include all branches.
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ repositoryId:
+ description: The repository IDs that the ruleset applies
+ to. One of these IDs must match for the condition to pass.
+ items:
+ format: int64
+ type: integer
+ type: array
+ repositoryName:
+ items:
+ properties:
+ exclude:
+ description: Array of repository names or patterns
+ to exclude. The condition will not pass if any of
+ these patterns match.
+ items:
+ type: string
+ type: array
+ include:
+ description: Array of repository names or patterns
+ to include. One of these patterns must match for
+ the condition to pass. Also accepts `~ALL` to include
+ all repositories.
+ items:
+ type: string
+ type: array
+ protected:
+ description: Whether renaming of target repositories
+ is prevented.
+ type: boolean
+ type: object
+ type: array
+ type: object
+ type: array
+ enforcement:
+ description: 'Possible values for Enforcement are `disabled`,
+ `active`, `evaluate`. Note: `evaluate` is currently only supported
+ for owners of type `organization`.'
+ type: string
+ name:
+ description: The name of the ruleset.
+ type: string
+ rules:
+ description: Rules within the ruleset.
+ items:
+ properties:
+ branchNamePattern:
+ description: Parameters to be used for the branch_name_pattern
+ rule. This rule only applies to repositories within an
+ enterprise, it cannot be applied to repositories owned
+ by individuals or regular organizations. Conflicts with
+ `tag_name_pattern` as it only applies to rulesets with
+ target `branch`.
+ items:
+ properties:
+ name:
+ description: How this rule will appear to users.
+ type: string
+ negate:
+ description: If true, the rule will fail if the pattern
+ matches.
+ type: boolean
+ operator:
+ description: 'The operator to use for matching. Can
+ be one of: `starts_with`, `ends_with`, `contains`,
+ `regex`.'
+ type: string
+ pattern:
+ description: The pattern to match with.
+ type: string
+ type: object
+ type: array
+ commitAuthorEmailPattern:
+ description: Parameters to be used for the commit_author_email_pattern
+ rule.
+ items:
+ properties:
+ name:
+ description: How this rule will appear to users.
+ type: string
+ negate:
+ description: If true, the rule will fail if the pattern
+ matches.
+ type: boolean
+ operator:
+ description: 'The operator to use for matching. Can
+ be one of: `starts_with`, `ends_with`, `contains`,
+ `regex`.'
+ type: string
+ pattern:
+ description: The pattern to match with.
+ type: string
+ type: object
+ type: array
+ commitMessagePattern:
+ description: Parameters to be used for the commit_message_pattern
+ rule.
+ items:
+ properties:
+ name:
+ description: How this rule will appear to users.
+ type: string
+ negate:
+ description: If true, the rule will fail if the pattern
+ matches.
+ type: boolean
+ operator:
+ description: 'The operator to use for matching. Can
+ be one of: `starts_with`, `ends_with`, `contains`,
+ `regex`.'
+ type: string
+ pattern:
+ description: The pattern to match with.
+ type: string
+ type: object
+ type: array
+ committerEmailPattern:
+ description: Parameters to be used for the committer_email_pattern
+ rule.
+ items:
+ properties:
+ name:
+ description: How this rule will appear to users.
+ type: string
+ negate:
+ description: If true, the rule will fail if the pattern
+ matches.
+ type: boolean
+ operator:
+ description: 'The operator to use for matching. Can
+ be one of: `starts_with`, `ends_with`, `contains`,
+ `regex`.'
+ type: string
+ pattern:
+ description: The pattern to match with.
+ type: string
+ type: object
+ type: array
+ creation:
+ description: Only allow users with bypass permission to
+ create matching refs.
+ type: boolean
+ deletion:
+ description: Only allow users with bypass permissions to
+ delete matching refs.
+ type: boolean
+ nonFastForward:
+ description: Prevent users with push access from force pushing
+ to branches.
+ type: boolean
+ pullRequest:
+ description: Require all commits be made to a non-target
+ branch and submitted via a pull request before they can
+ be merged.
+ items:
+ properties:
+ dismissStaleReviewsOnPush:
+ description: New, reviewable commits pushed will dismiss
+ previous pull request review approvals. Defaults
+ to `false`.
+ type: boolean
+ requireCodeOwnerReview:
+ description: Require an approving review in pull requests
+ that modify files that have a designated code owner.
+ Defaults to `false`.
+ type: boolean
+ requireLastPushApproval:
+ description: Whether the most recent reviewable push
+ must be approved by someone other than the person
+ who pushed it. Defaults to `false`.
+ type: boolean
+ requiredApprovingReviewCount:
+ description: The number of approving reviews that
+ are required before a pull request can be merged.
+ Defaults to `0`.
+ format: int64
+ type: integer
+ requiredReviewThreadResolution:
+ description: All conversations on code must be resolved
+ before a pull request can be merged. Defaults to
+ `false`.
+ type: boolean
+ type: object
+ type: array
+ requiredLinearHistory:
+ description: Prevent merge commits from being pushed to
+ matching branches.
+ type: boolean
+ requiredSignatures:
+ description: Commits pushed to matching branches must have
+ verified signatures.
+ type: boolean
+ requiredStatusChecks:
+ description: Choose which status checks must pass before
+ branches can be merged into a branch that matches this
+ rule. When enabled, commits must first be pushed to another
+ branch, then merged or pushed directly to a branch that
+ matches this rule after status checks have passed.
+ items:
+ properties:
+ requiredCheck:
+ description: Status checks that are required. Several
+ can be defined.
+ items:
+ properties:
+ context:
+ description: The status check context name that
+ must be present on the commit.
+ type: string
+ integrationId:
+ description: The optional integration ID that
+ this status check must originate from.
+ format: int64
+ type: integer
+ type: object
+ type: array
+ strictRequiredStatusChecksPolicy:
+ description: Whether pull requests targeting a matching
+ branch must be tested with the latest code. This
+ setting will not take effect unless at least one
+ status check is enabled. Defaults to `false`.
+ type: boolean
+ type: object
+ type: array
+ requiredWorkflows:
+ description: Choose which Actions workflows must pass before
+ branches can be merged into a branch that matches this
+ rule.
+ items:
+ properties:
+ requiredWorkflow:
+ description: Actions workflows that are required.
+ Several can be defined.
+ items:
+ properties:
+ path:
+ description: The path to the workflow YAML definition
+ file.
+ type: string
+ ref:
+ description: The ref (branch or tag) of the
+ workflow file to use.
+ type: string
+ repositoryId:
+ description: The repository in which the workflow
+ is defined.
+ format: int64
+ type: integer
+ type: object
+ type: array
+ type: object
+ type: array
+ tagNamePattern:
+ description: Parameters to be used for the tag_name_pattern
+ rule. This rule only applies to repositories within an
+ enterprise, it cannot be applied to repositories owned
+ by individuals or regular organizations. Conflicts with
+ `branch_name_pattern` as it only applies to rulesets with
+ target `tag`.
+ items:
+ properties:
+ name:
+ description: How this rule will appear to users.
+ type: string
+ negate:
+ description: If true, the rule will fail if the pattern
+ matches.
+ type: boolean
+ operator:
+ description: 'The operator to use for matching. Can
+ be one of: `starts_with`, `ends_with`, `contains`,
+ `regex`.'
+ type: string
+ pattern:
+ description: The pattern to match with.
+ type: string
+ type: object
+ type: array
+ update:
+ description: Only allow users with bypass permission to
+ update matching refs.
+ type: boolean
+ type: object
+ type: array
+ target:
+ description: 'Possible values are `branch`, `tag` and `push`.
+ Note: The `push` target is in beta and is subject to change.'
+ type: string
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ bypassActors:
+ description: The actors that can bypass the rules in this ruleset.
+ items:
+ properties:
+ actorId:
+ description: The ID of the actor that can bypass a ruleset.
+ When `actor_type` is `OrganizationAdmin`, this should
+ be set to `1`.
+ format: int64
+ type: integer
+ actorType:
+ description: 'The type of actor that can bypass a ruleset.
+ Can be one of: `RepositoryRole`, `Team`, `Integration`,
+ `OrganizationAdmin`.'
+ type: string
+ bypassMode:
+ description: 'When the specified actor can bypass the ruleset.
+ pull_request means that an actor can only bypass rules
+ on pull requests. Can be one of: `always`, `pull_request`.'
+ type: string
+ type: object
+ type: array
+ conditions:
+ description: Parameters for an organization ruleset condition.
+ `ref_name` is required alongside one of `repository_name` or
+ `repository_id`.
+ items:
+ properties:
+ refName:
+ items:
+ properties:
+ exclude:
+ description: Array of ref names or patterns to exclude.
+ The condition will not pass if any of these patterns
+ match.
+ items:
+ type: string
+ type: array
+ include:
+ description: Array of ref names or patterns to include.
+ One of these patterns must match for the condition
+ to pass. Also accepts `~DEFAULT_BRANCH` to include
+ the default branch or `~ALL` to include all branches.
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ repositoryId:
+ description: The repository IDs that the ruleset applies
+ to. One of these IDs must match for the condition to pass.
+ items:
+ format: int64
+ type: integer
+ type: array
+ repositoryName:
+ items:
+ properties:
+ exclude:
+ description: Array of repository names or patterns
+ to exclude. The condition will not pass if any of
+ these patterns match.
+ items:
+ type: string
+ type: array
+ include:
+ description: Array of repository names or patterns
+ to include. One of these patterns must match for
+ the condition to pass. Also accepts `~ALL` to include
+ all repositories.
+ items:
+ type: string
+ type: array
+ protected:
+ description: Whether renaming of target repositories
+ is prevented.
+ type: boolean
+ type: object
+ type: array
+ type: object
+ type: array
+ enforcement:
+ description: 'Possible values for Enforcement are `disabled`,
+ `active`, `evaluate`. Note: `evaluate` is currently only supported
+ for owners of type `organization`.'
+ type: string
+ name:
+ description: The name of the ruleset.
+ type: string
+ rules:
+ description: Rules within the ruleset.
+ items:
+ properties:
+ branchNamePattern:
+ description: Parameters to be used for the branch_name_pattern
+ rule. This rule only applies to repositories within an
+ enterprise, it cannot be applied to repositories owned
+ by individuals or regular organizations. Conflicts with
+ `tag_name_pattern` as it only applies to rulesets with
+ target `branch`.
+ items:
+ properties:
+ name:
+ description: How this rule will appear to users.
+ type: string
+ negate:
+ description: If true, the rule will fail if the pattern
+ matches.
+ type: boolean
+ operator:
+ description: 'The operator to use for matching. Can
+ be one of: `starts_with`, `ends_with`, `contains`,
+ `regex`.'
+ type: string
+ pattern:
+ description: The pattern to match with.
+ type: string
+ type: object
+ type: array
+ commitAuthorEmailPattern:
+ description: Parameters to be used for the commit_author_email_pattern
+ rule.
+ items:
+ properties:
+ name:
+ description: How this rule will appear to users.
+ type: string
+ negate:
+ description: If true, the rule will fail if the pattern
+ matches.
+ type: boolean
+ operator:
+ description: 'The operator to use for matching. Can
+ be one of: `starts_with`, `ends_with`, `contains`,
+ `regex`.'
+ type: string
+ pattern:
+ description: The pattern to match with.
+ type: string
+ type: object
+ type: array
+ commitMessagePattern:
+ description: Parameters to be used for the commit_message_pattern
+ rule.
+ items:
+ properties:
+ name:
+ description: How this rule will appear to users.
+ type: string
+ negate:
+ description: If true, the rule will fail if the pattern
+ matches.
+ type: boolean
+ operator:
+ description: 'The operator to use for matching. Can
+ be one of: `starts_with`, `ends_with`, `contains`,
+ `regex`.'
+ type: string
+ pattern:
+ description: The pattern to match with.
+ type: string
+ type: object
+ type: array
+ committerEmailPattern:
+ description: Parameters to be used for the committer_email_pattern
+ rule.
+ items:
+ properties:
+ name:
+ description: How this rule will appear to users.
+ type: string
+ negate:
+ description: If true, the rule will fail if the pattern
+ matches.
+ type: boolean
+ operator:
+ description: 'The operator to use for matching. Can
+ be one of: `starts_with`, `ends_with`, `contains`,
+ `regex`.'
+ type: string
+ pattern:
+ description: The pattern to match with.
+ type: string
+ type: object
+ type: array
+ creation:
+ description: Only allow users with bypass permission to
+ create matching refs.
+ type: boolean
+ deletion:
+ description: Only allow users with bypass permissions to
+ delete matching refs.
+ type: boolean
+ nonFastForward:
+ description: Prevent users with push access from force pushing
+ to branches.
+ type: boolean
+ pullRequest:
+ description: Require all commits be made to a non-target
+ branch and submitted via a pull request before they can
+ be merged.
+ items:
+ properties:
+ dismissStaleReviewsOnPush:
+ description: New, reviewable commits pushed will dismiss
+ previous pull request review approvals. Defaults
+ to `false`.
+ type: boolean
+ requireCodeOwnerReview:
+ description: Require an approving review in pull requests
+ that modify files that have a designated code owner.
+ Defaults to `false`.
+ type: boolean
+ requireLastPushApproval:
+ description: Whether the most recent reviewable push
+ must be approved by someone other than the person
+ who pushed it. Defaults to `false`.
+ type: boolean
+ requiredApprovingReviewCount:
+ description: The number of approving reviews that
+ are required before a pull request can be merged.
+ Defaults to `0`.
+ format: int64
+ type: integer
+ requiredReviewThreadResolution:
+ description: All conversations on code must be resolved
+ before a pull request can be merged. Defaults to
+ `false`.
+ type: boolean
+ type: object
+ type: array
+ requiredLinearHistory:
+ description: Prevent merge commits from being pushed to
+ matching branches.
+ type: boolean
+ requiredSignatures:
+ description: Commits pushed to matching branches must have
+ verified signatures.
+ type: boolean
+ requiredStatusChecks:
+ description: Choose which status checks must pass before
+ branches can be merged into a branch that matches this
+ rule. When enabled, commits must first be pushed to another
+ branch, then merged or pushed directly to a branch that
+ matches this rule after status checks have passed.
+ items:
+ properties:
+ requiredCheck:
+ description: Status checks that are required. Several
+ can be defined.
+ items:
+ properties:
+ context:
+ description: The status check context name that
+ must be present on the commit.
+ type: string
+ integrationId:
+ description: The optional integration ID that
+ this status check must originate from.
+ format: int64
+ type: integer
+ type: object
+ type: array
+ strictRequiredStatusChecksPolicy:
+ description: Whether pull requests targeting a matching
+ branch must be tested with the latest code. This
+ setting will not take effect unless at least one
+ status check is enabled. Defaults to `false`.
+ type: boolean
+ type: object
+ type: array
+ requiredWorkflows:
+ description: Choose which Actions workflows must pass before
+ branches can be merged into a branch that matches this
+ rule.
+ items:
+ properties:
+ requiredWorkflow:
+ description: Actions workflows that are required.
+ Several can be defined.
+ items:
+ properties:
+ path:
+ description: The path to the workflow YAML definition
+ file.
+ type: string
+ ref:
+ description: The ref (branch or tag) of the
+ workflow file to use.
+ type: string
+ repositoryId:
+ description: The repository in which the workflow
+ is defined.
+ format: int64
+ type: integer
+ type: object
+ type: array
+ type: object
+ type: array
+ tagNamePattern:
+ description: Parameters to be used for the tag_name_pattern
+ rule. This rule only applies to repositories within an
+ enterprise, it cannot be applied to repositories owned
+ by individuals or regular organizations. Conflicts with
+ `branch_name_pattern` as it only applies to rulesets with
+ target `tag`.
+ items:
+ properties:
+ name:
+ description: How this rule will appear to users.
+ type: string
+ negate:
+ description: If true, the rule will fail if the pattern
+ matches.
+ type: boolean
+ operator:
+ description: 'The operator to use for matching. Can
+ be one of: `starts_with`, `ends_with`, `contains`,
+ `regex`.'
+ type: string
+ pattern:
+ description: The pattern to match with.
+ type: string
+ type: object
+ type: array
+ update:
+ description: Only allow users with bypass permission to
+ update matching refs.
+ type: boolean
+ type: object
+ type: array
+ target:
+ description: 'Possible values are `branch`, `tag` and `push`.
+ Note: The `push` target is in beta and is subject to change.'
+ type: string
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: OrganizationRulesetStatus defines the observed state of OrganizationRuleset.
+ properties:
+ atProvider:
+ properties:
+ bypassActors:
+ description: The actors that can bypass the rules in this ruleset.
+ items:
+ properties:
+ actorId:
+ description: The ID of the actor that can bypass a ruleset.
+ When `actor_type` is `OrganizationAdmin`, this should
+ be set to `1`.
+ format: int64
+ type: integer
+ actorType:
+ description: 'The type of actor that can bypass a ruleset.
+ Can be one of: `RepositoryRole`, `Team`, `Integration`,
+ `OrganizationAdmin`.'
+ type: string
+ bypassMode:
+ description: 'When the specified actor can bypass the ruleset.
+ pull_request means that an actor can only bypass rules
+ on pull requests. Can be one of: `always`, `pull_request`.'
+ type: string
+ type: object
+ type: array
+ conditions:
+ description: Parameters for an organization ruleset condition.
+ `ref_name` is required alongside one of `repository_name` or
+ `repository_id`.
+ items:
+ properties:
+ refName:
+ items:
+ properties:
+ exclude:
+ description: Array of ref names or patterns to exclude.
+ The condition will not pass if any of these patterns
+ match.
+ items:
+ type: string
+ type: array
+ include:
+ description: Array of ref names or patterns to include.
+ One of these patterns must match for the condition
+ to pass. Also accepts `~DEFAULT_BRANCH` to include
+ the default branch or `~ALL` to include all branches.
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ repositoryId:
+ description: The repository IDs that the ruleset applies
+ to. One of these IDs must match for the condition to pass.
+ items:
+ format: int64
+ type: integer
+ type: array
+ repositoryName:
+ items:
+ properties:
+ exclude:
+ description: Array of repository names or patterns
+ to exclude. The condition will not pass if any of
+ these patterns match.
+ items:
+ type: string
+ type: array
+ include:
+ description: Array of repository names or patterns
+ to include. One of these patterns must match for
+ the condition to pass. Also accepts `~ALL` to include
+ all repositories.
+ items:
+ type: string
+ type: array
+ protected:
+ description: Whether renaming of target repositories
+ is prevented.
+ type: boolean
+ type: object
+ type: array
+ type: object
+ type: array
+ enforcement:
+ description: 'Possible values for Enforcement are `disabled`,
+ `active`, `evaluate`. Note: `evaluate` is currently only supported
+ for owners of type `organization`.'
+ type: string
+ etag:
+ type: string
+ id:
+ type: string
+ name:
+ description: The name of the ruleset.
+ type: string
+ nodeId:
+ description: GraphQL global node id for use with v4 API.
+ type: string
+ rules:
+ description: Rules within the ruleset.
+ items:
+ properties:
+ branchNamePattern:
+ description: Parameters to be used for the branch_name_pattern
+ rule. This rule only applies to repositories within an
+ enterprise, it cannot be applied to repositories owned
+ by individuals or regular organizations. Conflicts with
+ `tag_name_pattern` as it only applies to rulesets with
+ target `branch`.
+ items:
+ properties:
+ name:
+ description: How this rule will appear to users.
+ type: string
+ negate:
+ description: If true, the rule will fail if the pattern
+ matches.
+ type: boolean
+ operator:
+ description: 'The operator to use for matching. Can
+ be one of: `starts_with`, `ends_with`, `contains`,
+ `regex`.'
+ type: string
+ pattern:
+ description: The pattern to match with.
+ type: string
+ type: object
+ type: array
+ commitAuthorEmailPattern:
+ description: Parameters to be used for the commit_author_email_pattern
+ rule.
+ items:
+ properties:
+ name:
+ description: How this rule will appear to users.
+ type: string
+ negate:
+ description: If true, the rule will fail if the pattern
+ matches.
+ type: boolean
+ operator:
+ description: 'The operator to use for matching. Can
+ be one of: `starts_with`, `ends_with`, `contains`,
+ `regex`.'
+ type: string
+ pattern:
+ description: The pattern to match with.
+ type: string
+ type: object
+ type: array
+ commitMessagePattern:
+ description: Parameters to be used for the commit_message_pattern
+ rule.
+ items:
+ properties:
+ name:
+ description: How this rule will appear to users.
+ type: string
+ negate:
+ description: If true, the rule will fail if the pattern
+ matches.
+ type: boolean
+ operator:
+ description: 'The operator to use for matching. Can
+ be one of: `starts_with`, `ends_with`, `contains`,
+ `regex`.'
+ type: string
+ pattern:
+ description: The pattern to match with.
+ type: string
+ type: object
+ type: array
+ committerEmailPattern:
+ description: Parameters to be used for the committer_email_pattern
+ rule.
+ items:
+ properties:
+ name:
+ description: How this rule will appear to users.
+ type: string
+ negate:
+ description: If true, the rule will fail if the pattern
+ matches.
+ type: boolean
+ operator:
+ description: 'The operator to use for matching. Can
+ be one of: `starts_with`, `ends_with`, `contains`,
+ `regex`.'
+ type: string
+ pattern:
+ description: The pattern to match with.
+ type: string
+ type: object
+ type: array
+ creation:
+ description: Only allow users with bypass permission to
+ create matching refs.
+ type: boolean
+ deletion:
+ description: Only allow users with bypass permissions to
+ delete matching refs.
+ type: boolean
+ nonFastForward:
+ description: Prevent users with push access from force pushing
+ to branches.
+ type: boolean
+ pullRequest:
+ description: Require all commits be made to a non-target
+ branch and submitted via a pull request before they can
+ be merged.
+ items:
+ properties:
+ dismissStaleReviewsOnPush:
+ description: New, reviewable commits pushed will dismiss
+ previous pull request review approvals. Defaults
+ to `false`.
+ type: boolean
+ requireCodeOwnerReview:
+ description: Require an approving review in pull requests
+ that modify files that have a designated code owner.
+ Defaults to `false`.
+ type: boolean
+ requireLastPushApproval:
+ description: Whether the most recent reviewable push
+ must be approved by someone other than the person
+ who pushed it. Defaults to `false`.
+ type: boolean
+ requiredApprovingReviewCount:
+ description: The number of approving reviews that
+ are required before a pull request can be merged.
+ Defaults to `0`.
+ format: int64
+ type: integer
+ requiredReviewThreadResolution:
+ description: All conversations on code must be resolved
+ before a pull request can be merged. Defaults to
+ `false`.
+ type: boolean
+ type: object
+ type: array
+ requiredLinearHistory:
+ description: Prevent merge commits from being pushed to
+ matching branches.
+ type: boolean
+ requiredSignatures:
+ description: Commits pushed to matching branches must have
+ verified signatures.
+ type: boolean
+ requiredStatusChecks:
+ description: Choose which status checks must pass before
+ branches can be merged into a branch that matches this
+ rule. When enabled, commits must first be pushed to another
+ branch, then merged or pushed directly to a branch that
+ matches this rule after status checks have passed.
+ items:
+ properties:
+ requiredCheck:
+ description: Status checks that are required. Several
+ can be defined.
+ items:
+ properties:
+ context:
+ description: The status check context name that
+ must be present on the commit.
+ type: string
+ integrationId:
+ description: The optional integration ID that
+ this status check must originate from.
+ format: int64
+ type: integer
+ type: object
+ type: array
+ strictRequiredStatusChecksPolicy:
+ description: Whether pull requests targeting a matching
+ branch must be tested with the latest code. This
+ setting will not take effect unless at least one
+ status check is enabled. Defaults to `false`.
+ type: boolean
+ type: object
+ type: array
+ requiredWorkflows:
+ description: Choose which Actions workflows must pass before
+ branches can be merged into a branch that matches this
+ rule.
+ items:
+ properties:
+ requiredWorkflow:
+ description: Actions workflows that are required.
+ Several can be defined.
+ items:
+ properties:
+ path:
+ description: The path to the workflow YAML definition
+ file.
+ type: string
+ ref:
+ description: The ref (branch or tag) of the
+ workflow file to use.
+ type: string
+ repositoryId:
+ description: The repository in which the workflow
+ is defined.
+ format: int64
+ type: integer
+ type: object
+ type: array
+ type: object
+ type: array
+ tagNamePattern:
+ description: Parameters to be used for the tag_name_pattern
+ rule. This rule only applies to repositories within an
+ enterprise, it cannot be applied to repositories owned
+ by individuals or regular organizations. Conflicts with
+ `branch_name_pattern` as it only applies to rulesets with
+ target `tag`.
+ items:
+ properties:
+ name:
+ description: How this rule will appear to users.
+ type: string
+ negate:
+ description: If true, the rule will fail if the pattern
+ matches.
+ type: boolean
+ operator:
+ description: 'The operator to use for matching. Can
+ be one of: `starts_with`, `ends_with`, `contains`,
+ `regex`.'
+ type: string
+ pattern:
+ description: The pattern to match with.
+ type: string
+ type: object
+ type: array
+ update:
+ description: Only allow users with bypass permission to
+ update matching refs.
+ type: boolean
+ type: object
+ type: array
+ rulesetId:
+ description: GitHub ID for the ruleset.
+ format: int64
+ type: integer
+ target:
+ description: 'Possible values are `branch`, `tag` and `push`.
+ Note: The `push` target is in beta and is subject to change.'
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: storeconfigs.github.upbound.io
+spec:
+ group: github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - store
+ - gcp
+ kind: StoreConfig
+ listKind: StoreConfigList
+ plural: storeconfigs
+ singular: storeconfig
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ - jsonPath: .spec.type
+ name: TYPE
+ type: string
+ - jsonPath: .spec.defaultScope
+ name: DEFAULT-SCOPE
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: A StoreConfig configures how GCP controller should store connection
+ details.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: A StoreConfigSpec defines the desired state of a ProviderConfig.
+ properties:
+ defaultScope:
+ description: |-
+ DefaultScope used for scoping secrets for "cluster-scoped" resources.
+ If store type is "Kubernetes", this would mean the default namespace to
+ store connection secrets for cluster scoped resources.
+ In case of "Vault", this would be used as the default parent path.
+ Typically, should be set as Crossplane installation namespace.
+ type: string
+ kubernetes:
+ description: |-
+ Kubernetes configures a Kubernetes secret store.
+ If the "type" is "Kubernetes" but no config provided, in cluster config
+ will be used.
+ properties:
+ auth:
+ description: Credentials used to connect to the Kubernetes API.
+ properties:
+ env:
+ description: |-
+ Env is a reference to an environment variable that contains credentials
+ that must be used to connect to the provider.
+ properties:
+ name:
+ description: Name is the name of an environment variable.
+ type: string
+ required:
+ - name
+ type: object
+ fs:
+ description: |-
+ Fs is a reference to a filesystem location that contains credentials that
+ must be used to connect to the provider.
+ properties:
+ path:
+ description: Path is a filesystem path.
+ type: string
+ required:
+ - path
+ type: object
+ secretRef:
+ description: |-
+ A SecretRef is a reference to a secret key that contains the credentials
+ that must be used to connect to the provider.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ source:
+ description: Source of the credentials.
+ enum:
+ - None
+ - Secret
+ - Environment
+ - Filesystem
+ type: string
+ required:
+ - source
+ type: object
+ required:
+ - auth
+ type: object
+ plugin:
+ description: Plugin configures External secret store as a plugin.
+ properties:
+ configRef:
+ description: ConfigRef contains store config reference info.
+ properties:
+ apiVersion:
+ description: APIVersion of the referenced config.
+ type: string
+ kind:
+ description: Kind of the referenced config.
+ type: string
+ name:
+ description: Name of the referenced config.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - name
+ type: object
+ endpoint:
+ description: Endpoint is the endpoint of the gRPC server.
+ type: string
+ type: object
+ type:
+ default: Kubernetes
+ description: |-
+ Type configures which secret store to be used. Only the configuration
+ block for this store will be used and others will be ignored if provided.
+ Default is Kubernetes.
+ enum:
+ - Kubernetes
+ - Vault
+ - Plugin
+ type: string
+ required:
+ - defaultScope
+ type: object
+ status:
+ description: A StoreConfigStatus represents the status of a StoreConfig.
+ properties:
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: providerconfigs.github.upbound.io
+spec:
+ group: github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - provider
+ - template
+ kind: ProviderConfig
+ listKind: ProviderConfigList
+ plural: providerconfigs
+ singular: providerconfig
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ - jsonPath: .spec.credentials.secretRef.name
+ name: SECRET-NAME
+ priority: 1
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: ProviderConfig configures how the provider will connect to Github.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: A ProviderConfigSpec defines the desired state of a ProviderConfig.
+ properties:
+ credentials:
+ description: Credentials required to authenticate to this provider.
+ properties:
+ env:
+ description: |-
+ Env is a reference to an environment variable that contains credentials
+ that must be used to connect to the provider.
+ properties:
+ name:
+ description: Name is the name of an environment variable.
+ type: string
+ required:
+ - name
+ type: object
+ fs:
+ description: |-
+ Fs is a reference to a filesystem location that contains credentials that
+ must be used to connect to the provider.
+ properties:
+ path:
+ description: Path is a filesystem path.
+ type: string
+ required:
+ - path
+ type: object
+ secretRef:
+ description: |-
+ A SecretRef is a reference to a secret key that contains the credentials
+ that must be used to connect to the provider.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ source:
+ description: Source of the provider credentials.
+ enum:
+ - None
+ - Secret
+ - InjectedIdentity
+ - Environment
+ - Filesystem
+ type: string
+ required:
+ - source
+ type: object
+ required:
+ - credentials
+ type: object
+ status:
+ description: A ProviderConfigStatus reflects the observed state of a ProviderConfig.
+ properties:
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ users:
+ description: Users of this provider configuration.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1beta1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: providerconfigusages.github.upbound.io
+spec:
+ group: github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - provider
+ - github
+ kind: ProviderConfigUsage
+ listKind: ProviderConfigUsageList
+ plural: providerconfigusages
+ singular: providerconfigusage
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ - jsonPath: .providerConfigRef.name
+ name: CONFIG-NAME
+ type: string
+ - jsonPath: .resourceRef.kind
+ name: RESOURCE-KIND
+ type: string
+ - jsonPath: .resourceRef.name
+ name: RESOURCE-NAME
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: A ProviderConfigUsage indicates that a resource is using a ProviderConfig.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ providerConfigRef:
+ description: ProviderConfigReference to the provider config being used.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ resourceRef:
+ description: ResourceReference to the managed resource using the provider
+ config.
+ properties:
+ apiVersion:
+ description: APIVersion of the referenced object.
+ type: string
+ kind:
+ description: Kind of the referenced object.
+ type: string
+ name:
+ description: Name of the referenced object.
+ type: string
+ uid:
+ description: UID of the referenced object.
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - name
+ type: object
+ required:
+ - providerConfigRef
+ - resourceRef
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1beta1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: branches.repo.github.upbound.io
+spec:
+ group: repo.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: Branch
+ listKind: BranchList
+ plural: branches
+ singular: branch
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: Branch is the Schema for the Branchs API. Creates and manages
+ branches within GitHub repositories.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BranchSpec defines the desired state of Branch
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ branch:
+ description: |-
+ The repository branch to create.
+ The repository branch to create.
+ type: string
+ repository:
+ description: |-
+ The GitHub repository name.
+ The GitHub repository name.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ sourceBranch:
+ description: |-
+ The branch name to start from. Defaults to main.
+ The branch name to start from. Defaults to 'main'.
+ type: string
+ sourceSha:
+ description: |-
+ The commit hash to start from. Defaults to the tip of source_branch. If provided, source_branch is ignored.
+ The commit hash to start from. Defaults to the tip of 'source_branch'. If provided, 'source_branch' is ignored.
+ type: string
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ branch:
+ description: |-
+ The repository branch to create.
+ The repository branch to create.
+ type: string
+ repository:
+ description: |-
+ The GitHub repository name.
+ The GitHub repository name.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ sourceBranch:
+ description: |-
+ The branch name to start from. Defaults to main.
+ The branch name to start from. Defaults to 'main'.
+ type: string
+ sourceSha:
+ description: |-
+ The commit hash to start from. Defaults to the tip of source_branch. If provided, source_branch is ignored.
+ The commit hash to start from. Defaults to the tip of 'source_branch'. If provided, 'source_branch' is ignored.
+ type: string
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: BranchStatus defines the observed state of Branch.
+ properties:
+ atProvider:
+ properties:
+ branch:
+ description: |-
+ The repository branch to create.
+ The repository branch to create.
+ type: string
+ etag:
+ description: |-
+ An etag representing the Branch object.
+ An etag representing the Branch object.
+ type: string
+ id:
+ type: string
+ ref:
+ description: |-
+ A string representing a branch reference, in the form of refs/heads/.
+ A string representing a branch reference, in the form of 'refs/heads/'.
+ type: string
+ repository:
+ description: |-
+ The GitHub repository name.
+ The GitHub repository name.
+ type: string
+ sha:
+ description: |-
+ A string storing the reference's HEAD commit's SHA1.
+ A string storing the reference's HEAD commit's SHA1.
+ type: string
+ sourceBranch:
+ description: |-
+ The branch name to start from. Defaults to main.
+ The branch name to start from. Defaults to 'main'.
+ type: string
+ sourceSha:
+ description: |-
+ The commit hash to start from. Defaults to the tip of source_branch. If provided, source_branch is ignored.
+ The commit hash to start from. Defaults to the tip of 'source_branch'. If provided, 'source_branch' is ignored.
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: branchprotections.repo.github.upbound.io
+spec:
+ group: repo.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: BranchProtection
+ listKind: BranchProtectionList
+ plural: branchprotections
+ singular: branchprotection
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: BranchProtection is the Schema for the BranchProtections API.
+ Protects a GitHub branch.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BranchProtectionSpec defines the desired state of BranchProtection
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ allowsDeletions:
+ description: |-
+ Boolean, setting this to true to allow the branch to be deleted.
+ Setting this to 'true' to allow the branch to be deleted.
+ type: boolean
+ allowsForcePushes:
+ description: |-
+ Boolean, setting this to true to allow force pushes on the branch to everyone. Set it to false if you specify force_push_bypassers.
+ Setting this to 'true' to allow force pushes on the branch.
+ type: boolean
+ enforceAdmins:
+ description: |-
+ Boolean, setting this to true enforces status checks for repository administrators.
+ Setting this to 'true' enforces status checks for repository administrators.
+ type: boolean
+ forcePushBypassers:
+ description: |-
+ The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, allows_force_pushes should be set to false.
+ The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ lockBranch:
+ description: |-
+ Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
+ Setting this to 'true' will make the branch read-only and preventing any pushes to it.
+ type: boolean
+ pattern:
+ description: |-
+ Identifies the protection rule pattern.
+ Identifies the protection rule pattern.
+ type: string
+ repositoryId:
+ description: |-
+ The name or node ID of the repository associated with this branch protection rule.
+ The name or node ID of the repository associated with this branch protection rule.
+ type: string
+ repositoryIdRef:
+ description: Reference to a Repository in repo to populate repositoryId.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositoryIdSelector:
+ description: Selector for a Repository in repo to populate repositoryId.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ requireConversationResolution:
+ description: |-
+ Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
+ Setting this to 'true' requires all conversations on code must be resolved before a pull request can be merged.
+ type: boolean
+ requireSignedCommits:
+ description: |-
+ Boolean, setting this to true requires all commits to be signed with GPG.
+ Setting this to 'true' requires all commits to be signed with GPG.
+ type: boolean
+ requiredLinearHistory:
+ description: |-
+ Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
+ Setting this to 'true' enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch.
+ type: boolean
+ requiredPullRequestReviews:
+ description: |-
+ Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
+ Enforce restrictions for pull request reviews.
+ items:
+ properties:
+ dismissStaleReviews:
+ description: |-
+ : Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
+ Dismiss approved reviews automatically when a new commit is pushed.
+ type: boolean
+ dismissalRestrictions:
+ description: |-
+ : The list of actor Names/IDs with dismissal access. If not empty, restrict_dismissals is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
+ The list of actor Names/IDs with dismissal access. If not empty, 'restrict_dismissals' is ignored. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ pullRequestBypassers:
+ description: |-
+ : The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
+ The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ requireCodeOwnerReviews:
+ description: |-
+ : Require an approved review in pull requests including files with a designated code owner. Defaults to false.
+ Require an approved review in pull requests including files with a designated code owner.
+ type: boolean
+ requireLastPushApproval:
+ description: |-
+ : Require that The most recent push must be approved by someone other than the last pusher. Defaults to false
+ Require that The most recent push must be approved by someone other than the last pusher.
+ type: boolean
+ requiredApprovingReviewCount:
+ description: |-
+ 6. This requirement matches GitHub's API, see the upstream documentation for more information.
+ (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
+ Require 'x' number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6.
+ format: int64
+ type: integer
+ restrictDismissals:
+ description: |-
+ : Restrict pull request review dismissals.
+ Restrict pull request review dismissals.
+ type: boolean
+ type: object
+ type: array
+ requiredStatusChecks:
+ description: |-
+ Enforce restrictions for required status checks. See Required Status Checks below for details.
+ Enforce restrictions for required status checks.
+ items:
+ properties:
+ contexts:
+ description: |-
+ : The list of status checks to require in order to merge into this branch. No status checks are required by default.
+ The list of status checks to require in order to merge into this branch. No status checks are required by default.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ strict:
+ description: |-
+ : Require branches to be up to date before merging. Defaults to false.
+ Require branches to be up to date before merging.
+ type: boolean
+ type: object
+ type: array
+ restrictPushes:
+ description: |-
+ Restrict pushes to matching branches. See Restrict Pushes below for details.
+ Restrict who can push to matching branches.
+ items:
+ properties:
+ blocksCreations:
+ description: |-
+ Boolean, setting this to false allows people, teams, or apps to create new branches matching this rule. Defaults to true.
+ Restrict pushes that create matching branches.
+ type: boolean
+ pushAllowances:
+ description: |-
+ A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed.
+ The list of actor Names/IDs that may push to the branch. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ type: array
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ allowsDeletions:
+ description: |-
+ Boolean, setting this to true to allow the branch to be deleted.
+ Setting this to 'true' to allow the branch to be deleted.
+ type: boolean
+ allowsForcePushes:
+ description: |-
+ Boolean, setting this to true to allow force pushes on the branch to everyone. Set it to false if you specify force_push_bypassers.
+ Setting this to 'true' to allow force pushes on the branch.
+ type: boolean
+ enforceAdmins:
+ description: |-
+ Boolean, setting this to true enforces status checks for repository administrators.
+ Setting this to 'true' enforces status checks for repository administrators.
+ type: boolean
+ forcePushBypassers:
+ description: |-
+ The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, allows_force_pushes should be set to false.
+ The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ lockBranch:
+ description: |-
+ Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
+ Setting this to 'true' will make the branch read-only and preventing any pushes to it.
+ type: boolean
+ pattern:
+ description: |-
+ Identifies the protection rule pattern.
+ Identifies the protection rule pattern.
+ type: string
+ repositoryId:
+ description: |-
+ The name or node ID of the repository associated with this branch protection rule.
+ The name or node ID of the repository associated with this branch protection rule.
+ type: string
+ repositoryIdRef:
+ description: Reference to a Repository in repo to populate repositoryId.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositoryIdSelector:
+ description: Selector for a Repository in repo to populate repositoryId.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ requireConversationResolution:
+ description: |-
+ Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
+ Setting this to 'true' requires all conversations on code must be resolved before a pull request can be merged.
+ type: boolean
+ requireSignedCommits:
+ description: |-
+ Boolean, setting this to true requires all commits to be signed with GPG.
+ Setting this to 'true' requires all commits to be signed with GPG.
+ type: boolean
+ requiredLinearHistory:
+ description: |-
+ Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
+ Setting this to 'true' enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch.
+ type: boolean
+ requiredPullRequestReviews:
+ description: |-
+ Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
+ Enforce restrictions for pull request reviews.
+ items:
+ properties:
+ dismissStaleReviews:
+ description: |-
+ : Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
+ Dismiss approved reviews automatically when a new commit is pushed.
+ type: boolean
+ dismissalRestrictions:
+ description: |-
+ : The list of actor Names/IDs with dismissal access. If not empty, restrict_dismissals is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
+ The list of actor Names/IDs with dismissal access. If not empty, 'restrict_dismissals' is ignored. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ pullRequestBypassers:
+ description: |-
+ : The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
+ The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ requireCodeOwnerReviews:
+ description: |-
+ : Require an approved review in pull requests including files with a designated code owner. Defaults to false.
+ Require an approved review in pull requests including files with a designated code owner.
+ type: boolean
+ requireLastPushApproval:
+ description: |-
+ : Require that The most recent push must be approved by someone other than the last pusher. Defaults to false
+ Require that The most recent push must be approved by someone other than the last pusher.
+ type: boolean
+ requiredApprovingReviewCount:
+ description: |-
+ 6. This requirement matches GitHub's API, see the upstream documentation for more information.
+ (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
+ Require 'x' number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6.
+ format: int64
+ type: integer
+ restrictDismissals:
+ description: |-
+ : Restrict pull request review dismissals.
+ Restrict pull request review dismissals.
+ type: boolean
+ type: object
+ type: array
+ requiredStatusChecks:
+ description: |-
+ Enforce restrictions for required status checks. See Required Status Checks below for details.
+ Enforce restrictions for required status checks.
+ items:
+ properties:
+ contexts:
+ description: |-
+ : The list of status checks to require in order to merge into this branch. No status checks are required by default.
+ The list of status checks to require in order to merge into this branch. No status checks are required by default.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ strict:
+ description: |-
+ : Require branches to be up to date before merging. Defaults to false.
+ Require branches to be up to date before merging.
+ type: boolean
+ type: object
+ type: array
+ restrictPushes:
+ description: |-
+ Restrict pushes to matching branches. See Restrict Pushes below for details.
+ Restrict who can push to matching branches.
+ items:
+ properties:
+ blocksCreations:
+ description: |-
+ Boolean, setting this to false allows people, teams, or apps to create new branches matching this rule. Defaults to true.
+ Restrict pushes that create matching branches.
+ type: boolean
+ pushAllowances:
+ description: |-
+ A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed.
+ The list of actor Names/IDs that may push to the branch. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ type: array
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: BranchProtectionStatus defines the observed state of BranchProtection.
+ properties:
+ atProvider:
+ properties:
+ allowsDeletions:
+ description: |-
+ Boolean, setting this to true to allow the branch to be deleted.
+ Setting this to 'true' to allow the branch to be deleted.
+ type: boolean
+ allowsForcePushes:
+ description: |-
+ Boolean, setting this to true to allow force pushes on the branch to everyone. Set it to false if you specify force_push_bypassers.
+ Setting this to 'true' to allow force pushes on the branch.
+ type: boolean
+ enforceAdmins:
+ description: |-
+ Boolean, setting this to true enforces status checks for repository administrators.
+ Setting this to 'true' enforces status checks for repository administrators.
+ type: boolean
+ forcePushBypassers:
+ description: |-
+ The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, allows_force_pushes should be set to false.
+ The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ id:
+ type: string
+ lockBranch:
+ description: |-
+ Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
+ Setting this to 'true' will make the branch read-only and preventing any pushes to it.
+ type: boolean
+ pattern:
+ description: |-
+ Identifies the protection rule pattern.
+ Identifies the protection rule pattern.
+ type: string
+ repositoryId:
+ description: |-
+ The name or node ID of the repository associated with this branch protection rule.
+ The name or node ID of the repository associated with this branch protection rule.
+ type: string
+ requireConversationResolution:
+ description: |-
+ Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
+ Setting this to 'true' requires all conversations on code must be resolved before a pull request can be merged.
+ type: boolean
+ requireSignedCommits:
+ description: |-
+ Boolean, setting this to true requires all commits to be signed with GPG.
+ Setting this to 'true' requires all commits to be signed with GPG.
+ type: boolean
+ requiredLinearHistory:
+ description: |-
+ Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
+ Setting this to 'true' enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch.
+ type: boolean
+ requiredPullRequestReviews:
+ description: |-
+ Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
+ Enforce restrictions for pull request reviews.
+ items:
+ properties:
+ dismissStaleReviews:
+ description: |-
+ : Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
+ Dismiss approved reviews automatically when a new commit is pushed.
+ type: boolean
+ dismissalRestrictions:
+ description: |-
+ : The list of actor Names/IDs with dismissal access. If not empty, restrict_dismissals is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
+ The list of actor Names/IDs with dismissal access. If not empty, 'restrict_dismissals' is ignored. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ pullRequestBypassers:
+ description: |-
+ : The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
+ The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ requireCodeOwnerReviews:
+ description: |-
+ : Require an approved review in pull requests including files with a designated code owner. Defaults to false.
+ Require an approved review in pull requests including files with a designated code owner.
+ type: boolean
+ requireLastPushApproval:
+ description: |-
+ : Require that The most recent push must be approved by someone other than the last pusher. Defaults to false
+ Require that The most recent push must be approved by someone other than the last pusher.
+ type: boolean
+ requiredApprovingReviewCount:
+ description: |-
+ 6. This requirement matches GitHub's API, see the upstream documentation for more information.
+ (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
+ Require 'x' number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6.
+ format: int64
+ type: integer
+ restrictDismissals:
+ description: |-
+ : Restrict pull request review dismissals.
+ Restrict pull request review dismissals.
+ type: boolean
+ type: object
+ type: array
+ requiredStatusChecks:
+ description: |-
+ Enforce restrictions for required status checks. See Required Status Checks below for details.
+ Enforce restrictions for required status checks.
+ items:
+ properties:
+ contexts:
+ description: |-
+ : The list of status checks to require in order to merge into this branch. No status checks are required by default.
+ The list of status checks to require in order to merge into this branch. No status checks are required by default.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ strict:
+ description: |-
+ : Require branches to be up to date before merging. Defaults to false.
+ Require branches to be up to date before merging.
+ type: boolean
+ type: object
+ type: array
+ restrictPushes:
+ description: |-
+ Restrict pushes to matching branches. See Restrict Pushes below for details.
+ Restrict who can push to matching branches.
+ items:
+ properties:
+ blocksCreations:
+ description: |-
+ Boolean, setting this to false allows people, teams, or apps to create new branches matching this rule. Defaults to true.
+ Restrict pushes that create matching branches.
+ type: boolean
+ pushAllowances:
+ description: |-
+ A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed.
+ The list of actor Names/IDs that may push to the branch. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ type: array
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: branchprotectionv3s.repo.github.upbound.io
+spec:
+ group: repo.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: BranchProtectionv3
+ listKind: BranchProtectionv3List
+ plural: branchprotectionv3s
+ singular: branchprotectionv3
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: BranchProtectionv3 is the Schema for the BranchProtectionv3s
+ API. Protects a GitHub branch using the v3 / REST implementation. The
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BranchProtectionv3Spec defines the desired state of BranchProtectionv3
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ branch:
+ description: |-
+ The Git branch to protect.
+ The Git branch to protect.
+ type: string
+ enforceAdmins:
+ description: |-
+ Boolean, setting this to true enforces status checks for repository administrators.
+ Setting this to 'true' enforces status checks for repository administrators.
+ type: boolean
+ repository:
+ description: |-
+ The GitHub repository name.
+ The GitHub repository name.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ requireConversationResolution:
+ description: |-
+ Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
+ Setting this to 'true' requires all conversations on code must be resolved before a pull request can be merged.
+ type: boolean
+ requireSignedCommits:
+ description: |-
+ Boolean, setting this to true requires all commits to be signed with GPG.
+ Setting this to 'true' requires all commits to be signed with GPG.
+ type: boolean
+ requiredPullRequestReviews:
+ description: |-
+ Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
+ Enforce restrictions for pull request reviews.
+ items:
+ properties:
+ bypassPullRequestAllowances:
+ description: ': Allow specific users, teams, or apps to
+ bypass pull request requirements. See Bypass Pull Request
+ Allowances below for details.'
+ items:
+ properties:
+ apps:
+ description: ': The list of app slugs with push access.'
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ teams:
+ description: |-
+ : The list of team slugs with push access.
+ Always use slug of the team, not its name. Each team already has to have access to the repository.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ users:
+ description: ': The list of user logins with push
+ access.'
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ type: array
+ dismissStaleReviews:
+ description: |-
+ : Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
+ Dismiss approved reviews automatically when a new commit is pushed.
+ type: boolean
+ dismissalApps:
+ description: |-
+ : The list of app slugs with dismissal access.
+ The list of apps slugs with dismissal access. Always use slug of the app, not its name. Each app already has to have access to the repository.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ dismissalTeams:
+ description: |-
+ : The list of team slugs with dismissal access.
+ Always use slug of the team, not its name. Each team already has to have access to the repository.
+ The list of team slugs with dismissal access. Always use slug of the team, not its name. Each team already has to have access to the repository.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ dismissalUsers:
+ description: |-
+ : The list of user logins with dismissal access
+ The list of user logins with dismissal access.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ includeAdmins:
+ type: boolean
+ requireCodeOwnerReviews:
+ description: |-
+ : Require an approved review in pull requests including files with a designated code owner. Defaults to false.
+ Require an approved review in pull requests including files with a designated code owner.
+ type: boolean
+ requireLastPushApproval:
+ description: |-
+ : Require that the most recent push must be approved by someone other than the last pusher. Defaults to false
+ Require that the most recent push must be approved by someone other than the last pusher.
+ type: boolean
+ requiredApprovingReviewCount:
+ description: |-
+ 6. This requirement matches GitHub's API, see the upstream documentation for more information.
+ Require 'x' number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6.
+ format: int64
+ type: integer
+ type: object
+ type: array
+ requiredStatusChecks:
+ description: |-
+ Enforce restrictions for required status checks. See Required Status Checks below for details.
+ Enforce restrictions for required status checks.
+ items:
+ properties:
+ checks:
+ description: |-
+ : The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".
+ The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the 'context' and 'app_id' like so 'context:app_id'
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ contexts:
+ description: ': [DEPRECATED] The list of status checks
+ to require in order to merge into this branch. No status
+ checks are required by default.'
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ includeAdmins:
+ type: boolean
+ strict:
+ description: |-
+ : Require branches to be up to date before merging. Defaults to false.
+ Require branches to be up to date before merging.
+ type: boolean
+ type: object
+ type: array
+ restrictions:
+ description: |-
+ Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
+ Enforce restrictions for the users and teams that may push to the branch.
+ items:
+ properties:
+ apps:
+ description: |-
+ : The list of app slugs with push access.
+ The list of app slugs with push access.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ teams:
+ description: |-
+ : The list of team slugs with push access.
+ Always use slug of the team, not its name. Each team already has to have access to the repository.
+ The list of team slugs with push access. Always use slug of the team, not its name. Each team already has to have access to the repository.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ users:
+ description: |-
+ : The list of user logins with push access.
+ The list of user logins with push access.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ type: array
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ branch:
+ description: |-
+ The Git branch to protect.
+ The Git branch to protect.
+ type: string
+ enforceAdmins:
+ description: |-
+ Boolean, setting this to true enforces status checks for repository administrators.
+ Setting this to 'true' enforces status checks for repository administrators.
+ type: boolean
+ repository:
+ description: |-
+ The GitHub repository name.
+ The GitHub repository name.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ requireConversationResolution:
+ description: |-
+ Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
+ Setting this to 'true' requires all conversations on code must be resolved before a pull request can be merged.
+ type: boolean
+ requireSignedCommits:
+ description: |-
+ Boolean, setting this to true requires all commits to be signed with GPG.
+ Setting this to 'true' requires all commits to be signed with GPG.
+ type: boolean
+ requiredPullRequestReviews:
+ description: |-
+ Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
+ Enforce restrictions for pull request reviews.
+ items:
+ properties:
+ bypassPullRequestAllowances:
+ description: ': Allow specific users, teams, or apps to
+ bypass pull request requirements. See Bypass Pull Request
+ Allowances below for details.'
+ items:
+ properties:
+ apps:
+ description: ': The list of app slugs with push access.'
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ teams:
+ description: |-
+ : The list of team slugs with push access.
+ Always use slug of the team, not its name. Each team already has to have access to the repository.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ users:
+ description: ': The list of user logins with push
+ access.'
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ type: array
+ dismissStaleReviews:
+ description: |-
+ : Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
+ Dismiss approved reviews automatically when a new commit is pushed.
+ type: boolean
+ dismissalApps:
+ description: |-
+ : The list of app slugs with dismissal access.
+ The list of apps slugs with dismissal access. Always use slug of the app, not its name. Each app already has to have access to the repository.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ dismissalTeams:
+ description: |-
+ : The list of team slugs with dismissal access.
+ Always use slug of the team, not its name. Each team already has to have access to the repository.
+ The list of team slugs with dismissal access. Always use slug of the team, not its name. Each team already has to have access to the repository.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ dismissalUsers:
+ description: |-
+ : The list of user logins with dismissal access
+ The list of user logins with dismissal access.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ includeAdmins:
+ type: boolean
+ requireCodeOwnerReviews:
+ description: |-
+ : Require an approved review in pull requests including files with a designated code owner. Defaults to false.
+ Require an approved review in pull requests including files with a designated code owner.
+ type: boolean
+ requireLastPushApproval:
+ description: |-
+ : Require that the most recent push must be approved by someone other than the last pusher. Defaults to false
+ Require that the most recent push must be approved by someone other than the last pusher.
+ type: boolean
+ requiredApprovingReviewCount:
+ description: |-
+ 6. This requirement matches GitHub's API, see the upstream documentation for more information.
+ Require 'x' number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6.
+ format: int64
+ type: integer
+ type: object
+ type: array
+ requiredStatusChecks:
+ description: |-
+ Enforce restrictions for required status checks. See Required Status Checks below for details.
+ Enforce restrictions for required status checks.
+ items:
+ properties:
+ checks:
+ description: |-
+ : The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".
+ The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the 'context' and 'app_id' like so 'context:app_id'
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ contexts:
+ description: ': [DEPRECATED] The list of status checks
+ to require in order to merge into this branch. No status
+ checks are required by default.'
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ includeAdmins:
+ type: boolean
+ strict:
+ description: |-
+ : Require branches to be up to date before merging. Defaults to false.
+ Require branches to be up to date before merging.
+ type: boolean
+ type: object
+ type: array
+ restrictions:
+ description: |-
+ Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
+ Enforce restrictions for the users and teams that may push to the branch.
+ items:
+ properties:
+ apps:
+ description: |-
+ : The list of app slugs with push access.
+ The list of app slugs with push access.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ teams:
+ description: |-
+ : The list of team slugs with push access.
+ Always use slug of the team, not its name. Each team already has to have access to the repository.
+ The list of team slugs with push access. Always use slug of the team, not its name. Each team already has to have access to the repository.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ users:
+ description: |-
+ : The list of user logins with push access.
+ The list of user logins with push access.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ type: array
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: BranchProtectionv3Status defines the observed state of BranchProtectionv3.
+ properties:
+ atProvider:
+ properties:
+ branch:
+ description: |-
+ The Git branch to protect.
+ The Git branch to protect.
+ type: string
+ enforceAdmins:
+ description: |-
+ Boolean, setting this to true enforces status checks for repository administrators.
+ Setting this to 'true' enforces status checks for repository administrators.
+ type: boolean
+ etag:
+ type: string
+ id:
+ type: string
+ repository:
+ description: |-
+ The GitHub repository name.
+ The GitHub repository name.
+ type: string
+ requireConversationResolution:
+ description: |-
+ Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
+ Setting this to 'true' requires all conversations on code must be resolved before a pull request can be merged.
+ type: boolean
+ requireSignedCommits:
+ description: |-
+ Boolean, setting this to true requires all commits to be signed with GPG.
+ Setting this to 'true' requires all commits to be signed with GPG.
+ type: boolean
+ requiredPullRequestReviews:
+ description: |-
+ Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
+ Enforce restrictions for pull request reviews.
+ items:
+ properties:
+ bypassPullRequestAllowances:
+ description: ': Allow specific users, teams, or apps to
+ bypass pull request requirements. See Bypass Pull Request
+ Allowances below for details.'
+ items:
+ properties:
+ apps:
+ description: ': The list of app slugs with push access.'
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ teams:
+ description: |-
+ : The list of team slugs with push access.
+ Always use slug of the team, not its name. Each team already has to have access to the repository.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ users:
+ description: ': The list of user logins with push
+ access.'
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ type: array
+ dismissStaleReviews:
+ description: |-
+ : Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
+ Dismiss approved reviews automatically when a new commit is pushed.
+ type: boolean
+ dismissalApps:
+ description: |-
+ : The list of app slugs with dismissal access.
+ The list of apps slugs with dismissal access. Always use slug of the app, not its name. Each app already has to have access to the repository.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ dismissalTeams:
+ description: |-
+ : The list of team slugs with dismissal access.
+ Always use slug of the team, not its name. Each team already has to have access to the repository.
+ The list of team slugs with dismissal access. Always use slug of the team, not its name. Each team already has to have access to the repository.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ dismissalUsers:
+ description: |-
+ : The list of user logins with dismissal access
+ The list of user logins with dismissal access.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ includeAdmins:
+ type: boolean
+ requireCodeOwnerReviews:
+ description: |-
+ : Require an approved review in pull requests including files with a designated code owner. Defaults to false.
+ Require an approved review in pull requests including files with a designated code owner.
+ type: boolean
+ requireLastPushApproval:
+ description: |-
+ : Require that the most recent push must be approved by someone other than the last pusher. Defaults to false
+ Require that the most recent push must be approved by someone other than the last pusher.
+ type: boolean
+ requiredApprovingReviewCount:
+ description: |-
+ 6. This requirement matches GitHub's API, see the upstream documentation for more information.
+ Require 'x' number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6.
+ format: int64
+ type: integer
+ type: object
+ type: array
+ requiredStatusChecks:
+ description: |-
+ Enforce restrictions for required status checks. See Required Status Checks below for details.
+ Enforce restrictions for required status checks.
+ items:
+ properties:
+ checks:
+ description: |-
+ : The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".
+ The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the 'context' and 'app_id' like so 'context:app_id'
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ contexts:
+ description: ': [DEPRECATED] The list of status checks
+ to require in order to merge into this branch. No status
+ checks are required by default.'
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ includeAdmins:
+ type: boolean
+ strict:
+ description: |-
+ : Require branches to be up to date before merging. Defaults to false.
+ Require branches to be up to date before merging.
+ type: boolean
+ type: object
+ type: array
+ restrictions:
+ description: |-
+ Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
+ Enforce restrictions for the users and teams that may push to the branch.
+ items:
+ properties:
+ apps:
+ description: |-
+ : The list of app slugs with push access.
+ The list of app slugs with push access.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ teams:
+ description: |-
+ : The list of team slugs with push access.
+ Always use slug of the team, not its name. Each team already has to have access to the repository.
+ The list of team slugs with push access. Always use slug of the team, not its name. Each team already has to have access to the repository.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ users:
+ description: |-
+ : The list of user logins with push access.
+ The list of user logins with push access.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ type: array
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: defaultbranches.repo.github.upbound.io
+spec:
+ group: repo.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: DefaultBranch
+ listKind: DefaultBranchList
+ plural: defaultbranches
+ singular: defaultbranch
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: DefaultBranch is the Schema for the DefaultBranchs API. Provides
+ a GitHub branch default for a given repository.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: DefaultBranchSpec defines the desired state of DefaultBranch
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ branch:
+ description: |-
+ The branch (e.g. main)
+ The branch (e.g. 'main').
+ type: string
+ branchRef:
+ description: Reference to a Branch in repo to populate branch.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ branchSelector:
+ description: Selector for a Branch in repo to populate branch.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ rename:
+ description: |-
+ Indicate if it should rename the branch rather than use an existing branch. Defaults to false.
+ Indicate if it should rename the branch rather than use an existing branch. Defaults to 'false'.
+ type: boolean
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ branch:
+ description: |-
+ The branch (e.g. main)
+ The branch (e.g. 'main').
+ type: string
+ branchRef:
+ description: Reference to a Branch in repo to populate branch.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ branchSelector:
+ description: Selector for a Branch in repo to populate branch.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ rename:
+ description: |-
+ Indicate if it should rename the branch rather than use an existing branch. Defaults to false.
+ Indicate if it should rename the branch rather than use an existing branch. Defaults to 'false'.
+ type: boolean
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: DefaultBranchStatus defines the observed state of DefaultBranch.
+ properties:
+ atProvider:
+ properties:
+ branch:
+ description: |-
+ The branch (e.g. main)
+ The branch (e.g. 'main').
+ type: string
+ etag:
+ type: string
+ id:
+ type: string
+ rename:
+ description: |-
+ Indicate if it should rename the branch rather than use an existing branch. Defaults to false.
+ Indicate if it should rename the branch rather than use an existing branch. Defaults to 'false'.
+ type: boolean
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: deploykeys.repo.github.upbound.io
+spec:
+ group: repo.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: DeployKey
+ listKind: DeployKeyList
+ plural: deploykeys
+ singular: deploykey
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: DeployKey is the Schema for the DeployKeys API. Provides a GitHub
+ repository deploy key resource.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: DeployKeySpec defines the desired state of DeployKey
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ keySecretRef:
+ description: |-
+ A SSH key.
+ A SSH key.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ readOnly:
+ description: |-
+ A boolean qualifying the key to be either read only or read/write.
+ A boolean qualifying the key to be either read only or read/write.
+ type: boolean
+ repository:
+ description: |-
+ Name of the GitHub repository.
+ Name of the GitHub repository.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ title:
+ description: |-
+ A title.
+ A title.
+ type: string
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ keySecretRef:
+ description: |-
+ A SSH key.
+ A SSH key.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ readOnly:
+ description: |-
+ A boolean qualifying the key to be either read only or read/write.
+ A boolean qualifying the key to be either read only or read/write.
+ type: boolean
+ repository:
+ description: |-
+ Name of the GitHub repository.
+ Name of the GitHub repository.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ title:
+ description: |-
+ A title.
+ A title.
+ type: string
+ required:
+ - keySecretRef
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: DeployKeyStatus defines the observed state of DeployKey.
+ properties:
+ atProvider:
+ properties:
+ etag:
+ type: string
+ id:
+ type: string
+ readOnly:
+ description: |-
+ A boolean qualifying the key to be either read only or read/write.
+ A boolean qualifying the key to be either read only or read/write.
+ type: boolean
+ repository:
+ description: |-
+ Name of the GitHub repository.
+ Name of the GitHub repository.
+ type: string
+ title:
+ description: |-
+ A title.
+ A title.
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: environments.repo.github.upbound.io
+spec:
+ group: repo.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: Environment
+ listKind: EnvironmentList
+ plural: environments
+ singular: environment
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: Environment is the Schema for the Environments API. Creates and
+ manages environments for GitHub repositories
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: EnvironmentSpec defines the desired state of Environment
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ canAdminsBypass:
+ description: |-
+ Can repository admins bypass the environment protections. Defaults to true.
+ Can Admins bypass deployment protections
+ type: boolean
+ deploymentBranchPolicy:
+ description: The deployment branch policy configuration
+ items:
+ properties:
+ customBranchPolicies:
+ description: |-
+ Whether only branches that match the specified name patterns can deploy to this environment.
+ Whether only branches that match the specified name patterns can deploy to this environment.
+ type: boolean
+ protectedBranches:
+ description: |-
+ Whether only branches with branch protection rules can deploy to this environment.
+ Whether only branches with branch protection rules can deploy to this environment.
+ type: boolean
+ type: object
+ type: array
+ environment:
+ description: |-
+ The name of the environment.
+ The name of the environment.
+ type: string
+ preventSelfReview:
+ description: |-
+ Whether or not a user who created the job is prevented from approving their own job. Defaults to false.
+ Prevent users from approving workflows runs that they triggered.
+ type: boolean
+ repository:
+ description: |-
+ The repository of the environment.
+ The repository of the environment.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ reviewers:
+ description: The environment reviewers configuration.
+ items:
+ properties:
+ teams:
+ description: |-
+ Up to 6 IDs for teams who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ Up to 6 IDs for teams who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ users:
+ description: |-
+ Up to 6 IDs for users who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ Up to 6 IDs for users who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ type: array
+ waitTimer:
+ description: |-
+ Amount of time to delay a job after the job is initially triggered.
+ Amount of time to delay a job after the job is initially triggered.
+ format: int64
+ type: integer
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ canAdminsBypass:
+ description: |-
+ Can repository admins bypass the environment protections. Defaults to true.
+ Can Admins bypass deployment protections
+ type: boolean
+ deploymentBranchPolicy:
+ description: The deployment branch policy configuration
+ items:
+ properties:
+ customBranchPolicies:
+ description: |-
+ Whether only branches that match the specified name patterns can deploy to this environment.
+ Whether only branches that match the specified name patterns can deploy to this environment.
+ type: boolean
+ protectedBranches:
+ description: |-
+ Whether only branches with branch protection rules can deploy to this environment.
+ Whether only branches with branch protection rules can deploy to this environment.
+ type: boolean
+ type: object
+ type: array
+ environment:
+ description: |-
+ The name of the environment.
+ The name of the environment.
+ type: string
+ preventSelfReview:
+ description: |-
+ Whether or not a user who created the job is prevented from approving their own job. Defaults to false.
+ Prevent users from approving workflows runs that they triggered.
+ type: boolean
+ repository:
+ description: |-
+ The repository of the environment.
+ The repository of the environment.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ reviewers:
+ description: The environment reviewers configuration.
+ items:
+ properties:
+ teams:
+ description: |-
+ Up to 6 IDs for teams who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ Up to 6 IDs for teams who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ users:
+ description: |-
+ Up to 6 IDs for users who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ Up to 6 IDs for users who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ type: array
+ waitTimer:
+ description: |-
+ Amount of time to delay a job after the job is initially triggered.
+ Amount of time to delay a job after the job is initially triggered.
+ format: int64
+ type: integer
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: EnvironmentStatus defines the observed state of Environment.
+ properties:
+ atProvider:
+ properties:
+ canAdminsBypass:
+ description: |-
+ Can repository admins bypass the environment protections. Defaults to true.
+ Can Admins bypass deployment protections
+ type: boolean
+ deploymentBranchPolicy:
+ description: The deployment branch policy configuration
+ items:
+ properties:
+ customBranchPolicies:
+ description: |-
+ Whether only branches that match the specified name patterns can deploy to this environment.
+ Whether only branches that match the specified name patterns can deploy to this environment.
+ type: boolean
+ protectedBranches:
+ description: |-
+ Whether only branches with branch protection rules can deploy to this environment.
+ Whether only branches with branch protection rules can deploy to this environment.
+ type: boolean
+ type: object
+ type: array
+ environment:
+ description: |-
+ The name of the environment.
+ The name of the environment.
+ type: string
+ id:
+ type: string
+ preventSelfReview:
+ description: |-
+ Whether or not a user who created the job is prevented from approving their own job. Defaults to false.
+ Prevent users from approving workflows runs that they triggered.
+ type: boolean
+ repository:
+ description: |-
+ The repository of the environment.
+ The repository of the environment.
+ type: string
+ reviewers:
+ description: The environment reviewers configuration.
+ items:
+ properties:
+ teams:
+ description: |-
+ Up to 6 IDs for teams who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ Up to 6 IDs for teams who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ users:
+ description: |-
+ Up to 6 IDs for users who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ Up to 6 IDs for users who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ type: array
+ waitTimer:
+ description: |-
+ Amount of time to delay a job after the job is initially triggered.
+ Amount of time to delay a job after the job is initially triggered.
+ format: int64
+ type: integer
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: environmentdeploymentpolicies.repo.github.upbound.io
+spec:
+ group: repo.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: EnvironmentDeploymentPolicy
+ listKind: EnvironmentDeploymentPolicyList
+ plural: environmentdeploymentpolicies
+ singular: environmentdeploymentpolicy
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: EnvironmentDeploymentPolicy is the Schema for the EnvironmentDeploymentPolicys
+ API. Creates and manages environment deployment branch policies for GitHub
+ repositories
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: EnvironmentDeploymentPolicySpec defines the desired state
+ of EnvironmentDeploymentPolicy
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ branchPattern:
+ description: |-
+ The name pattern that branches must match in order to deploy to the environment.
+ The name pattern that branches must match in order to deploy to the environment.
+ type: string
+ environment:
+ description: |-
+ The name of the environment.
+ The name of the environment.
+ type: string
+ environmentRef:
+ description: Reference to a Environment in repo to populate environment.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ environmentSelector:
+ description: Selector for a Environment in repo to populate environment.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ repository:
+ description: |-
+ The repository of the environment.
+ The name of the repository. The name is not case sensitive.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ branchPattern:
+ description: |-
+ The name pattern that branches must match in order to deploy to the environment.
+ The name pattern that branches must match in order to deploy to the environment.
+ type: string
+ environment:
+ description: |-
+ The name of the environment.
+ The name of the environment.
+ type: string
+ environmentRef:
+ description: Reference to a Environment in repo to populate environment.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ environmentSelector:
+ description: Selector for a Environment in repo to populate environment.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ repository:
+ description: |-
+ The repository of the environment.
+ The name of the repository. The name is not case sensitive.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: EnvironmentDeploymentPolicyStatus defines the observed state
+ of EnvironmentDeploymentPolicy.
+ properties:
+ atProvider:
+ properties:
+ branchPattern:
+ description: |-
+ The name pattern that branches must match in order to deploy to the environment.
+ The name pattern that branches must match in order to deploy to the environment.
+ type: string
+ environment:
+ description: |-
+ The name of the environment.
+ The name of the environment.
+ type: string
+ id:
+ type: string
+ repository:
+ description: |-
+ The repository of the environment.
+ The name of the repository. The name is not case sensitive.
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: issuelabels.repo.github.upbound.io
+spec:
+ group: repo.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: IssueLabels
+ listKind: IssueLabelsList
+ plural: issuelabels
+ singular: issuelabels
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: IssueLabels is the Schema for the IssueLabelss API. Provides
+ GitHub issue labels resource.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IssueLabelsSpec defines the desired state of IssueLabels
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ label:
+ description: List of labels
+ items:
+ properties:
+ color:
+ description: |-
+ A 6 character hex code, without the leading #, identifying the color of the label.
+ A 6 character hex code, without the leading '#', identifying the color of the label.
+ type: string
+ description:
+ description: |-
+ A short description of the label.
+ A short description of the label.
+ type: string
+ name:
+ description: |-
+ The name of the label.
+ The name of the label.
+ type: string
+ type: object
+ type: array
+ repository:
+ description: |-
+ The GitHub repository
+ The GitHub repository.
+ type: string
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ label:
+ description: List of labels
+ items:
+ properties:
+ color:
+ description: |-
+ A 6 character hex code, without the leading #, identifying the color of the label.
+ A 6 character hex code, without the leading '#', identifying the color of the label.
+ type: string
+ description:
+ description: |-
+ A short description of the label.
+ A short description of the label.
+ type: string
+ name:
+ description: |-
+ The name of the label.
+ The name of the label.
+ type: string
+ type: object
+ type: array
+ repository:
+ description: |-
+ The GitHub repository
+ The GitHub repository.
+ type: string
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: IssueLabelsStatus defines the observed state of IssueLabels.
+ properties:
+ atProvider:
+ properties:
+ id:
+ type: string
+ label:
+ description: List of labels
+ items:
+ properties:
+ color:
+ description: |-
+ A 6 character hex code, without the leading #, identifying the color of the label.
+ A 6 character hex code, without the leading '#', identifying the color of the label.
+ type: string
+ description:
+ description: |-
+ A short description of the label.
+ A short description of the label.
+ type: string
+ name:
+ description: |-
+ The name of the label.
+ The name of the label.
+ type: string
+ url:
+ description: |-
+ (Computed) The URL to the issue label
+ The URL to the issue label.
+ type: string
+ type: object
+ type: array
+ repository:
+ description: |-
+ The GitHub repository
+ The GitHub repository.
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: pullrequests.repo.github.upbound.io
+spec:
+ group: repo.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: PullRequest
+ listKind: PullRequestList
+ plural: pullrequests
+ singular: pullrequest
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: PullRequest is the Schema for the PullRequests API. Get information
+ on a single GitHub Pull Request.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: PullRequestSpec defines the desired state of PullRequest
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ baseRef:
+ description: |-
+ Name of the branch serving as the base of the Pull Request.
+ Name of the branch serving as the base of the Pull Request.
+ type: string
+ baseRepository:
+ description: |-
+ Name of the base repository to retrieve the Pull Requests from.
+ Name of the base repository to retrieve the Pull Requests from.
+ type: string
+ baseRepositoryRef:
+ description: Reference to a Repository in repo to populate baseRepository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ baseRepositorySelector:
+ description: Selector for a Repository in repo to populate baseRepository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ body:
+ description: |-
+ Body of the Pull Request.
+ Body of the Pull Request.
+ type: string
+ headRef:
+ description: |-
+ Name of the branch serving as the head of the Pull Request.
+ Name of the branch serving as the head of the Pull Request.
+ type: string
+ headRefRef:
+ description: Reference to a Branch in repo to populate headRef.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ headRefSelector:
+ description: Selector for a Branch in repo to populate headRef.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ maintainerCanModify:
+ description: |-
+ Controls whether the base repository maintainers can modify the Pull Request. Default: false.
+ Controls whether the base repository maintainers can modify the Pull Request. Default: 'false'.
+ type: boolean
+ owner:
+ description: |-
+ Owner of the repository. If not provided, the provider's default owner is used.
+ Owner of the repository. If not provided, the provider's default owner is used.
+ type: string
+ title:
+ description: |-
+ The title of the Pull Request.
+ The title of the Pull Request.
+ type: string
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ baseRef:
+ description: |-
+ Name of the branch serving as the base of the Pull Request.
+ Name of the branch serving as the base of the Pull Request.
+ type: string
+ baseRepository:
+ description: |-
+ Name of the base repository to retrieve the Pull Requests from.
+ Name of the base repository to retrieve the Pull Requests from.
+ type: string
+ baseRepositoryRef:
+ description: Reference to a Repository in repo to populate baseRepository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ baseRepositorySelector:
+ description: Selector for a Repository in repo to populate baseRepository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ body:
+ description: |-
+ Body of the Pull Request.
+ Body of the Pull Request.
+ type: string
+ headRef:
+ description: |-
+ Name of the branch serving as the head of the Pull Request.
+ Name of the branch serving as the head of the Pull Request.
+ type: string
+ headRefRef:
+ description: Reference to a Branch in repo to populate headRef.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ headRefSelector:
+ description: Selector for a Branch in repo to populate headRef.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ maintainerCanModify:
+ description: |-
+ Controls whether the base repository maintainers can modify the Pull Request. Default: false.
+ Controls whether the base repository maintainers can modify the Pull Request. Default: 'false'.
+ type: boolean
+ owner:
+ description: |-
+ Owner of the repository. If not provided, the provider's default owner is used.
+ Owner of the repository. If not provided, the provider's default owner is used.
+ type: string
+ title:
+ description: |-
+ The title of the Pull Request.
+ The title of the Pull Request.
+ type: string
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: PullRequestStatus defines the observed state of PullRequest.
+ properties:
+ atProvider:
+ properties:
+ baseRef:
+ description: |-
+ Name of the branch serving as the base of the Pull Request.
+ Name of the branch serving as the base of the Pull Request.
+ type: string
+ baseRepository:
+ description: |-
+ Name of the base repository to retrieve the Pull Requests from.
+ Name of the base repository to retrieve the Pull Requests from.
+ type: string
+ baseSha:
+ description: |-
+ Head commit SHA of the Pull Request base.
+ Head commit SHA of the Pull Request base.
+ type: string
+ body:
+ description: |-
+ Body of the Pull Request.
+ Body of the Pull Request.
+ type: string
+ draft:
+ description: |-
+ Indicates Whether this Pull Request is a draft.
+ Indicates Whether this Pull Request is a draft.
+ type: boolean
+ headRef:
+ description: |-
+ Name of the branch serving as the head of the Pull Request.
+ Name of the branch serving as the head of the Pull Request.
+ type: string
+ headSha:
+ description: |-
+ Head commit SHA of the Pull Request head.
+ Head commit SHA of the Pull Request head.
+ type: string
+ id:
+ type: string
+ labels:
+ description: |-
+ List of label names set on the Pull Request.
+ List of names of labels on the PR
+ items:
+ type: string
+ type: array
+ maintainerCanModify:
+ description: |-
+ Controls whether the base repository maintainers can modify the Pull Request. Default: false.
+ Controls whether the base repository maintainers can modify the Pull Request. Default: 'false'.
+ type: boolean
+ number:
+ description: |-
+ The number of the Pull Request within the repository.
+ The number of the Pull Request within the repository.
+ format: int64
+ type: integer
+ openedAt:
+ description: |-
+ Unix timestamp indicating the Pull Request creation time.
+ Unix timestamp indicating the Pull Request creation time.
+ format: int64
+ type: integer
+ openedBy:
+ description: |-
+ GitHub login of the user who opened the Pull Request.
+ Username of the PR creator
+ type: string
+ owner:
+ description: |-
+ Owner of the repository. If not provided, the provider's default owner is used.
+ Owner of the repository. If not provided, the provider's default owner is used.
+ type: string
+ state:
+ description: |-
+ the current Pull Request state - can be "open", "closed" or "merged".
+ The current Pull Request state - can be 'open', 'closed' or 'merged'.
+ type: string
+ title:
+ description: |-
+ The title of the Pull Request.
+ The title of the Pull Request.
+ type: string
+ updatedAt:
+ description: |-
+ The timestamp of the last Pull Request update.
+ The timestamp of the last Pull Request update.
+ format: int64
+ type: integer
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: repositories.repo.github.upbound.io
+spec:
+ group: repo.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: Repository
+ listKind: RepositoryList
+ plural: repositories
+ singular: repository
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: Repository is the Schema for the Repositorys API. Creates and
+ manages repositories within GitHub organizations or personal accounts
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: RepositorySpec defines the desired state of Repository
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ allowAutoMerge:
+ description: |-
+ Set to true to allow auto-merging pull requests on the repository.
+ Set to 'true' to allow auto-merging pull requests on the repository.
+ type: boolean
+ allowMergeCommit:
+ description: |-
+ (including the related merge_commit_title and merge_commit_message)
+ Set to 'false' to disable merge commits on the repository.
+ type: boolean
+ allowRebaseMerge:
+ description: |-
+ Set to false to disable rebase merges on the repository.
+ Set to 'false' to disable rebase merges on the repository.
+ type: boolean
+ allowSquashMerge:
+ description: |-
+ (including the related squash_merge_commit_title and squash_merge_commit_message)
+ Set to 'false' to disable squash merges on the repository.
+ type: boolean
+ allowUpdateBranch:
+ description: |-
+ Set to true to always suggest updating pull request branches.
+ Set to 'true' to always suggest updating pull request branches.
+ type: boolean
+ archiveOnDestroy:
+ description: |-
+ Set to true to archive the repository instead of deleting on destroy.
+ Set to 'true' to archive the repository instead of deleting on destroy.
+ type: boolean
+ archived:
+ description: |-
+ Specifies if the repository should be archived. Defaults to false. NOTE Currently, the API does not support unarchiving.
+ Specifies if the repository should be archived. Defaults to 'false'. NOTE Currently, the API does not support unarchiving.
+ type: boolean
+ autoInit:
+ description: |-
+ Set to true to produce an initial commit in the repository.
+ Set to 'true' to produce an initial commit in the repository.
+ type: boolean
+ defaultBranch:
+ description: |-
+ (Deprecated: Use github_branch_default resource instead) The name of the default branch of the repository. NOTE: This can only be set after a repository has already been created,
+ and after a correct reference has been created for the target branch inside the repository. This means a user will have to omit this parameter from the
+ initial repository creation and create the target branch inside of the repository prior to setting this attribute.
+ Can only be set after initial repository creation, and only if the target branch exists
+ type: string
+ deleteBranchOnMerge:
+ description: |-
+ Automatically delete head branch after a pull request is merged. Defaults to false.
+ Automatically delete head branch after a pull request is merged. Defaults to 'false'.
+ type: boolean
+ description:
+ description: |-
+ A description of the repository.
+ A description of the repository.
+ type: string
+ gitignoreTemplate:
+ description: |-
+ Use the name of the template without the extension. For example, "Haskell".
+ Use the name of the template without the extension. For example, 'Haskell'.
+ type: string
+ hasDiscussions:
+ description: |-
+ Set to true to enable GitHub Discussions on the repository. Defaults to false.
+ Set to 'true' to enable GitHub Discussions on the repository. Defaults to 'false'.
+ type: boolean
+ hasDownloads:
+ description: |-
+ Set to true to enable the (deprecated) downloads features on the repository.
+ Set to 'true' to enable the (deprecated) downloads features on the repository.
+ type: boolean
+ hasIssues:
+ description: |-
+ Set to true to enable the GitHub Issues features
+ on the repository.
+ Set to 'true' to enable the GitHub Issues features on the repository
+ type: boolean
+ hasProjects:
+ description: |-
+ Set to true to enable the GitHub Projects features on the repository. Per the GitHub documentation when in an organization that has disabled repository projects it will default to false and will otherwise default to true. If you specify true when it has been disabled it will return an error.
+ Set to 'true' to enable the GitHub Projects features on the repository. Per the GitHub documentation when in an organization that has disabled repository projects it will default to 'false' and will otherwise default to 'true'. If you specify 'true' when it has been disabled it will return an error.
+ type: boolean
+ hasWiki:
+ description: |-
+ Set to true to enable the GitHub Wiki features on
+ the repository.
+ Set to 'true' to enable the GitHub Wiki features on the repository.
+ type: boolean
+ homepageUrl:
+ description: |-
+ URL of a page describing the project.
+ URL of a page describing the project.
+ type: string
+ ignoreVulnerabilityAlertsDuringRead:
+ description: |-
+ Set to true to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read.
+ Set to true to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read.
+ type: boolean
+ isTemplate:
+ description: |-
+ Set to true to tell GitHub that this is a template repository.
+ Set to 'true' to tell GitHub that this is a template repository.
+ type: boolean
+ licenseTemplate:
+ description: |-
+ Use the name of the template without the extension. For example, "mit" or "mpl-2.0".
+ Use the name of the template without the extension. For example, 'mit' or 'mpl-2.0'.
+ type: string
+ mergeCommitMessage:
+ description: |-
+ Can be PR_BODY, PR_TITLE, or BLANK for a default merge commit message. Applicable only if allow_merge_commit is true.
+ Can be 'PR_BODY', 'PR_TITLE', or 'BLANK' for a default merge commit message.
+ type: string
+ mergeCommitTitle:
+ description: |-
+ Can be PR_TITLE or MERGE_MESSAGE for a default merge commit title. Applicable only if allow_merge_commit is true.
+ Can be 'PR_TITLE' or 'MERGE_MESSAGE' for a default merge commit title.
+ type: string
+ name:
+ description: |-
+ The name of the repository.
+ The name of the repository.
+ type: string
+ pages:
+ description: |-
+ The repository's GitHub Pages configuration. See GitHub Pages Configuration below for details.
+ The repository's GitHub Pages configuration
+ items:
+ properties:
+ buildType:
+ description: |-
+ The type of GitHub Pages site to build. Can be legacy or workflow. If you use legacy as build type you need to set the option source.
+ The type the page should be sourced.
+ type: string
+ cname:
+ description: |-
+ The custom domain for the repository. This can only be set after the repository has been created.
+ The custom domain for the repository. This can only be set after the repository has been created.
+ type: string
+ source:
+ description: |-
+ The source branch and directory for the rendered Pages site. See GitHub Pages Source below for details.
+ The source branch and directory for the rendered Pages site.
+ items:
+ properties:
+ branch:
+ description: |-
+ The repository branch used to publish the site's source files. (i.e. main or gh-pages.
+ The repository branch used to publish the site's source files. (i.e. 'main' or 'gh-pages')
+ type: string
+ path:
+ description: |-
+ The repository directory from which the site publishes (Default: /).
+ The repository directory from which the site publishes (Default: '/')
+ type: string
+ type: object
+ type: array
+ type: object
+ type: array
+ private:
+ description: |-
+ Set to true to create a private repository.
+ Repositories are created as public (e.g. open source) by default.
+ type: boolean
+ securityAndAnalysis:
+ description: |-
+ The repository's security and analysis configuration. See Security and Analysis Configuration below for details.
+ Security and analysis settings for the repository. To use this parameter you must have admin permissions for the repository or be an owner or security manager for the organization that owns the repository.
+ items:
+ properties:
+ advancedSecurity:
+ description: |-
+ The advanced security configuration for the repository. See Advanced Security Configuration below for details. If a repository's visibility is public, advanced security is always enabled and cannot be changed, so this setting cannot be supplied.
+ The advanced security configuration for the repository. If a repository's visibility is 'public', advanced security is always enabled and cannot be changed, so this setting cannot be supplied.
+ items:
+ properties:
+ status:
+ description: |-
+ Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
+ Set to 'enabled' to enable advanced security features on the repository. Can be 'enabled' or 'disabled'.
+ type: string
+ type: object
+ type: array
+ secretScanning:
+ description: |-
+ The secret scanning configuration for the repository. See Secret Scanning Configuration below for details.
+ The secret scanning configuration for the repository.
+ items:
+ properties:
+ status:
+ description: |-
+ Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
+ Set to 'enabled' to enable secret scanning on the repository. Can be 'enabled' or 'disabled'. If set to 'enabled', the repository's visibility must be 'public' or 'security_and_analysis[0].advanced_security[0].status' must also be set to 'enabled'.
+ type: string
+ type: object
+ type: array
+ secretScanningPushProtection:
+ description: |-
+ The secret scanning push protection configuration for the repository. See Secret Scanning Push Protection Configuration below for details.
+ The secret scanning push protection configuration for the repository.
+ items:
+ properties:
+ status:
+ description: |-
+ Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
+ Set to 'enabled' to enable secret scanning push protection on the repository. Can be 'enabled' or 'disabled'. If set to 'enabled', the repository's visibility must be 'public' or 'security_and_analysis[0].advanced_security[0].status' must also be set to 'enabled'.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: array
+ squashMergeCommitMessage:
+ description: |-
+ Can be PR_BODY, COMMIT_MESSAGES, or BLANK for a default squash merge commit message. Applicable only if allow_squash_merge is true.
+ Can be 'PR_BODY', 'COMMIT_MESSAGES', or 'BLANK' for a default squash merge commit message.
+ type: string
+ squashMergeCommitTitle:
+ description: |-
+ Can be PR_TITLE or COMMIT_OR_PR_TITLE for a default squash merge commit title. Applicable only if allow_squash_merge is true.
+ Can be 'PR_TITLE' or 'COMMIT_OR_PR_TITLE' for a default squash merge commit title.
+ type: string
+ template:
+ description: |-
+ Use a template repository to create this resource. See Template Repositories below for details.
+ Use a template repository to create this resource.
+ items:
+ properties:
+ includeAllBranches:
+ description: |-
+ : Whether the new repository should include all the branches from the template repository (defaults to false, which includes only the default branch from the template).
+ Whether the new repository should include all the branches from the template repository (defaults to 'false', which includes only the default branch from the template).
+ type: boolean
+ owner:
+ description: |-
+ : The GitHub organization or user the template repository is owned by.
+ The GitHub organization or user the template repository is owned by.
+ type: string
+ repository:
+ description: |-
+ : The name of the template repository.
+ The name of the template repository.
+ type: string
+ type: object
+ type: array
+ topics:
+ description: |-
+ The list of topics of the repository.
+ The list of topics of the repository.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ visibility:
+ description: |-
+ Can be public or private. If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be internal. The visibility parameter overrides the private parameter.
+ Can be 'public' or 'private'. If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be 'internal'.
+ type: string
+ vulnerabilityAlerts:
+ description: |-
+ Set to true to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default.) See GitHub Documentation for details. Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings.
+ Set to 'true' to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default). Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings.
+ type: boolean
+ webCommitSignoffRequired:
+ description: |-
+ Require contributors to sign off on web-based commits. See more here. Defaults to false.
+ Require contributors to sign off on web-based commits. Defaults to 'false'.
+ type: boolean
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ allowAutoMerge:
+ description: |-
+ Set to true to allow auto-merging pull requests on the repository.
+ Set to 'true' to allow auto-merging pull requests on the repository.
+ type: boolean
+ allowMergeCommit:
+ description: |-
+ (including the related merge_commit_title and merge_commit_message)
+ Set to 'false' to disable merge commits on the repository.
+ type: boolean
+ allowRebaseMerge:
+ description: |-
+ Set to false to disable rebase merges on the repository.
+ Set to 'false' to disable rebase merges on the repository.
+ type: boolean
+ allowSquashMerge:
+ description: |-
+ (including the related squash_merge_commit_title and squash_merge_commit_message)
+ Set to 'false' to disable squash merges on the repository.
+ type: boolean
+ allowUpdateBranch:
+ description: |-
+ Set to true to always suggest updating pull request branches.
+ Set to 'true' to always suggest updating pull request branches.
+ type: boolean
+ archiveOnDestroy:
+ description: |-
+ Set to true to archive the repository instead of deleting on destroy.
+ Set to 'true' to archive the repository instead of deleting on destroy.
+ type: boolean
+ archived:
+ description: |-
+ Specifies if the repository should be archived. Defaults to false. NOTE Currently, the API does not support unarchiving.
+ Specifies if the repository should be archived. Defaults to 'false'. NOTE Currently, the API does not support unarchiving.
+ type: boolean
+ autoInit:
+ description: |-
+ Set to true to produce an initial commit in the repository.
+ Set to 'true' to produce an initial commit in the repository.
+ type: boolean
+ defaultBranch:
+ description: |-
+ (Deprecated: Use github_branch_default resource instead) The name of the default branch of the repository. NOTE: This can only be set after a repository has already been created,
+ and after a correct reference has been created for the target branch inside the repository. This means a user will have to omit this parameter from the
+ initial repository creation and create the target branch inside of the repository prior to setting this attribute.
+ Can only be set after initial repository creation, and only if the target branch exists
+ type: string
+ deleteBranchOnMerge:
+ description: |-
+ Automatically delete head branch after a pull request is merged. Defaults to false.
+ Automatically delete head branch after a pull request is merged. Defaults to 'false'.
+ type: boolean
+ description:
+ description: |-
+ A description of the repository.
+ A description of the repository.
+ type: string
+ gitignoreTemplate:
+ description: |-
+ Use the name of the template without the extension. For example, "Haskell".
+ Use the name of the template without the extension. For example, 'Haskell'.
+ type: string
+ hasDiscussions:
+ description: |-
+ Set to true to enable GitHub Discussions on the repository. Defaults to false.
+ Set to 'true' to enable GitHub Discussions on the repository. Defaults to 'false'.
+ type: boolean
+ hasDownloads:
+ description: |-
+ Set to true to enable the (deprecated) downloads features on the repository.
+ Set to 'true' to enable the (deprecated) downloads features on the repository.
+ type: boolean
+ hasIssues:
+ description: |-
+ Set to true to enable the GitHub Issues features
+ on the repository.
+ Set to 'true' to enable the GitHub Issues features on the repository
+ type: boolean
+ hasProjects:
+ description: |-
+ Set to true to enable the GitHub Projects features on the repository. Per the GitHub documentation when in an organization that has disabled repository projects it will default to false and will otherwise default to true. If you specify true when it has been disabled it will return an error.
+ Set to 'true' to enable the GitHub Projects features on the repository. Per the GitHub documentation when in an organization that has disabled repository projects it will default to 'false' and will otherwise default to 'true'. If you specify 'true' when it has been disabled it will return an error.
+ type: boolean
+ hasWiki:
+ description: |-
+ Set to true to enable the GitHub Wiki features on
+ the repository.
+ Set to 'true' to enable the GitHub Wiki features on the repository.
+ type: boolean
+ homepageUrl:
+ description: |-
+ URL of a page describing the project.
+ URL of a page describing the project.
+ type: string
+ ignoreVulnerabilityAlertsDuringRead:
+ description: |-
+ Set to true to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read.
+ Set to true to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read.
+ type: boolean
+ isTemplate:
+ description: |-
+ Set to true to tell GitHub that this is a template repository.
+ Set to 'true' to tell GitHub that this is a template repository.
+ type: boolean
+ licenseTemplate:
+ description: |-
+ Use the name of the template without the extension. For example, "mit" or "mpl-2.0".
+ Use the name of the template without the extension. For example, 'mit' or 'mpl-2.0'.
+ type: string
+ mergeCommitMessage:
+ description: |-
+ Can be PR_BODY, PR_TITLE, or BLANK for a default merge commit message. Applicable only if allow_merge_commit is true.
+ Can be 'PR_BODY', 'PR_TITLE', or 'BLANK' for a default merge commit message.
+ type: string
+ mergeCommitTitle:
+ description: |-
+ Can be PR_TITLE or MERGE_MESSAGE for a default merge commit title. Applicable only if allow_merge_commit is true.
+ Can be 'PR_TITLE' or 'MERGE_MESSAGE' for a default merge commit title.
+ type: string
+ name:
+ description: |-
+ The name of the repository.
+ The name of the repository.
+ type: string
+ pages:
+ description: |-
+ The repository's GitHub Pages configuration. See GitHub Pages Configuration below for details.
+ The repository's GitHub Pages configuration
+ items:
+ properties:
+ buildType:
+ description: |-
+ The type of GitHub Pages site to build. Can be legacy or workflow. If you use legacy as build type you need to set the option source.
+ The type the page should be sourced.
+ type: string
+ cname:
+ description: |-
+ The custom domain for the repository. This can only be set after the repository has been created.
+ The custom domain for the repository. This can only be set after the repository has been created.
+ type: string
+ source:
+ description: |-
+ The source branch and directory for the rendered Pages site. See GitHub Pages Source below for details.
+ The source branch and directory for the rendered Pages site.
+ items:
+ properties:
+ branch:
+ description: |-
+ The repository branch used to publish the site's source files. (i.e. main or gh-pages.
+ The repository branch used to publish the site's source files. (i.e. 'main' or 'gh-pages')
+ type: string
+ path:
+ description: |-
+ The repository directory from which the site publishes (Default: /).
+ The repository directory from which the site publishes (Default: '/')
+ type: string
+ type: object
+ type: array
+ type: object
+ type: array
+ private:
+ description: |-
+ Set to true to create a private repository.
+ Repositories are created as public (e.g. open source) by default.
+ type: boolean
+ securityAndAnalysis:
+ description: |-
+ The repository's security and analysis configuration. See Security and Analysis Configuration below for details.
+ Security and analysis settings for the repository. To use this parameter you must have admin permissions for the repository or be an owner or security manager for the organization that owns the repository.
+ items:
+ properties:
+ advancedSecurity:
+ description: |-
+ The advanced security configuration for the repository. See Advanced Security Configuration below for details. If a repository's visibility is public, advanced security is always enabled and cannot be changed, so this setting cannot be supplied.
+ The advanced security configuration for the repository. If a repository's visibility is 'public', advanced security is always enabled and cannot be changed, so this setting cannot be supplied.
+ items:
+ properties:
+ status:
+ description: |-
+ Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
+ Set to 'enabled' to enable advanced security features on the repository. Can be 'enabled' or 'disabled'.
+ type: string
+ type: object
+ type: array
+ secretScanning:
+ description: |-
+ The secret scanning configuration for the repository. See Secret Scanning Configuration below for details.
+ The secret scanning configuration for the repository.
+ items:
+ properties:
+ status:
+ description: |-
+ Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
+ Set to 'enabled' to enable secret scanning on the repository. Can be 'enabled' or 'disabled'. If set to 'enabled', the repository's visibility must be 'public' or 'security_and_analysis[0].advanced_security[0].status' must also be set to 'enabled'.
+ type: string
+ type: object
+ type: array
+ secretScanningPushProtection:
+ description: |-
+ The secret scanning push protection configuration for the repository. See Secret Scanning Push Protection Configuration below for details.
+ The secret scanning push protection configuration for the repository.
+ items:
+ properties:
+ status:
+ description: |-
+ Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
+ Set to 'enabled' to enable secret scanning push protection on the repository. Can be 'enabled' or 'disabled'. If set to 'enabled', the repository's visibility must be 'public' or 'security_and_analysis[0].advanced_security[0].status' must also be set to 'enabled'.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: array
+ squashMergeCommitMessage:
+ description: |-
+ Can be PR_BODY, COMMIT_MESSAGES, or BLANK for a default squash merge commit message. Applicable only if allow_squash_merge is true.
+ Can be 'PR_BODY', 'COMMIT_MESSAGES', or 'BLANK' for a default squash merge commit message.
+ type: string
+ squashMergeCommitTitle:
+ description: |-
+ Can be PR_TITLE or COMMIT_OR_PR_TITLE for a default squash merge commit title. Applicable only if allow_squash_merge is true.
+ Can be 'PR_TITLE' or 'COMMIT_OR_PR_TITLE' for a default squash merge commit title.
+ type: string
+ template:
+ description: |-
+ Use a template repository to create this resource. See Template Repositories below for details.
+ Use a template repository to create this resource.
+ items:
+ properties:
+ includeAllBranches:
+ description: |-
+ : Whether the new repository should include all the branches from the template repository (defaults to false, which includes only the default branch from the template).
+ Whether the new repository should include all the branches from the template repository (defaults to 'false', which includes only the default branch from the template).
+ type: boolean
+ owner:
+ description: |-
+ : The GitHub organization or user the template repository is owned by.
+ The GitHub organization or user the template repository is owned by.
+ type: string
+ repository:
+ description: |-
+ : The name of the template repository.
+ The name of the template repository.
+ type: string
+ type: object
+ type: array
+ topics:
+ description: |-
+ The list of topics of the repository.
+ The list of topics of the repository.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ visibility:
+ description: |-
+ Can be public or private. If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be internal. The visibility parameter overrides the private parameter.
+ Can be 'public' or 'private'. If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be 'internal'.
+ type: string
+ vulnerabilityAlerts:
+ description: |-
+ Set to true to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default.) See GitHub Documentation for details. Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings.
+ Set to 'true' to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default). Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings.
+ type: boolean
+ webCommitSignoffRequired:
+ description: |-
+ Require contributors to sign off on web-based commits. See more here. Defaults to false.
+ Require contributors to sign off on web-based commits. Defaults to 'false'.
+ type: boolean
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: RepositoryStatus defines the observed state of Repository.
+ properties:
+ atProvider:
+ properties:
+ allowAutoMerge:
+ description: |-
+ Set to true to allow auto-merging pull requests on the repository.
+ Set to 'true' to allow auto-merging pull requests on the repository.
+ type: boolean
+ allowMergeCommit:
+ description: |-
+ (including the related merge_commit_title and merge_commit_message)
+ Set to 'false' to disable merge commits on the repository.
+ type: boolean
+ allowRebaseMerge:
+ description: |-
+ Set to false to disable rebase merges on the repository.
+ Set to 'false' to disable rebase merges on the repository.
+ type: boolean
+ allowSquashMerge:
+ description: |-
+ (including the related squash_merge_commit_title and squash_merge_commit_message)
+ Set to 'false' to disable squash merges on the repository.
+ type: boolean
+ allowUpdateBranch:
+ description: |-
+ Set to true to always suggest updating pull request branches.
+ Set to 'true' to always suggest updating pull request branches.
+ type: boolean
+ archiveOnDestroy:
+ description: |-
+ Set to true to archive the repository instead of deleting on destroy.
+ Set to 'true' to archive the repository instead of deleting on destroy.
+ type: boolean
+ archived:
+ description: |-
+ Specifies if the repository should be archived. Defaults to false. NOTE Currently, the API does not support unarchiving.
+ Specifies if the repository should be archived. Defaults to 'false'. NOTE Currently, the API does not support unarchiving.
+ type: boolean
+ autoInit:
+ description: |-
+ Set to true to produce an initial commit in the repository.
+ Set to 'true' to produce an initial commit in the repository.
+ type: boolean
+ defaultBranch:
+ description: |-
+ (Deprecated: Use github_branch_default resource instead) The name of the default branch of the repository. NOTE: This can only be set after a repository has already been created,
+ and after a correct reference has been created for the target branch inside the repository. This means a user will have to omit this parameter from the
+ initial repository creation and create the target branch inside of the repository prior to setting this attribute.
+ Can only be set after initial repository creation, and only if the target branch exists
+ type: string
+ deleteBranchOnMerge:
+ description: |-
+ Automatically delete head branch after a pull request is merged. Defaults to false.
+ Automatically delete head branch after a pull request is merged. Defaults to 'false'.
+ type: boolean
+ description:
+ description: |-
+ A description of the repository.
+ A description of the repository.
+ type: string
+ etag:
+ type: string
+ fullName:
+ description: |-
+ A string of the form "orgname/reponame".
+ A string of the form 'orgname/reponame'.
+ type: string
+ gitCloneUrl:
+ description: |-
+ URL that can be provided to git clone to clone the repository anonymously via the git protocol.
+ URL that can be provided to 'git clone' to clone the repository anonymously via the git protocol.
+ type: string
+ gitignoreTemplate:
+ description: |-
+ Use the name of the template without the extension. For example, "Haskell".
+ Use the name of the template without the extension. For example, 'Haskell'.
+ type: string
+ hasDiscussions:
+ description: |-
+ Set to true to enable GitHub Discussions on the repository. Defaults to false.
+ Set to 'true' to enable GitHub Discussions on the repository. Defaults to 'false'.
+ type: boolean
+ hasDownloads:
+ description: |-
+ Set to true to enable the (deprecated) downloads features on the repository.
+ Set to 'true' to enable the (deprecated) downloads features on the repository.
+ type: boolean
+ hasIssues:
+ description: |-
+ Set to true to enable the GitHub Issues features
+ on the repository.
+ Set to 'true' to enable the GitHub Issues features on the repository
+ type: boolean
+ hasProjects:
+ description: |-
+ Set to true to enable the GitHub Projects features on the repository. Per the GitHub documentation when in an organization that has disabled repository projects it will default to false and will otherwise default to true. If you specify true when it has been disabled it will return an error.
+ Set to 'true' to enable the GitHub Projects features on the repository. Per the GitHub documentation when in an organization that has disabled repository projects it will default to 'false' and will otherwise default to 'true'. If you specify 'true' when it has been disabled it will return an error.
+ type: boolean
+ hasWiki:
+ description: |-
+ Set to true to enable the GitHub Wiki features on
+ the repository.
+ Set to 'true' to enable the GitHub Wiki features on the repository.
+ type: boolean
+ homepageUrl:
+ description: |-
+ URL of a page describing the project.
+ URL of a page describing the project.
+ type: string
+ htmlUrl:
+ description: |-
+ URL to the repository on the web.
+ URL to the repository on the web.
+ type: string
+ httpCloneUrl:
+ description: |-
+ URL that can be provided to git clone to clone the repository via HTTPS.
+ URL that can be provided to 'git clone' to clone the repository via HTTPS.
+ type: string
+ id:
+ type: string
+ ignoreVulnerabilityAlertsDuringRead:
+ description: |-
+ Set to true to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read.
+ Set to true to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read.
+ type: boolean
+ isTemplate:
+ description: |-
+ Set to true to tell GitHub that this is a template repository.
+ Set to 'true' to tell GitHub that this is a template repository.
+ type: boolean
+ licenseTemplate:
+ description: |-
+ Use the name of the template without the extension. For example, "mit" or "mpl-2.0".
+ Use the name of the template without the extension. For example, 'mit' or 'mpl-2.0'.
+ type: string
+ mergeCommitMessage:
+ description: |-
+ Can be PR_BODY, PR_TITLE, or BLANK for a default merge commit message. Applicable only if allow_merge_commit is true.
+ Can be 'PR_BODY', 'PR_TITLE', or 'BLANK' for a default merge commit message.
+ type: string
+ mergeCommitTitle:
+ description: |-
+ Can be PR_TITLE or MERGE_MESSAGE for a default merge commit title. Applicable only if allow_merge_commit is true.
+ Can be 'PR_TITLE' or 'MERGE_MESSAGE' for a default merge commit title.
+ type: string
+ name:
+ description: |-
+ The name of the repository.
+ The name of the repository.
+ type: string
+ nodeId:
+ description: |-
+ GraphQL global node id for use with v4 API
+ GraphQL global node id for use with v4 API.
+ type: string
+ pages:
+ description: |-
+ The repository's GitHub Pages configuration. See GitHub Pages Configuration below for details.
+ The repository's GitHub Pages configuration
+ items:
+ properties:
+ buildType:
+ description: |-
+ The type of GitHub Pages site to build. Can be legacy or workflow. If you use legacy as build type you need to set the option source.
+ The type the page should be sourced.
+ type: string
+ cname:
+ description: |-
+ The custom domain for the repository. This can only be set after the repository has been created.
+ The custom domain for the repository. This can only be set after the repository has been created.
+ type: string
+ custom404:
+ description: |-
+ Whether the rendered GitHub Pages site has a custom 404 page.
+ Whether the rendered GitHub Pages site has a custom 404 page
+ type: boolean
+ htmlUrl:
+ description: |-
+ URL to the repository on the web.
+ URL to the repository on the web.
+ type: string
+ source:
+ description: |-
+ The source branch and directory for the rendered Pages site. See GitHub Pages Source below for details.
+ The source branch and directory for the rendered Pages site.
+ items:
+ properties:
+ branch:
+ description: |-
+ The repository branch used to publish the site's source files. (i.e. main or gh-pages.
+ The repository branch used to publish the site's source files. (i.e. 'main' or 'gh-pages')
+ type: string
+ path:
+ description: |-
+ The repository directory from which the site publishes (Default: /).
+ The repository directory from which the site publishes (Default: '/')
+ type: string
+ type: object
+ type: array
+ status:
+ description: |-
+ Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
+ The GitHub Pages site's build status e.g. building or built.
+ type: string
+ url:
+ type: string
+ type: object
+ type: array
+ primaryLanguage:
+ description: The primary language used in the repository.
+ type: string
+ private:
+ description: |-
+ Set to true to create a private repository.
+ Repositories are created as public (e.g. open source) by default.
+ type: boolean
+ repoId:
+ description: |-
+ GitHub ID for the repository
+ GitHub ID for the repository.
+ format: int64
+ type: integer
+ securityAndAnalysis:
+ description: |-
+ The repository's security and analysis configuration. See Security and Analysis Configuration below for details.
+ Security and analysis settings for the repository. To use this parameter you must have admin permissions for the repository or be an owner or security manager for the organization that owns the repository.
+ items:
+ properties:
+ advancedSecurity:
+ description: |-
+ The advanced security configuration for the repository. See Advanced Security Configuration below for details. If a repository's visibility is public, advanced security is always enabled and cannot be changed, so this setting cannot be supplied.
+ The advanced security configuration for the repository. If a repository's visibility is 'public', advanced security is always enabled and cannot be changed, so this setting cannot be supplied.
+ items:
+ properties:
+ status:
+ description: |-
+ Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
+ Set to 'enabled' to enable advanced security features on the repository. Can be 'enabled' or 'disabled'.
+ type: string
+ type: object
+ type: array
+ secretScanning:
+ description: |-
+ The secret scanning configuration for the repository. See Secret Scanning Configuration below for details.
+ The secret scanning configuration for the repository.
+ items:
+ properties:
+ status:
+ description: |-
+ Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
+ Set to 'enabled' to enable secret scanning on the repository. Can be 'enabled' or 'disabled'. If set to 'enabled', the repository's visibility must be 'public' or 'security_and_analysis[0].advanced_security[0].status' must also be set to 'enabled'.
+ type: string
+ type: object
+ type: array
+ secretScanningPushProtection:
+ description: |-
+ The secret scanning push protection configuration for the repository. See Secret Scanning Push Protection Configuration below for details.
+ The secret scanning push protection configuration for the repository.
+ items:
+ properties:
+ status:
+ description: |-
+ Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
+ Set to 'enabled' to enable secret scanning push protection on the repository. Can be 'enabled' or 'disabled'. If set to 'enabled', the repository's visibility must be 'public' or 'security_and_analysis[0].advanced_security[0].status' must also be set to 'enabled'.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: array
+ squashMergeCommitMessage:
+ description: |-
+ Can be PR_BODY, COMMIT_MESSAGES, or BLANK for a default squash merge commit message. Applicable only if allow_squash_merge is true.
+ Can be 'PR_BODY', 'COMMIT_MESSAGES', or 'BLANK' for a default squash merge commit message.
+ type: string
+ squashMergeCommitTitle:
+ description: |-
+ Can be PR_TITLE or COMMIT_OR_PR_TITLE for a default squash merge commit title. Applicable only if allow_squash_merge is true.
+ Can be 'PR_TITLE' or 'COMMIT_OR_PR_TITLE' for a default squash merge commit title.
+ type: string
+ sshCloneUrl:
+ description: |-
+ URL that can be provided to git clone to clone the repository via SSH.
+ URL that can be provided to 'git clone' to clone the repository via SSH.
+ type: string
+ svnUrl:
+ description: |-
+ URL that can be provided to svn checkout to check out the repository via GitHub's Subversion protocol emulation.
+ URL that can be provided to 'svn checkout' to check out the repository via GitHub's Subversion protocol emulation.
+ type: string
+ template:
+ description: |-
+ Use a template repository to create this resource. See Template Repositories below for details.
+ Use a template repository to create this resource.
+ items:
+ properties:
+ includeAllBranches:
+ description: |-
+ : Whether the new repository should include all the branches from the template repository (defaults to false, which includes only the default branch from the template).
+ Whether the new repository should include all the branches from the template repository (defaults to 'false', which includes only the default branch from the template).
+ type: boolean
+ owner:
+ description: |-
+ : The GitHub organization or user the template repository is owned by.
+ The GitHub organization or user the template repository is owned by.
+ type: string
+ repository:
+ description: |-
+ : The name of the template repository.
+ The name of the template repository.
+ type: string
+ type: object
+ type: array
+ topics:
+ description: |-
+ The list of topics of the repository.
+ The list of topics of the repository.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ visibility:
+ description: |-
+ Can be public or private. If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be internal. The visibility parameter overrides the private parameter.
+ Can be 'public' or 'private'. If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be 'internal'.
+ type: string
+ vulnerabilityAlerts:
+ description: |-
+ Set to true to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default.) See GitHub Documentation for details. Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings.
+ Set to 'true' to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default). Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings.
+ type: boolean
+ webCommitSignoffRequired:
+ description: |-
+ Require contributors to sign off on web-based commits. See more here. Defaults to false.
+ Require contributors to sign off on web-based commits. Defaults to 'false'.
+ type: boolean
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: repositoryautolinkreferences.repo.github.upbound.io
+spec:
+ group: repo.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: RepositoryAutolinkReference
+ listKind: RepositoryAutolinkReferenceList
+ plural: repositoryautolinkreferences
+ singular: repositoryautolinkreference
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: RepositoryAutolinkReference is the Schema for the RepositoryAutolinkReferences
+ API. Creates and manages autolink references for a single repository
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: RepositoryAutolinkReferenceSpec defines the desired state
+ of RepositoryAutolinkReference
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ isAlphanumeric:
+ description: |-
+ Whether this autolink reference matches alphanumeric characters. If false, this autolink reference only matches numeric characters. Default is true.
+ Whether this autolink reference matches alphanumeric characters. If false, this autolink reference only matches numeric characters.
+ type: boolean
+ keyPrefix:
+ description: |-
+ This prefix appended by a number will generate a link any time it is found in an issue, pull request, or commit.
+ This prefix appended by a number will generate a link any time it is found in an issue, pull request, or commit
+ type: string
+ repository:
+ description: |-
+ The repository of the autolink reference.
+ The repository name
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ targetUrlTemplate:
+ description: |-
+ The template of the target URL used for the links; must be a valid URL and contain for the reference number
+ The template of the target URL used for the links; must be a valid URL and contain `` for the reference number
+ type: string
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ isAlphanumeric:
+ description: |-
+ Whether this autolink reference matches alphanumeric characters. If false, this autolink reference only matches numeric characters. Default is true.
+ Whether this autolink reference matches alphanumeric characters. If false, this autolink reference only matches numeric characters.
+ type: boolean
+ keyPrefix:
+ description: |-
+ This prefix appended by a number will generate a link any time it is found in an issue, pull request, or commit.
+ This prefix appended by a number will generate a link any time it is found in an issue, pull request, or commit
+ type: string
+ repository:
+ description: |-
+ The repository of the autolink reference.
+ The repository name
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ targetUrlTemplate:
+ description: |-
+ The template of the target URL used for the links; must be a valid URL and contain for the reference number
+ The template of the target URL used for the links; must be a valid URL and contain `` for the reference number
+ type: string
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: RepositoryAutolinkReferenceStatus defines the observed state
+ of RepositoryAutolinkReference.
+ properties:
+ atProvider:
+ properties:
+ etag:
+ description: An etag representing the autolink reference object.
+ type: string
+ id:
+ type: string
+ isAlphanumeric:
+ description: |-
+ Whether this autolink reference matches alphanumeric characters. If false, this autolink reference only matches numeric characters. Default is true.
+ Whether this autolink reference matches alphanumeric characters. If false, this autolink reference only matches numeric characters.
+ type: boolean
+ keyPrefix:
+ description: |-
+ This prefix appended by a number will generate a link any time it is found in an issue, pull request, or commit.
+ This prefix appended by a number will generate a link any time it is found in an issue, pull request, or commit
+ type: string
+ repository:
+ description: |-
+ The repository of the autolink reference.
+ The repository name
+ type: string
+ targetUrlTemplate:
+ description: |-
+ The template of the target URL used for the links; must be a valid URL and contain for the reference number
+ The template of the target URL used for the links; must be a valid URL and contain `` for the reference number
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: repositorycollaborators.repo.github.upbound.io
+spec:
+ group: repo.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: RepositoryCollaborator
+ listKind: RepositoryCollaboratorList
+ plural: repositorycollaborators
+ singular: repositorycollaborator
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: RepositoryCollaborator is the Schema for the RepositoryCollaborators
+ API. Provides a GitHub repository collaborator resource.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: RepositoryCollaboratorSpec defines the desired state of RepositoryCollaborator
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ permission:
+ description: |-
+ The permission of the outside collaborator for the repository.
+ Must be one of pull, push, maintain, triage or admin or the name of an existing custom repository role within the organization for organization-owned repositories.
+ Must be push for personal repositories. Defaults to push.
+ The permission of the outside collaborator for the repository. Must be one of 'pull', 'push', 'maintain', 'triage' or 'admin' or the name of an existing custom repository role within the organization for organization-owned repositories. Must be 'push' for personal repositories. Defaults to 'push'.
+ type: string
+ permissionDiffSuppression:
+ description: |-
+ Suppress plan diffs for triage and maintain. Defaults to false.
+ Suppress plan diffs for triage and maintain. Defaults to 'false'.
+ type: boolean
+ repository:
+ description: |-
+ The GitHub repository
+ The GitHub repository
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ username:
+ description: |-
+ The user to add to the repository as a collaborator.
+ The user to add to the repository as a collaborator.
+ type: string
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ permission:
+ description: |-
+ The permission of the outside collaborator for the repository.
+ Must be one of pull, push, maintain, triage or admin or the name of an existing custom repository role within the organization for organization-owned repositories.
+ Must be push for personal repositories. Defaults to push.
+ The permission of the outside collaborator for the repository. Must be one of 'pull', 'push', 'maintain', 'triage' or 'admin' or the name of an existing custom repository role within the organization for organization-owned repositories. Must be 'push' for personal repositories. Defaults to 'push'.
+ type: string
+ permissionDiffSuppression:
+ description: |-
+ Suppress plan diffs for triage and maintain. Defaults to false.
+ Suppress plan diffs for triage and maintain. Defaults to 'false'.
+ type: boolean
+ repository:
+ description: |-
+ The GitHub repository
+ The GitHub repository
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ username:
+ description: |-
+ The user to add to the repository as a collaborator.
+ The user to add to the repository as a collaborator.
+ type: string
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: RepositoryCollaboratorStatus defines the observed state of
+ RepositoryCollaborator.
+ properties:
+ atProvider:
+ properties:
+ id:
+ type: string
+ invitationId:
+ description: |-
+ ID of the invitation to be used in github_user_invitation_accepter
+ ID of the invitation to be used in 'github_user_invitation_accepter'
+ type: string
+ permission:
+ description: |-
+ The permission of the outside collaborator for the repository.
+ Must be one of pull, push, maintain, triage or admin or the name of an existing custom repository role within the organization for organization-owned repositories.
+ Must be push for personal repositories. Defaults to push.
+ The permission of the outside collaborator for the repository. Must be one of 'pull', 'push', 'maintain', 'triage' or 'admin' or the name of an existing custom repository role within the organization for organization-owned repositories. Must be 'push' for personal repositories. Defaults to 'push'.
+ type: string
+ permissionDiffSuppression:
+ description: |-
+ Suppress plan diffs for triage and maintain. Defaults to false.
+ Suppress plan diffs for triage and maintain. Defaults to 'false'.
+ type: boolean
+ repository:
+ description: |-
+ The GitHub repository
+ The GitHub repository
+ type: string
+ username:
+ description: |-
+ The user to add to the repository as a collaborator.
+ The user to add to the repository as a collaborator.
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: repositoryfiles.repo.github.upbound.io
+spec:
+ group: repo.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: RepositoryFile
+ listKind: RepositoryFileList
+ plural: repositoryfiles
+ singular: repositoryfile
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: RepositoryFile is the Schema for the RepositoryFiles API. Creates
+ and manages files within a GitHub repository
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: RepositoryFileSpec defines the desired state of RepositoryFile
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ autocreateBranch:
+ description: |-
+ Git branch (defaults to the repository's default branch).
+ The branch must already exist, it will not be created if it does not already exist.
+ Automatically create the branch if it could not be found. Subsequent reads if the branch is deleted will occur from 'autocreate_branch_source_branch'
+ type: boolean
+ autocreateBranchSourceBranch:
+ description: |-
+ Git branch (defaults to the repository's default branch).
+ The branch must already exist, it will not be created if it does not already exist.
+ The branch name to start from, if 'autocreate_branch' is set. Defaults to 'main'.
+ type: string
+ autocreateBranchSourceSha:
+ description: |-
+ The SHA blob of the file.
+ The commit hash to start from, if 'autocreate_branch' is set. Defaults to the tip of 'autocreate_branch_source_branch'. If provided, 'autocreate_branch_source_branch' is ignored.
+ type: string
+ branch:
+ description: |-
+ Git branch (defaults to the repository's default branch).
+ The branch must already exist, it will not be created if it does not already exist.
+ The branch name, defaults to the repository's default branch
+ type: string
+ branchRef:
+ description: Reference to a Branch in repo to populate branch.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ branchSelector:
+ description: Selector for a Branch in repo to populate branch.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ commitAuthor:
+ description: |-
+ Committer author name to use. NOTE: GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App. This maybe useful when a branch protection rule requires signed commits.
+ The commit author name, defaults to the authenticated user's name. GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App.
+ type: string
+ commitEmail:
+ description: |-
+ Committer email address to use. NOTE: GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App. This may be useful when a branch protection rule requires signed commits.
+ The commit author email address, defaults to the authenticated user's email address. GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App.
+ type: string
+ commitMessage:
+ description: |-
+ The commit message when creating, updating or deleting the managed file.
+ The commit message when creating, updating or deleting the file
+ type: string
+ content:
+ description: |-
+ The file content.
+ The file's content
+ type: string
+ file:
+ description: |-
+ The path of the file to manage.
+ The file path to manage
+ type: string
+ overwriteOnCreate:
+ description: |-
+ Enable overwriting existing files. If set to true it will overwrite an existing file with the same name. If set to false it will fail if there is an existing file with the same name.
+ Enable overwriting existing files, defaults to "false"
+ type: boolean
+ repository:
+ description: |-
+ The repository to create the file in.
+ The repository name
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ autocreateBranch:
+ description: |-
+ Git branch (defaults to the repository's default branch).
+ The branch must already exist, it will not be created if it does not already exist.
+ Automatically create the branch if it could not be found. Subsequent reads if the branch is deleted will occur from 'autocreate_branch_source_branch'
+ type: boolean
+ autocreateBranchSourceBranch:
+ description: |-
+ Git branch (defaults to the repository's default branch).
+ The branch must already exist, it will not be created if it does not already exist.
+ The branch name to start from, if 'autocreate_branch' is set. Defaults to 'main'.
+ type: string
+ autocreateBranchSourceSha:
+ description: |-
+ The SHA blob of the file.
+ The commit hash to start from, if 'autocreate_branch' is set. Defaults to the tip of 'autocreate_branch_source_branch'. If provided, 'autocreate_branch_source_branch' is ignored.
+ type: string
+ branch:
+ description: |-
+ Git branch (defaults to the repository's default branch).
+ The branch must already exist, it will not be created if it does not already exist.
+ The branch name, defaults to the repository's default branch
+ type: string
+ branchRef:
+ description: Reference to a Branch in repo to populate branch.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ branchSelector:
+ description: Selector for a Branch in repo to populate branch.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ commitAuthor:
+ description: |-
+ Committer author name to use. NOTE: GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App. This maybe useful when a branch protection rule requires signed commits.
+ The commit author name, defaults to the authenticated user's name. GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App.
+ type: string
+ commitEmail:
+ description: |-
+ Committer email address to use. NOTE: GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App. This may be useful when a branch protection rule requires signed commits.
+ The commit author email address, defaults to the authenticated user's email address. GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App.
+ type: string
+ commitMessage:
+ description: |-
+ The commit message when creating, updating or deleting the managed file.
+ The commit message when creating, updating or deleting the file
+ type: string
+ content:
+ description: |-
+ The file content.
+ The file's content
+ type: string
+ file:
+ description: |-
+ The path of the file to manage.
+ The file path to manage
+ type: string
+ overwriteOnCreate:
+ description: |-
+ Enable overwriting existing files. If set to true it will overwrite an existing file with the same name. If set to false it will fail if there is an existing file with the same name.
+ Enable overwriting existing files, defaults to "false"
+ type: boolean
+ repository:
+ description: |-
+ The repository to create the file in.
+ The repository name
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: RepositoryFileStatus defines the observed state of RepositoryFile.
+ properties:
+ atProvider:
+ properties:
+ autocreateBranch:
+ description: |-
+ Git branch (defaults to the repository's default branch).
+ The branch must already exist, it will not be created if it does not already exist.
+ Automatically create the branch if it could not be found. Subsequent reads if the branch is deleted will occur from 'autocreate_branch_source_branch'
+ type: boolean
+ autocreateBranchSourceBranch:
+ description: |-
+ Git branch (defaults to the repository's default branch).
+ The branch must already exist, it will not be created if it does not already exist.
+ The branch name to start from, if 'autocreate_branch' is set. Defaults to 'main'.
+ type: string
+ autocreateBranchSourceSha:
+ description: |-
+ The SHA blob of the file.
+ The commit hash to start from, if 'autocreate_branch' is set. Defaults to the tip of 'autocreate_branch_source_branch'. If provided, 'autocreate_branch_source_branch' is ignored.
+ type: string
+ branch:
+ description: |-
+ Git branch (defaults to the repository's default branch).
+ The branch must already exist, it will not be created if it does not already exist.
+ The branch name, defaults to the repository's default branch
+ type: string
+ commitAuthor:
+ description: |-
+ Committer author name to use. NOTE: GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App. This maybe useful when a branch protection rule requires signed commits.
+ The commit author name, defaults to the authenticated user's name. GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App.
+ type: string
+ commitEmail:
+ description: |-
+ Committer email address to use. NOTE: GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App. This may be useful when a branch protection rule requires signed commits.
+ The commit author email address, defaults to the authenticated user's email address. GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App.
+ type: string
+ commitMessage:
+ description: |-
+ The commit message when creating, updating or deleting the managed file.
+ The commit message when creating, updating or deleting the file
+ type: string
+ commitSha:
+ description: |-
+ The SHA of the commit that modified the file.
+ The SHA of the commit that modified the file
+ type: string
+ content:
+ description: |-
+ The file content.
+ The file's content
+ type: string
+ file:
+ description: |-
+ The path of the file to manage.
+ The file path to manage
+ type: string
+ id:
+ type: string
+ overwriteOnCreate:
+ description: |-
+ Enable overwriting existing files. If set to true it will overwrite an existing file with the same name. If set to false it will fail if there is an existing file with the same name.
+ Enable overwriting existing files, defaults to "false"
+ type: boolean
+ ref:
+ description: |-
+ The name of the commit/branch/tag.
+ The name of the commit/branch/tag
+ type: string
+ repository:
+ description: |-
+ The repository to create the file in.
+ The repository name
+ type: string
+ sha:
+ description: |-
+ The SHA blob of the file.
+ The blob SHA of the file
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: repositoryrulesets.repo.github.upbound.io
+spec:
+ group: repo.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: RepositoryRuleset
+ listKind: RepositoryRulesetList
+ plural: repositoryrulesets
+ singular: repositoryruleset
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: RepositoryRuleset is the Schema for the RepositoryRulesets API.
+ Creates a GitHub repository ruleset.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: RepositoryRulesetSpec defines the desired state of RepositoryRuleset
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ bypassActors:
+ description: |-
+ (Block List) The actors that can bypass the rules in this ruleset. (see below for nested schema)
+ The actors that can bypass the rules in this ruleset.
+ items:
+ properties:
+ actorId:
+ description: |-
+ (Number) The ID of the actor that can bypass a ruleset.
+ The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`.
+ format: int64
+ type: integer
+ actorType:
+ description: |-
+ (String) The type of actor that can bypass a ruleset. Can be one of: RepositoryRole, Team, Integration, OrganizationAdmin.
+ The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.
+ type: string
+ bypassMode:
+ description: |-
+ (String) When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: always, pull_request.
+ When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.
+ type: string
+ type: object
+ type: array
+ conditions:
+ description: |-
+ (Block List, Max: 1) Parameters for a repository ruleset ref name condition. (see below for nested schema)
+ Parameters for a repository ruleset ref name condition.
+ items:
+ properties:
+ refName:
+ description: '(Block List, Min: 1, Max: 1) (see below for
+ nested schema)'
+ items:
+ properties:
+ exclude:
+ description: |-
+ (List of String) Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.
+ Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.
+ items:
+ type: string
+ type: array
+ include:
+ description: |-
+ (List of String) Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts ~DEFAULT_BRANCH to include the default branch or ~ALL to include all branches.
+ Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ type: object
+ type: array
+ enforcement:
+ description: |-
+ (String) Possible values for Enforcement are disabled, active, evaluate. Note: evaluate is currently only supported for owners of type organization.
+ Possible values for Enforcement are `disabled`, `active`, `evaluate`. Note: `evaluate` is currently only supported for owners of type `organization`.
+ type: string
+ name:
+ description: |-
+ (String) The name of the ruleset.
+ The name of the ruleset.
+ type: string
+ repository:
+ description: |-
+ (String) Name of the repository to apply rulset to.
+ Name of the repository to apply rulset to.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ rules:
+ description: |-
+ (Block List, Min: 1, Max: 1) Rules within the ruleset. (see below for nested schema)
+ Rules within the ruleset.
+ items:
+ properties:
+ branchNamePattern:
+ description: |-
+ (Block List, Max: 1) Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with tag_name_pattern as it only applied to rulesets with target branch. (see below for nested schema)
+ Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `tag_name_pattern` as it only applies to rulesets with target `branch`.
+ items:
+ properties:
+ name:
+ description: |-
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ type: string
+ negate:
+ description: |-
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ type: boolean
+ operator:
+ description: |-
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ type: string
+ pattern:
+ description: |-
+ (String) The pattern to match with.
+ The pattern to match with.
+ type: string
+ type: object
+ type: array
+ commitAuthorEmailPattern:
+ description: |-
+ (Block List, Max: 1) Parameters to be used for the commit_author_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
+ Parameters to be used for the commit_author_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.
+ items:
+ properties:
+ name:
+ description: |-
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ type: string
+ negate:
+ description: |-
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ type: boolean
+ operator:
+ description: |-
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ type: string
+ pattern:
+ description: |-
+ (String) The pattern to match with.
+ The pattern to match with.
+ type: string
+ type: object
+ type: array
+ commitMessagePattern:
+ description: |-
+ (Block List, Max: 1) Parameters to be used for the commit_message_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
+ Parameters to be used for the commit_message_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.
+ items:
+ properties:
+ name:
+ description: |-
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ type: string
+ negate:
+ description: |-
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ type: boolean
+ operator:
+ description: |-
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ type: string
+ pattern:
+ description: |-
+ (String) The pattern to match with.
+ The pattern to match with.
+ type: string
+ type: object
+ type: array
+ committerEmailPattern:
+ description: |-
+ (Block List, Max: 1) Parameters to be used for the committer_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
+ Parameters to be used for the committer_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.
+ items:
+ properties:
+ name:
+ description: |-
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ type: string
+ negate:
+ description: |-
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ type: boolean
+ operator:
+ description: |-
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ type: string
+ pattern:
+ description: |-
+ (String) The pattern to match with.
+ The pattern to match with.
+ type: string
+ type: object
+ type: array
+ creation:
+ description: |-
+ (Boolean) Only allow users with bypass permission to create matching refs.
+ Only allow users with bypass permission to create matching refs.
+ type: boolean
+ deletion:
+ description: |-
+ (Boolean) Only allow users with bypass permissions to delete matching refs.
+ Only allow users with bypass permissions to delete matching refs.
+ type: boolean
+ nonFastForward:
+ description: |-
+ (Boolean) Prevent users with push access from force pushing to branches.
+ Prevent users with push access from force pushing to branches.
+ type: boolean
+ pullRequest:
+ description: |-
+ (Block List, Max: 1) Require all commits be made to a non-target branch and submitted via a pull request before they can be merged. (see below for nested schema)
+ Require all commits be made to a non-target branch and submitted via a pull request before they can be merged.
+ items:
+ properties:
+ dismissStaleReviewsOnPush:
+ description: |-
+ (Boolean) New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to false.
+ New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to `false`.
+ type: boolean
+ requireCodeOwnerReview:
+ description: |-
+ (Boolean) Require an approving review in pull requests that modify files that have a designated code owner. Defaults to false.
+ Require an approving review in pull requests that modify files that have a designated code owner. Defaults to `false`.
+ type: boolean
+ requireLastPushApproval:
+ description: |-
+ (Boolean) Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to false.
+ Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to `false`.
+ type: boolean
+ requiredApprovingReviewCount:
+ description: |-
+ (Number) The number of approving reviews that are required before a pull request can be merged. Defaults to 0.
+ The number of approving reviews that are required before a pull request can be merged. Defaults to `0`.
+ format: int64
+ type: integer
+ requiredReviewThreadResolution:
+ description: |-
+ (Boolean) All conversations on code must be resolved before a pull request can be merged. Defaults to false.
+ All conversations on code must be resolved before a pull request can be merged. Defaults to `false`.
+ type: boolean
+ type: object
+ type: array
+ requiredDeployments:
+ description: |-
+ (Block List, Max: 1) Choose which environments must be successfully deployed to before branches can be merged into a branch that matches this rule. (see below for nested schema)
+ Choose which environments must be successfully deployed to before branches can be merged into a branch that matches this rule.
+ items:
+ properties:
+ requiredDeploymentEnvironments:
+ description: |-
+ (List of String) The environments that must be successfully deployed to before branches can be merged.
+ The environments that must be successfully deployed to before branches can be merged.
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ requiredLinearHistory:
+ description: |-
+ (Boolean) Prevent merge commits from being pushed to matching branches.
+ Prevent merge commits from being pushed to matching branches.
+ type: boolean
+ requiredSignatures:
+ description: |-
+ (Boolean) Commits pushed to matching branches must have verified signatures.
+ Commits pushed to matching branches must have verified signatures.
+ type: boolean
+ requiredStatusChecks:
+ description: |-
+ (Block List, Max: 1) Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed. (see below for nested schema)
+ Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed.
+ items:
+ properties:
+ requiredCheck:
+ description: |-
+ (Block Set, Min: 1) Status checks that are required. Several can be defined. (see below for nested schema)
+ Status checks that are required. Several can be defined.
+ items:
+ properties:
+ context:
+ description: |-
+ (String) The status check context name that must be present on the commit.
+ The status check context name that must be present on the commit.
+ type: string
+ integrationId:
+ description: |-
+ (Number) The optional integration ID that this status check must originate from.
+ The optional integration ID that this status check must originate from.
+ format: int64
+ type: integer
+ type: object
+ type: array
+ strictRequiredStatusChecksPolicy:
+ description: |-
+ (Boolean) Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to false.
+ Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to `false`.
+ type: boolean
+ type: object
+ type: array
+ tagNamePattern:
+ description: |-
+ (Block List, Max: 1) Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with branch_name_pattern as it only applied to rulesets with target tag. (see below for nested schema)
+ Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `branch_name_pattern` as it only applies to rulesets with target `tag`.
+ items:
+ properties:
+ name:
+ description: |-
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ type: string
+ negate:
+ description: |-
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ type: boolean
+ operator:
+ description: |-
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ type: string
+ pattern:
+ description: |-
+ (String) The pattern to match with.
+ The pattern to match with.
+ type: string
+ type: object
+ type: array
+ update:
+ description: |-
+ (Boolean) Only allow users with bypass permission to update matching refs.
+ Only allow users with bypass permission to update matching refs.
+ type: boolean
+ updateAllowsFetchAndMerge:
+ description: |-
+ (Boolean) Branch can pull changes from its upstream repository. This is only applicable to forked repositories. Requires update to be set to true. Note: behaviour is affected by a known bug on the GitHub side which may cause issues when using this parameter.
+ Branch can pull changes from its upstream repository. This is only applicable to forked repositories. Requires `update` to be set to `true`.
+ type: boolean
+ type: object
+ type: array
+ target:
+ description: |-
+ (String) Possible values are branch and tag.
+ Possible values are `branch` and `tag`.
+ type: string
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ bypassActors:
+ description: |-
+ (Block List) The actors that can bypass the rules in this ruleset. (see below for nested schema)
+ The actors that can bypass the rules in this ruleset.
+ items:
+ properties:
+ actorId:
+ description: |-
+ (Number) The ID of the actor that can bypass a ruleset.
+ The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`.
+ format: int64
+ type: integer
+ actorType:
+ description: |-
+ (String) The type of actor that can bypass a ruleset. Can be one of: RepositoryRole, Team, Integration, OrganizationAdmin.
+ The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.
+ type: string
+ bypassMode:
+ description: |-
+ (String) When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: always, pull_request.
+ When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.
+ type: string
+ type: object
+ type: array
+ conditions:
+ description: |-
+ (Block List, Max: 1) Parameters for a repository ruleset ref name condition. (see below for nested schema)
+ Parameters for a repository ruleset ref name condition.
+ items:
+ properties:
+ refName:
+ description: '(Block List, Min: 1, Max: 1) (see below for
+ nested schema)'
+ items:
+ properties:
+ exclude:
+ description: |-
+ (List of String) Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.
+ Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.
+ items:
+ type: string
+ type: array
+ include:
+ description: |-
+ (List of String) Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts ~DEFAULT_BRANCH to include the default branch or ~ALL to include all branches.
+ Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ type: object
+ type: array
+ enforcement:
+ description: |-
+ (String) Possible values for Enforcement are disabled, active, evaluate. Note: evaluate is currently only supported for owners of type organization.
+ Possible values for Enforcement are `disabled`, `active`, `evaluate`. Note: `evaluate` is currently only supported for owners of type `organization`.
+ type: string
+ name:
+ description: |-
+ (String) The name of the ruleset.
+ The name of the ruleset.
+ type: string
+ repository:
+ description: |-
+ (String) Name of the repository to apply rulset to.
+ Name of the repository to apply rulset to.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ rules:
+ description: |-
+ (Block List, Min: 1, Max: 1) Rules within the ruleset. (see below for nested schema)
+ Rules within the ruleset.
+ items:
+ properties:
+ branchNamePattern:
+ description: |-
+ (Block List, Max: 1) Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with tag_name_pattern as it only applied to rulesets with target branch. (see below for nested schema)
+ Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `tag_name_pattern` as it only applies to rulesets with target `branch`.
+ items:
+ properties:
+ name:
+ description: |-
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ type: string
+ negate:
+ description: |-
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ type: boolean
+ operator:
+ description: |-
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ type: string
+ pattern:
+ description: |-
+ (String) The pattern to match with.
+ The pattern to match with.
+ type: string
+ type: object
+ type: array
+ commitAuthorEmailPattern:
+ description: |-
+ (Block List, Max: 1) Parameters to be used for the commit_author_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
+ Parameters to be used for the commit_author_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.
+ items:
+ properties:
+ name:
+ description: |-
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ type: string
+ negate:
+ description: |-
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ type: boolean
+ operator:
+ description: |-
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ type: string
+ pattern:
+ description: |-
+ (String) The pattern to match with.
+ The pattern to match with.
+ type: string
+ type: object
+ type: array
+ commitMessagePattern:
+ description: |-
+ (Block List, Max: 1) Parameters to be used for the commit_message_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
+ Parameters to be used for the commit_message_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.
+ items:
+ properties:
+ name:
+ description: |-
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ type: string
+ negate:
+ description: |-
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ type: boolean
+ operator:
+ description: |-
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ type: string
+ pattern:
+ description: |-
+ (String) The pattern to match with.
+ The pattern to match with.
+ type: string
+ type: object
+ type: array
+ committerEmailPattern:
+ description: |-
+ (Block List, Max: 1) Parameters to be used for the committer_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
+ Parameters to be used for the committer_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.
+ items:
+ properties:
+ name:
+ description: |-
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ type: string
+ negate:
+ description: |-
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ type: boolean
+ operator:
+ description: |-
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ type: string
+ pattern:
+ description: |-
+ (String) The pattern to match with.
+ The pattern to match with.
+ type: string
+ type: object
+ type: array
+ creation:
+ description: |-
+ (Boolean) Only allow users with bypass permission to create matching refs.
+ Only allow users with bypass permission to create matching refs.
+ type: boolean
+ deletion:
+ description: |-
+ (Boolean) Only allow users with bypass permissions to delete matching refs.
+ Only allow users with bypass permissions to delete matching refs.
+ type: boolean
+ nonFastForward:
+ description: |-
+ (Boolean) Prevent users with push access from force pushing to branches.
+ Prevent users with push access from force pushing to branches.
+ type: boolean
+ pullRequest:
+ description: |-
+ (Block List, Max: 1) Require all commits be made to a non-target branch and submitted via a pull request before they can be merged. (see below for nested schema)
+ Require all commits be made to a non-target branch and submitted via a pull request before they can be merged.
+ items:
+ properties:
+ dismissStaleReviewsOnPush:
+ description: |-
+ (Boolean) New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to false.
+ New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to `false`.
+ type: boolean
+ requireCodeOwnerReview:
+ description: |-
+ (Boolean) Require an approving review in pull requests that modify files that have a designated code owner. Defaults to false.
+ Require an approving review in pull requests that modify files that have a designated code owner. Defaults to `false`.
+ type: boolean
+ requireLastPushApproval:
+ description: |-
+ (Boolean) Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to false.
+ Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to `false`.
+ type: boolean
+ requiredApprovingReviewCount:
+ description: |-
+ (Number) The number of approving reviews that are required before a pull request can be merged. Defaults to 0.
+ The number of approving reviews that are required before a pull request can be merged. Defaults to `0`.
+ format: int64
+ type: integer
+ requiredReviewThreadResolution:
+ description: |-
+ (Boolean) All conversations on code must be resolved before a pull request can be merged. Defaults to false.
+ All conversations on code must be resolved before a pull request can be merged. Defaults to `false`.
+ type: boolean
+ type: object
+ type: array
+ requiredDeployments:
+ description: |-
+ (Block List, Max: 1) Choose which environments must be successfully deployed to before branches can be merged into a branch that matches this rule. (see below for nested schema)
+ Choose which environments must be successfully deployed to before branches can be merged into a branch that matches this rule.
+ items:
+ properties:
+ requiredDeploymentEnvironments:
+ description: |-
+ (List of String) The environments that must be successfully deployed to before branches can be merged.
+ The environments that must be successfully deployed to before branches can be merged.
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ requiredLinearHistory:
+ description: |-
+ (Boolean) Prevent merge commits from being pushed to matching branches.
+ Prevent merge commits from being pushed to matching branches.
+ type: boolean
+ requiredSignatures:
+ description: |-
+ (Boolean) Commits pushed to matching branches must have verified signatures.
+ Commits pushed to matching branches must have verified signatures.
+ type: boolean
+ requiredStatusChecks:
+ description: |-
+ (Block List, Max: 1) Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed. (see below for nested schema)
+ Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed.
+ items:
+ properties:
+ requiredCheck:
+ description: |-
+ (Block Set, Min: 1) Status checks that are required. Several can be defined. (see below for nested schema)
+ Status checks that are required. Several can be defined.
+ items:
+ properties:
+ context:
+ description: |-
+ (String) The status check context name that must be present on the commit.
+ The status check context name that must be present on the commit.
+ type: string
+ integrationId:
+ description: |-
+ (Number) The optional integration ID that this status check must originate from.
+ The optional integration ID that this status check must originate from.
+ format: int64
+ type: integer
+ type: object
+ type: array
+ strictRequiredStatusChecksPolicy:
+ description: |-
+ (Boolean) Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to false.
+ Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to `false`.
+ type: boolean
+ type: object
+ type: array
+ tagNamePattern:
+ description: |-
+ (Block List, Max: 1) Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with branch_name_pattern as it only applied to rulesets with target tag. (see below for nested schema)
+ Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `branch_name_pattern` as it only applies to rulesets with target `tag`.
+ items:
+ properties:
+ name:
+ description: |-
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ type: string
+ negate:
+ description: |-
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ type: boolean
+ operator:
+ description: |-
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ type: string
+ pattern:
+ description: |-
+ (String) The pattern to match with.
+ The pattern to match with.
+ type: string
+ type: object
+ type: array
+ update:
+ description: |-
+ (Boolean) Only allow users with bypass permission to update matching refs.
+ Only allow users with bypass permission to update matching refs.
+ type: boolean
+ updateAllowsFetchAndMerge:
+ description: |-
+ (Boolean) Branch can pull changes from its upstream repository. This is only applicable to forked repositories. Requires update to be set to true. Note: behaviour is affected by a known bug on the GitHub side which may cause issues when using this parameter.
+ Branch can pull changes from its upstream repository. This is only applicable to forked repositories. Requires `update` to be set to `true`.
+ type: boolean
+ type: object
+ type: array
+ target:
+ description: |-
+ (String) Possible values are branch and tag.
+ Possible values are `branch` and `tag`.
+ type: string
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: RepositoryRulesetStatus defines the observed state of RepositoryRuleset.
+ properties:
+ atProvider:
+ properties:
+ bypassActors:
+ description: |-
+ (Block List) The actors that can bypass the rules in this ruleset. (see below for nested schema)
+ The actors that can bypass the rules in this ruleset.
+ items:
+ properties:
+ actorId:
+ description: |-
+ (Number) The ID of the actor that can bypass a ruleset.
+ The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`.
+ format: int64
+ type: integer
+ actorType:
+ description: |-
+ (String) The type of actor that can bypass a ruleset. Can be one of: RepositoryRole, Team, Integration, OrganizationAdmin.
+ The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.
+ type: string
+ bypassMode:
+ description: |-
+ (String) When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: always, pull_request.
+ When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.
+ type: string
+ type: object
+ type: array
+ conditions:
+ description: |-
+ (Block List, Max: 1) Parameters for a repository ruleset ref name condition. (see below for nested schema)
+ Parameters for a repository ruleset ref name condition.
+ items:
+ properties:
+ refName:
+ description: '(Block List, Min: 1, Max: 1) (see below for
+ nested schema)'
+ items:
+ properties:
+ exclude:
+ description: |-
+ (List of String) Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.
+ Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.
+ items:
+ type: string
+ type: array
+ include:
+ description: |-
+ (List of String) Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts ~DEFAULT_BRANCH to include the default branch or ~ALL to include all branches.
+ Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ type: object
+ type: array
+ enforcement:
+ description: |-
+ (String) Possible values for Enforcement are disabled, active, evaluate. Note: evaluate is currently only supported for owners of type organization.
+ Possible values for Enforcement are `disabled`, `active`, `evaluate`. Note: `evaluate` is currently only supported for owners of type `organization`.
+ type: string
+ etag:
+ description: (String)
+ type: string
+ id:
+ type: string
+ name:
+ description: |-
+ (String) The name of the ruleset.
+ The name of the ruleset.
+ type: string
+ nodeId:
+ description: |-
+ (String) GraphQL global node id for use with v4 API.
+ GraphQL global node id for use with v4 API.
+ type: string
+ repository:
+ description: |-
+ (String) Name of the repository to apply rulset to.
+ Name of the repository to apply rulset to.
+ type: string
+ rules:
+ description: |-
+ (Block List, Min: 1, Max: 1) Rules within the ruleset. (see below for nested schema)
+ Rules within the ruleset.
+ items:
+ properties:
+ branchNamePattern:
+ description: |-
+ (Block List, Max: 1) Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with tag_name_pattern as it only applied to rulesets with target branch. (see below for nested schema)
+ Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `tag_name_pattern` as it only applies to rulesets with target `branch`.
+ items:
+ properties:
+ name:
+ description: |-
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ type: string
+ negate:
+ description: |-
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ type: boolean
+ operator:
+ description: |-
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ type: string
+ pattern:
+ description: |-
+ (String) The pattern to match with.
+ The pattern to match with.
+ type: string
+ type: object
+ type: array
+ commitAuthorEmailPattern:
+ description: |-
+ (Block List, Max: 1) Parameters to be used for the commit_author_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
+ Parameters to be used for the commit_author_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.
+ items:
+ properties:
+ name:
+ description: |-
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ type: string
+ negate:
+ description: |-
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ type: boolean
+ operator:
+ description: |-
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ type: string
+ pattern:
+ description: |-
+ (String) The pattern to match with.
+ The pattern to match with.
+ type: string
+ type: object
+ type: array
+ commitMessagePattern:
+ description: |-
+ (Block List, Max: 1) Parameters to be used for the commit_message_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
+ Parameters to be used for the commit_message_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.
+ items:
+ properties:
+ name:
+ description: |-
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ type: string
+ negate:
+ description: |-
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ type: boolean
+ operator:
+ description: |-
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ type: string
+ pattern:
+ description: |-
+ (String) The pattern to match with.
+ The pattern to match with.
+ type: string
+ type: object
+ type: array
+ committerEmailPattern:
+ description: |-
+ (Block List, Max: 1) Parameters to be used for the committer_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
+ Parameters to be used for the committer_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.
+ items:
+ properties:
+ name:
+ description: |-
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ type: string
+ negate:
+ description: |-
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ type: boolean
+ operator:
+ description: |-
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ type: string
+ pattern:
+ description: |-
+ (String) The pattern to match with.
+ The pattern to match with.
+ type: string
+ type: object
+ type: array
+ creation:
+ description: |-
+ (Boolean) Only allow users with bypass permission to create matching refs.
+ Only allow users with bypass permission to create matching refs.
+ type: boolean
+ deletion:
+ description: |-
+ (Boolean) Only allow users with bypass permissions to delete matching refs.
+ Only allow users with bypass permissions to delete matching refs.
+ type: boolean
+ nonFastForward:
+ description: |-
+ (Boolean) Prevent users with push access from force pushing to branches.
+ Prevent users with push access from force pushing to branches.
+ type: boolean
+ pullRequest:
+ description: |-
+ (Block List, Max: 1) Require all commits be made to a non-target branch and submitted via a pull request before they can be merged. (see below for nested schema)
+ Require all commits be made to a non-target branch and submitted via a pull request before they can be merged.
+ items:
+ properties:
+ dismissStaleReviewsOnPush:
+ description: |-
+ (Boolean) New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to false.
+ New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to `false`.
+ type: boolean
+ requireCodeOwnerReview:
+ description: |-
+ (Boolean) Require an approving review in pull requests that modify files that have a designated code owner. Defaults to false.
+ Require an approving review in pull requests that modify files that have a designated code owner. Defaults to `false`.
+ type: boolean
+ requireLastPushApproval:
+ description: |-
+ (Boolean) Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to false.
+ Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to `false`.
+ type: boolean
+ requiredApprovingReviewCount:
+ description: |-
+ (Number) The number of approving reviews that are required before a pull request can be merged. Defaults to 0.
+ The number of approving reviews that are required before a pull request can be merged. Defaults to `0`.
+ format: int64
+ type: integer
+ requiredReviewThreadResolution:
+ description: |-
+ (Boolean) All conversations on code must be resolved before a pull request can be merged. Defaults to false.
+ All conversations on code must be resolved before a pull request can be merged. Defaults to `false`.
+ type: boolean
+ type: object
+ type: array
+ requiredDeployments:
+ description: |-
+ (Block List, Max: 1) Choose which environments must be successfully deployed to before branches can be merged into a branch that matches this rule. (see below for nested schema)
+ Choose which environments must be successfully deployed to before branches can be merged into a branch that matches this rule.
+ items:
+ properties:
+ requiredDeploymentEnvironments:
+ description: |-
+ (List of String) The environments that must be successfully deployed to before branches can be merged.
+ The environments that must be successfully deployed to before branches can be merged.
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ requiredLinearHistory:
+ description: |-
+ (Boolean) Prevent merge commits from being pushed to matching branches.
+ Prevent merge commits from being pushed to matching branches.
+ type: boolean
+ requiredSignatures:
+ description: |-
+ (Boolean) Commits pushed to matching branches must have verified signatures.
+ Commits pushed to matching branches must have verified signatures.
+ type: boolean
+ requiredStatusChecks:
+ description: |-
+ (Block List, Max: 1) Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed. (see below for nested schema)
+ Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed.
+ items:
+ properties:
+ requiredCheck:
+ description: |-
+ (Block Set, Min: 1) Status checks that are required. Several can be defined. (see below for nested schema)
+ Status checks that are required. Several can be defined.
+ items:
+ properties:
+ context:
+ description: |-
+ (String) The status check context name that must be present on the commit.
+ The status check context name that must be present on the commit.
+ type: string
+ integrationId:
+ description: |-
+ (Number) The optional integration ID that this status check must originate from.
+ The optional integration ID that this status check must originate from.
+ format: int64
+ type: integer
+ type: object
+ type: array
+ strictRequiredStatusChecksPolicy:
+ description: |-
+ (Boolean) Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to false.
+ Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to `false`.
+ type: boolean
+ type: object
+ type: array
+ tagNamePattern:
+ description: |-
+ (Block List, Max: 1) Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with branch_name_pattern as it only applied to rulesets with target tag. (see below for nested schema)
+ Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `branch_name_pattern` as it only applies to rulesets with target `tag`.
+ items:
+ properties:
+ name:
+ description: |-
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ type: string
+ negate:
+ description: |-
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ type: boolean
+ operator:
+ description: |-
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ type: string
+ pattern:
+ description: |-
+ (String) The pattern to match with.
+ The pattern to match with.
+ type: string
+ type: object
+ type: array
+ update:
+ description: |-
+ (Boolean) Only allow users with bypass permission to update matching refs.
+ Only allow users with bypass permission to update matching refs.
+ type: boolean
+ updateAllowsFetchAndMerge:
+ description: |-
+ (Boolean) Branch can pull changes from its upstream repository. This is only applicable to forked repositories. Requires update to be set to true. Note: behaviour is affected by a known bug on the GitHub side which may cause issues when using this parameter.
+ Branch can pull changes from its upstream repository. This is only applicable to forked repositories. Requires `update` to be set to `true`.
+ type: boolean
+ type: object
+ type: array
+ rulesetId:
+ description: |-
+ (Number) GitHub ID for the ruleset.
+ GitHub ID for the ruleset.
+ format: int64
+ type: integer
+ target:
+ description: |-
+ (String) Possible values are branch and tag.
+ Possible values are `branch` and `tag`.
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: repositorywebhooks.repo.github.upbound.io
+spec:
+ group: repo.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: RepositoryWebhook
+ listKind: RepositoryWebhookList
+ plural: repositorywebhooks
+ singular: repositorywebhook
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: RepositoryWebhook is the Schema for the RepositoryWebhooks API.
+ Creates and manages repository webhooks within GitHub organizations or personal
+ accounts
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: RepositoryWebhookSpec defines the desired state of RepositoryWebhook
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ active:
+ description: |-
+ Indicate if the webhook should receive events. Defaults to true.
+ Indicate if the webhook should receive events. Defaults to 'true'.
+ type: boolean
+ configuration:
+ description: |-
+ Configuration block for the webhook. Detailed below.
+ Configuration for the webhook.
+ items:
+ properties:
+ contentType:
+ description: |-
+ The content type for the payload. Valid values are either form or json.
+ The content type for the payload. Valid values are either 'form' or 'json'.
+ type: string
+ insecureSsl:
+ description: |-
+ Insecure SSL boolean toggle. Defaults to false.
+ Insecure SSL boolean toggle. Defaults to 'false'.
+ type: boolean
+ secretSecretRef:
+ description: |-
+ The shared secret for the webhook. See API documentation.
+ The shared secret for the webhook
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ urlSecretRef:
+ description: |-
+ The URL of the webhook.
+ The URL of the webhook.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ type: object
+ type: array
+ events:
+ description: |-
+ A list of events which should trigger the webhook. See a list of available events.
+ A list of events which should trigger the webhook
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ repository:
+ description: |-
+ The repository of the webhook.
+ The repository of the webhook.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ active:
+ description: |-
+ Indicate if the webhook should receive events. Defaults to true.
+ Indicate if the webhook should receive events. Defaults to 'true'.
+ type: boolean
+ configuration:
+ description: |-
+ Configuration block for the webhook. Detailed below.
+ Configuration for the webhook.
+ items:
+ properties:
+ contentType:
+ description: |-
+ The content type for the payload. Valid values are either form or json.
+ The content type for the payload. Valid values are either 'form' or 'json'.
+ type: string
+ insecureSsl:
+ description: |-
+ Insecure SSL boolean toggle. Defaults to false.
+ Insecure SSL boolean toggle. Defaults to 'false'.
+ type: boolean
+ secretSecretRef:
+ description: |-
+ The shared secret for the webhook. See API documentation.
+ The shared secret for the webhook
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ urlSecretRef:
+ description: |-
+ The URL of the webhook.
+ The URL of the webhook.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ required:
+ - urlSecretRef
+ type: object
+ type: array
+ events:
+ description: |-
+ A list of events which should trigger the webhook. See a list of available events.
+ A list of events which should trigger the webhook
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ repository:
+ description: |-
+ The repository of the webhook.
+ The repository of the webhook.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: RepositoryWebhookStatus defines the observed state of RepositoryWebhook.
+ properties:
+ atProvider:
+ properties:
+ active:
+ description: |-
+ Indicate if the webhook should receive events. Defaults to true.
+ Indicate if the webhook should receive events. Defaults to 'true'.
+ type: boolean
+ configuration:
+ description: |-
+ Configuration block for the webhook. Detailed below.
+ Configuration for the webhook.
+ items:
+ properties:
+ contentType:
+ description: |-
+ The content type for the payload. Valid values are either form or json.
+ The content type for the payload. Valid values are either 'form' or 'json'.
+ type: string
+ insecureSsl:
+ description: |-
+ Insecure SSL boolean toggle. Defaults to false.
+ Insecure SSL boolean toggle. Defaults to 'false'.
+ type: boolean
+ type: object
+ type: array
+ etag:
+ type: string
+ events:
+ description: |-
+ A list of events which should trigger the webhook. See a list of available events.
+ A list of events which should trigger the webhook
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ id:
+ type: string
+ repository:
+ description: |-
+ The repository of the webhook.
+ The repository of the webhook.
+ type: string
+ url:
+ description: |-
+ URL of the webhook. This is a sensitive attribute because it may include basic auth credentials.
+ Configuration block for the webhook
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: tagprotections.repo.github.upbound.io
+spec:
+ group: repo.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: TagProtection
+ listKind: TagProtectionList
+ plural: tagprotections
+ singular: tagprotection
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: TagProtection is the Schema for the TagProtections API. Creates
+ and manages repository tag protection within GitHub organizations or personal
+ accounts
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: TagProtectionSpec defines the desired state of TagProtection
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ pattern:
+ description: |-
+ The pattern of the tag to protect.
+ The pattern of the tag to protect.
+ type: string
+ repository:
+ description: |-
+ Name of the repository to add the tag protection to.
+ Name of the repository to add the tag protection to.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ pattern:
+ description: |-
+ The pattern of the tag to protect.
+ The pattern of the tag to protect.
+ type: string
+ repository:
+ description: |-
+ Name of the repository to add the tag protection to.
+ Name of the repository to add the tag protection to.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: TagProtectionStatus defines the observed state of TagProtection.
+ properties:
+ atProvider:
+ properties:
+ id:
+ description: The ID of the tag protection.
+ type: string
+ pattern:
+ description: |-
+ The pattern of the tag to protect.
+ The pattern of the tag to protect.
+ type: string
+ repository:
+ description: |-
+ Name of the repository to add the tag protection to.
+ Name of the repository to add the tag protection to.
+ type: string
+ tagProtectionId:
+ description: |-
+ The ID of the tag protection.
+ The ID of the tag protection.
+ format: int64
+ type: integer
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: emugroupmappings.team.github.upbound.io
+spec:
+ group: team.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: EmuGroupMapping
+ listKind: EmuGroupMappingList
+ plural: emugroupmappings
+ singular: emugroupmapping
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: EmuGroupMapping is the Schema for the EmuGroupMappings API. Manages
+ mappings between external groups for enterprise managed users.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: EmuGroupMappingSpec defines the desired state of EmuGroupMapping
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ groupId:
+ description: |-
+ Integer corresponding to the external group ID to be linked
+ Integer corresponding to the external group ID to be linked.
+ format: int64
+ type: integer
+ teamSlug:
+ description: |-
+ Slug of the GitHub team
+ Slug of the GitHub team.
+ type: string
+ teamSlugRef:
+ description: Reference to a Team in team to populate teamSlug.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ teamSlugSelector:
+ description: Selector for a Team in team to populate teamSlug.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ groupId:
+ description: |-
+ Integer corresponding to the external group ID to be linked
+ Integer corresponding to the external group ID to be linked.
+ format: int64
+ type: integer
+ teamSlug:
+ description: |-
+ Slug of the GitHub team
+ Slug of the GitHub team.
+ type: string
+ teamSlugRef:
+ description: Reference to a Team in team to populate teamSlug.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ teamSlugSelector:
+ description: Selector for a Team in team to populate teamSlug.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: EmuGroupMappingStatus defines the observed state of EmuGroupMapping.
+ properties:
+ atProvider:
+ properties:
+ etag:
+ type: string
+ groupId:
+ description: |-
+ Integer corresponding to the external group ID to be linked
+ Integer corresponding to the external group ID to be linked.
+ format: int64
+ type: integer
+ id:
+ type: string
+ teamSlug:
+ description: |-
+ Slug of the GitHub team
+ Slug of the GitHub team.
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: members.team.github.upbound.io
+spec:
+ group: team.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: Members
+ listKind: MembersList
+ plural: members
+ singular: members
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: Members is the Schema for the Memberss API. Provides an authoritative
+ GitHub team members resource.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MembersSpec defines the desired state of Members
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ members:
+ description: |-
+ List of team members. See Members below for details.
+ List of team members.
+ items:
+ properties:
+ role:
+ description: |-
+ The role of the user within the team.
+ Must be one of member or maintainer. Defaults to member.
+ The role of the user within the team. Must be one of 'member' or 'maintainer'.
+ type: string
+ username:
+ description: |-
+ The user to add to the team.
+ The user to add to the team.
+ type: string
+ type: object
+ type: array
+ teamId:
+ description: |-
+ The team id or the team slug
+ The GitHub team id or slug
+ type: string
+ teamIdRef:
+ description: Reference to a Team in team to populate teamId.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ teamIdSelector:
+ description: Selector for a Team in team to populate teamId.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ members:
+ description: |-
+ List of team members. See Members below for details.
+ List of team members.
+ items:
+ properties:
+ role:
+ description: |-
+ The role of the user within the team.
+ Must be one of member or maintainer. Defaults to member.
+ The role of the user within the team. Must be one of 'member' or 'maintainer'.
+ type: string
+ username:
+ description: |-
+ The user to add to the team.
+ The user to add to the team.
+ type: string
+ type: object
+ type: array
+ teamId:
+ description: |-
+ The team id or the team slug
+ The GitHub team id or slug
+ type: string
+ teamIdRef:
+ description: Reference to a Team in team to populate teamId.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ teamIdSelector:
+ description: Selector for a Team in team to populate teamId.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: MembersStatus defines the observed state of Members.
+ properties:
+ atProvider:
+ properties:
+ id:
+ type: string
+ members:
+ description: |-
+ List of team members. See Members below for details.
+ List of team members.
+ items:
+ properties:
+ role:
+ description: |-
+ The role of the user within the team.
+ Must be one of member or maintainer. Defaults to member.
+ The role of the user within the team. Must be one of 'member' or 'maintainer'.
+ type: string
+ username:
+ description: |-
+ The user to add to the team.
+ The user to add to the team.
+ type: string
+ type: object
+ type: array
+ teamId:
+ description: |-
+ The team id or the team slug
+ The GitHub team id or slug
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: teams.team.github.upbound.io
+spec:
+ group: team.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: Team
+ listKind: TeamList
+ plural: teams
+ singular: team
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: Team is the Schema for the Teams API. Provides a GitHub team
+ resource.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: TeamSpec defines the desired state of Team
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ createDefaultMaintainer:
+ description: |-
+ Adds a default maintainer to the team. Defaults to false and adds the creating user to the team when true.
+ Adds a default maintainer to the team. Adds the creating user to the team when 'true'.
+ type: boolean
+ description:
+ description: |-
+ A description of the team.
+ A description of the team.
+ type: string
+ ldapDn:
+ description: |-
+ The LDAP Distinguished Name of the group where membership will be synchronized. Only available in GitHub Enterprise Server.
+ The LDAP Distinguished Name of the group where membership will be synchronized. Only available in GitHub Enterprise Server.
+ type: string
+ name:
+ description: |-
+ The name of the team.
+ The name of the team.
+ type: string
+ parentTeamId:
+ description: |-
+ The ID or slug of the parent team, if this is a nested team.
+ The ID or slug of the parent team, if this is a nested team.
+ type: string
+ parentTeamReadId:
+ description: |-
+ The ID of the created team.
+ The id of the parent team read in Github.
+ type: string
+ parentTeamReadSlug:
+ description: |-
+ The slug of the created team, which may or may not differ from name,
+ depending on whether name contains "URL-unsafe" characters.
+ Useful when referencing the team in github_branch_protection.
+ The id of the parent team read in Github.
+ type: string
+ privacy:
+ description: |-
+ The level of privacy for the team. Must be one of secret or closed.
+ Defaults to secret.
+ The level of privacy for the team. Must be one of 'secret' or 'closed'.
+ type: string
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ createDefaultMaintainer:
+ description: |-
+ Adds a default maintainer to the team. Defaults to false and adds the creating user to the team when true.
+ Adds a default maintainer to the team. Adds the creating user to the team when 'true'.
+ type: boolean
+ description:
+ description: |-
+ A description of the team.
+ A description of the team.
+ type: string
+ ldapDn:
+ description: |-
+ The LDAP Distinguished Name of the group where membership will be synchronized. Only available in GitHub Enterprise Server.
+ The LDAP Distinguished Name of the group where membership will be synchronized. Only available in GitHub Enterprise Server.
+ type: string
+ name:
+ description: |-
+ The name of the team.
+ The name of the team.
+ type: string
+ parentTeamId:
+ description: |-
+ The ID or slug of the parent team, if this is a nested team.
+ The ID or slug of the parent team, if this is a nested team.
+ type: string
+ parentTeamReadId:
+ description: |-
+ The ID of the created team.
+ The id of the parent team read in Github.
+ type: string
+ parentTeamReadSlug:
+ description: |-
+ The slug of the created team, which may or may not differ from name,
+ depending on whether name contains "URL-unsafe" characters.
+ Useful when referencing the team in github_branch_protection.
+ The id of the parent team read in Github.
+ type: string
+ privacy:
+ description: |-
+ The level of privacy for the team. Must be one of secret or closed.
+ Defaults to secret.
+ The level of privacy for the team. Must be one of 'secret' or 'closed'.
+ type: string
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: TeamStatus defines the observed state of Team.
+ properties:
+ atProvider:
+ properties:
+ createDefaultMaintainer:
+ description: |-
+ Adds a default maintainer to the team. Defaults to false and adds the creating user to the team when true.
+ Adds a default maintainer to the team. Adds the creating user to the team when 'true'.
+ type: boolean
+ description:
+ description: |-
+ A description of the team.
+ A description of the team.
+ type: string
+ etag:
+ type: string
+ id:
+ description: The ID of the created team.
+ type: string
+ ldapDn:
+ description: |-
+ The LDAP Distinguished Name of the group where membership will be synchronized. Only available in GitHub Enterprise Server.
+ The LDAP Distinguished Name of the group where membership will be synchronized. Only available in GitHub Enterprise Server.
+ type: string
+ membersCount:
+ format: int64
+ type: integer
+ name:
+ description: |-
+ The name of the team.
+ The name of the team.
+ type: string
+ nodeId:
+ description: |-
+ The Node ID of the created team.
+ The Node ID of the created team.
+ type: string
+ parentTeamId:
+ description: |-
+ The ID or slug of the parent team, if this is a nested team.
+ The ID or slug of the parent team, if this is a nested team.
+ type: string
+ parentTeamReadId:
+ description: |-
+ The ID of the created team.
+ The id of the parent team read in Github.
+ type: string
+ parentTeamReadSlug:
+ description: |-
+ The slug of the created team, which may or may not differ from name,
+ depending on whether name contains "URL-unsafe" characters.
+ Useful when referencing the team in github_branch_protection.
+ The id of the parent team read in Github.
+ type: string
+ privacy:
+ description: |-
+ The level of privacy for the team. Must be one of secret or closed.
+ Defaults to secret.
+ The level of privacy for the team. Must be one of 'secret' or 'closed'.
+ type: string
+ slug:
+ description: |-
+ The slug of the created team, which may or may not differ from name,
+ depending on whether name contains "URL-unsafe" characters.
+ Useful when referencing the team in github_branch_protection.
+ The slug of the created team.
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: teammemberships.team.github.upbound.io
+spec:
+ group: team.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: TeamMembership
+ listKind: TeamMembershipList
+ plural: teammemberships
+ singular: teammembership
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: TeamMembership is the Schema for the TeamMemberships API. Provides
+ a GitHub team membership resource.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: TeamMembershipSpec defines the desired state of TeamMembership
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ role:
+ description: |-
+ The role of the user within the team.
+ Must be one of member or maintainer. Defaults to member.
+ The role of the user within the team. Must be one of 'member' or 'maintainer'.
+ type: string
+ teamId:
+ description: |-
+ The GitHub team id or the GitHub team slug
+ The GitHub team id or the GitHub team slug.
+ type: string
+ teamIdRef:
+ description: Reference to a Team in team to populate teamId.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ teamIdSelector:
+ description: Selector for a Team in team to populate teamId.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ username:
+ description: |-
+ The user to add to the team.
+ The user to add to the team.
+ type: string
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ role:
+ description: |-
+ The role of the user within the team.
+ Must be one of member or maintainer. Defaults to member.
+ The role of the user within the team. Must be one of 'member' or 'maintainer'.
+ type: string
+ teamId:
+ description: |-
+ The GitHub team id or the GitHub team slug
+ The GitHub team id or the GitHub team slug.
+ type: string
+ teamIdRef:
+ description: Reference to a Team in team to populate teamId.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ teamIdSelector:
+ description: Selector for a Team in team to populate teamId.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ username:
+ description: |-
+ The user to add to the team.
+ The user to add to the team.
+ type: string
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: TeamMembershipStatus defines the observed state of TeamMembership.
+ properties:
+ atProvider:
+ properties:
+ etag:
+ type: string
+ id:
+ type: string
+ role:
+ description: |-
+ The role of the user within the team.
+ Must be one of member or maintainer. Defaults to member.
+ The role of the user within the team. Must be one of 'member' or 'maintainer'.
+ type: string
+ teamId:
+ description: |-
+ The GitHub team id or the GitHub team slug
+ The GitHub team id or the GitHub team slug.
+ type: string
+ username:
+ description: |-
+ The user to add to the team.
+ The user to add to the team.
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: teamrepositories.team.github.upbound.io
+spec:
+ group: team.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: TeamRepository
+ listKind: TeamRepositoryList
+ plural: teamrepositories
+ singular: teamrepository
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: TeamRepository is the Schema for the TeamRepositorys API. Manages
+ the associations between teams and repositories.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: TeamRepositorySpec defines the desired state of TeamRepository
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ permission:
+ description: |-
+ The permissions of team members regarding the repository.
+ Must be one of pull, triage, push, maintain, admin or the name of an existing custom repository role within the organisation. Defaults to pull.
+ The permissions of team members regarding the repository. Must be one of 'pull', 'triage', 'push', 'maintain', 'admin' or the name of an existing custom repository role within the organisation.
+ type: string
+ repository:
+ description: |-
+ The repository to add to the team.
+ The repository to add to the team.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ teamId:
+ description: |-
+ The GitHub team id or the GitHub team slug
+ ID or slug of team
+ type: string
+ teamIdRef:
+ description: Reference to a Team in team to populate teamId.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ teamIdSelector:
+ description: Selector for a Team in team to populate teamId.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ permission:
+ description: |-
+ The permissions of team members regarding the repository.
+ Must be one of pull, triage, push, maintain, admin or the name of an existing custom repository role within the organisation. Defaults to pull.
+ The permissions of team members regarding the repository. Must be one of 'pull', 'triage', 'push', 'maintain', 'admin' or the name of an existing custom repository role within the organisation.
+ type: string
+ repository:
+ description: |-
+ The repository to add to the team.
+ The repository to add to the team.
+ type: string
+ repositoryRef:
+ description: Reference to a Repository in repo to populate repository.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ repositorySelector:
+ description: Selector for a Repository in repo to populate repository.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ teamId:
+ description: |-
+ The GitHub team id or the GitHub team slug
+ ID or slug of team
+ type: string
+ teamIdRef:
+ description: Reference to a Team in team to populate teamId.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ teamIdSelector:
+ description: Selector for a Team in team to populate teamId.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: TeamRepositoryStatus defines the observed state of TeamRepository.
+ properties:
+ atProvider:
+ properties:
+ etag:
+ type: string
+ id:
+ type: string
+ permission:
+ description: |-
+ The permissions of team members regarding the repository.
+ Must be one of pull, triage, push, maintain, admin or the name of an existing custom repository role within the organisation. Defaults to pull.
+ The permissions of team members regarding the repository. Must be one of 'pull', 'triage', 'push', 'maintain', 'admin' or the name of an existing custom repository role within the organisation.
+ type: string
+ repository:
+ description: |-
+ The repository to add to the team.
+ The repository to add to the team.
+ type: string
+ teamId:
+ description: |-
+ The GitHub team id or the GitHub team slug
+ ID or slug of team
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: teamsettings.team.github.upbound.io
+spec:
+ group: team.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: TeamSettings
+ listKind: TeamSettingsList
+ plural: teamsettings
+ singular: teamsettings
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: TeamSettings is the Schema for the TeamSettingss API. Manages
+ the team settings (in particular the request review delegation settings)
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: TeamSettingsSpec defines the desired state of TeamSettings
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ reviewRequestDelegation:
+ description: |-
+ The settings for delegating code reviews to individuals on behalf of the team. If this block is present, even without any fields, then review request delegation will be enabled for the team. See GitHub Review Request Delegation below for details. See GitHub's documentation for more configuration details.
+ The settings for delegating code reviews to individuals on behalf of the team. If this block is present, even without any fields, then review request delegation will be enabled for the team.
+ items:
+ properties:
+ algorithm:
+ description: |-
+ The algorithm to use when assigning pull requests to team members. Supported values are ROUND_ROBIN and LOAD_BALANCE. Default value is ROUND_ROBIN
+ The algorithm to use when assigning pull requests to team members. Supported values are 'ROUND_ROBIN' and 'LOAD_BALANCE'.
+ type: string
+ memberCount:
+ description: |-
+ The number of team members to assign to a pull request
+ The number of team members to assign to a pull request.
+ format: int64
+ type: integer
+ notify:
+ description: |-
+ whether to notify the entire team when at least one member is also assigned to the pull request
+ whether to notify the entire team when at least one member is also assigned to the pull request.
+ type: boolean
+ type: object
+ type: array
+ teamId:
+ description: |-
+ The GitHub team id or the GitHub team slug
+ The GitHub team id or the GitHub team slug.
+ type: string
+ teamIdRef:
+ description: Reference to a Team in team to populate teamId.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ teamIdSelector:
+ description: Selector for a Team in team to populate teamId.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ reviewRequestDelegation:
+ description: |-
+ The settings for delegating code reviews to individuals on behalf of the team. If this block is present, even without any fields, then review request delegation will be enabled for the team. See GitHub Review Request Delegation below for details. See GitHub's documentation for more configuration details.
+ The settings for delegating code reviews to individuals on behalf of the team. If this block is present, even without any fields, then review request delegation will be enabled for the team.
+ items:
+ properties:
+ algorithm:
+ description: |-
+ The algorithm to use when assigning pull requests to team members. Supported values are ROUND_ROBIN and LOAD_BALANCE. Default value is ROUND_ROBIN
+ The algorithm to use when assigning pull requests to team members. Supported values are 'ROUND_ROBIN' and 'LOAD_BALANCE'.
+ type: string
+ memberCount:
+ description: |-
+ The number of team members to assign to a pull request
+ The number of team members to assign to a pull request.
+ format: int64
+ type: integer
+ notify:
+ description: |-
+ whether to notify the entire team when at least one member is also assigned to the pull request
+ whether to notify the entire team when at least one member is also assigned to the pull request.
+ type: boolean
+ type: object
+ type: array
+ teamId:
+ description: |-
+ The GitHub team id or the GitHub team slug
+ The GitHub team id or the GitHub team slug.
+ type: string
+ teamIdRef:
+ description: Reference to a Team in team to populate teamId.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ teamIdSelector:
+ description: Selector for a Team in team to populate teamId.
+ properties:
+ matchControllerRef:
+ description: |-
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ type: boolean
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels ensures an object with matching labels
+ is selected.
+ type: object
+ policy:
+ description: Policies for selection.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ type: object
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: TeamSettingsStatus defines the observed state of TeamSettings.
+ properties:
+ atProvider:
+ properties:
+ id:
+ type: string
+ reviewRequestDelegation:
+ description: |-
+ The settings for delegating code reviews to individuals on behalf of the team. If this block is present, even without any fields, then review request delegation will be enabled for the team. See GitHub Review Request Delegation below for details. See GitHub's documentation for more configuration details.
+ The settings for delegating code reviews to individuals on behalf of the team. If this block is present, even without any fields, then review request delegation will be enabled for the team.
+ items:
+ properties:
+ algorithm:
+ description: |-
+ The algorithm to use when assigning pull requests to team members. Supported values are ROUND_ROBIN and LOAD_BALANCE. Default value is ROUND_ROBIN
+ The algorithm to use when assigning pull requests to team members. Supported values are 'ROUND_ROBIN' and 'LOAD_BALANCE'.
+ type: string
+ memberCount:
+ description: |-
+ The number of team members to assign to a pull request
+ The number of team members to assign to a pull request.
+ format: int64
+ type: integer
+ notify:
+ description: |-
+ whether to notify the entire team when at least one member is also assigned to the pull request
+ whether to notify the entire team when at least one member is also assigned to the pull request.
+ type: boolean
+ type: object
+ type: array
+ teamId:
+ description: |-
+ The GitHub team id or the GitHub team slug
+ The GitHub team id or the GitHub team slug.
+ type: string
+ teamSlug:
+ description: The slug of the Team within the Organization.
+ type: string
+ teamUid:
+ description: The unique ID of the Team on GitHub. Corresponds
+ to the ID of the 'github_team_settings' resource.
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: teamsyncgroupmappings.team.github.upbound.io
+spec:
+ group: team.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: TeamSyncGroupMapping
+ listKind: TeamSyncGroupMappingList
+ plural: teamsyncgroupmappings
+ singular: teamsyncgroupmapping
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: TeamSyncGroupMapping is the Schema for the TeamSyncGroupMappings
+ API. Creates and manages the connections between a team and its IdP group(s).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: TeamSyncGroupMappingSpec defines the desired state of TeamSyncGroupMapping
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ group:
+ description: |-
+ An Array of GitHub Identity Provider Groups (or empty []). Each group block consists of the fields documented below.
+ An Array of GitHub Identity Provider Groups (or empty []).
+ items:
+ properties:
+ groupDescription:
+ description: |-
+ The description of the IdP group.
+ The description of the IdP group.
+ type: string
+ groupId:
+ description: |-
+ The ID of the IdP group.
+ The ID of the IdP group.
+ type: string
+ groupName:
+ description: |-
+ The name of the IdP group.
+ The name of the IdP group.
+ type: string
+ type: object
+ type: array
+ teamSlug:
+ description: |-
+ Slug of the team
+ Slug of the team.
+ type: string
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ group:
+ description: |-
+ An Array of GitHub Identity Provider Groups (or empty []). Each group block consists of the fields documented below.
+ An Array of GitHub Identity Provider Groups (or empty []).
+ items:
+ properties:
+ groupDescription:
+ description: |-
+ The description of the IdP group.
+ The description of the IdP group.
+ type: string
+ groupId:
+ description: |-
+ The ID of the IdP group.
+ The ID of the IdP group.
+ type: string
+ groupName:
+ description: |-
+ The name of the IdP group.
+ The name of the IdP group.
+ type: string
+ type: object
+ type: array
+ teamSlug:
+ description: |-
+ Slug of the team
+ Slug of the team.
+ type: string
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: TeamSyncGroupMappingStatus defines the observed state of
+ TeamSyncGroupMapping.
+ properties:
+ atProvider:
+ properties:
+ etag:
+ type: string
+ group:
+ description: |-
+ An Array of GitHub Identity Provider Groups (or empty []). Each group block consists of the fields documented below.
+ An Array of GitHub Identity Provider Groups (or empty []).
+ items:
+ properties:
+ groupDescription:
+ description: |-
+ The description of the IdP group.
+ The description of the IdP group.
+ type: string
+ groupId:
+ description: |-
+ The ID of the IdP group.
+ The ID of the IdP group.
+ type: string
+ groupName:
+ description: |-
+ The name of the IdP group.
+ The name of the IdP group.
+ type: string
+ type: object
+ type: array
+ id:
+ type: string
+ teamSlug:
+ description: |-
+ Slug of the team
+ Slug of the team.
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: memberships.user.github.upbound.io
+spec:
+ group: user.github.upbound.io
+ names:
+ categories:
+ - crossplane
+ - managed
+ - github
+ kind: Membership
+ listKind: MembershipList
+ plural: memberships
+ singular: membership
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=='Synced')].status
+ name: SYNCED
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: READY
+ type: string
+ - jsonPath: .metadata.annotations.crossplane\.io/external-name
+ name: EXTERNAL-NAME
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: Membership is the Schema for the Memberships API. Provides a
+ GitHub membership resource.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MembershipSpec defines the desired state of Membership
+ properties:
+ deletionPolicy:
+ default: Delete
+ description: |-
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ enum:
+ - Orphan
+ - Delete
+ type: string
+ forProvider:
+ properties:
+ downgradeOnDestroy:
+ description: |-
+ Defaults to false. If set to true,
+ when this resource is destroyed, the member will not be removed
+ from the organization. Instead, the member's role will be
+ downgraded to 'member'.
+ Instead of removing the member from the org, you can choose to downgrade their membership to 'member' when this resource is destroyed. This is useful when wanting to downgrade admins while keeping them in the organization
+ type: boolean
+ role:
+ description: |-
+ The role of the user within the organization.
+ Must be one of member or admin. Defaults to member.
+ admin role represents the owner role available via GitHub UI.
+ The role of the user within the organization. Must be one of 'member' or 'admin'.
+ type: string
+ username:
+ description: |-
+ The user to add to the organization.
+ The user to add to the organization.
+ type: string
+ type: object
+ initProvider:
+ description: |-
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+ properties:
+ downgradeOnDestroy:
+ description: |-
+ Defaults to false. If set to true,
+ when this resource is destroyed, the member will not be removed
+ from the organization. Instead, the member's role will be
+ downgraded to 'member'.
+ Instead of removing the member from the org, you can choose to downgrade their membership to 'member' when this resource is destroyed. This is useful when wanting to downgrade admins while keeping them in the organization
+ type: boolean
+ role:
+ description: |-
+ The role of the user within the organization.
+ Must be one of member or admin. Defaults to member.
+ admin role represents the owner role available via GitHub UI.
+ The role of the user within the organization. Must be one of 'member' or 'admin'.
+ type: string
+ username:
+ description: |-
+ The user to add to the organization.
+ The user to add to the organization.
+ type: string
+ type: object
+ managementPolicies:
+ default:
+ - '*'
+ description: |-
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ items:
+ description: |-
+ A ManagementAction represents an action that the Crossplane controllers
+ can take on an external resource.
+ enum:
+ - Observe
+ - Create
+ - Update
+ - Delete
+ - LateInitialize
+ - '*'
+ type: string
+ type: array
+ providerConfigRef:
+ default:
+ name: default
+ description: |-
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ publishConnectionDetailsTo:
+ description: |-
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ properties:
+ configRef:
+ default:
+ name: default
+ description: |-
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+ properties:
+ name:
+ description: Name of the referenced object.
+ type: string
+ policy:
+ description: Policies for referencing.
+ properties:
+ resolution:
+ default: Required
+ description: |-
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ enum:
+ - Required
+ - Optional
+ type: string
+ resolve:
+ description: |-
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ enum:
+ - Always
+ - IfNotPresent
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ metadata:
+ description: Metadata is the metadata for connection secret.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ type: object
+ type:
+ description: |-
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the connection secret.
+ type: string
+ required:
+ - name
+ type: object
+ writeConnectionSecretToRef:
+ description: |-
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+ properties:
+ name:
+ description: Name of the secret.
+ type: string
+ namespace:
+ description: Namespace of the secret.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ required:
+ - forProvider
+ type: object
+ status:
+ description: MembershipStatus defines the observed state of Membership.
+ properties:
+ atProvider:
+ properties:
+ downgradeOnDestroy:
+ description: |-
+ Defaults to false. If set to true,
+ when this resource is destroyed, the member will not be removed
+ from the organization. Instead, the member's role will be
+ downgraded to 'member'.
+ Instead of removing the member from the org, you can choose to downgrade their membership to 'member' when this resource is destroyed. This is useful when wanting to downgrade admins while keeping them in the organization
+ type: boolean
+ etag:
+ type: string
+ id:
+ type: string
+ role:
+ description: |-
+ The role of the user within the organization.
+ Must be one of member or admin. Defaults to member.
+ admin role represents the owner role available via GitHub UI.
+ The role of the user within the organization. Must be one of 'member' or 'admin'.
+ type: string
+ username:
+ description: |-
+ The user to add to the organization.
+ The user to add to the organization.
+ type: string
+ type: object
+ conditions:
+ description: Conditions of the resource.
+ items:
+ description: A Condition that may apply to a resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ type: string
+ observedGeneration:
+ description: |-
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: A Reason for this condition's last transition from
+ one status to another.
+ type: string
+ status:
+ description: Status of this condition; is it currently True,
+ False, or Unknown?
+ type: string
+ type:
+ description: |-
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ type: string
+ required:
+ - lastTransitionTime
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ observedGeneration:
+ description: |-
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ format: int64
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
diff --git a/crossplane-provider-upjet-github/kcl.mod b/crossplane-provider-upjet-github/kcl.mod
new file mode 100644
index 00000000..c885d5f0
--- /dev/null
+++ b/crossplane-provider-upjet-github/kcl.mod
@@ -0,0 +1,7 @@
+[package]
+name = "crossplane-provider-upjet-github"
+edition = "v0.10.0"
+version = "0.18.4"
+
+[dependencies]
+k8s = "1.32.4"
diff --git a/crossplane-provider-upjet-github/kcl.mod.lock b/crossplane-provider-upjet-github/kcl.mod.lock
new file mode 100644
index 00000000..3cb69f07
--- /dev/null
+++ b/crossplane-provider-upjet-github/kcl.mod.lock
@@ -0,0 +1,5 @@
+[dependencies]
+ [dependencies.k8s]
+ name = "k8s"
+ full_name = "k8s_1.32.4"
+ version = "1.32.4"
diff --git a/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_actions_secret.k b/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_actions_secret.k
new file mode 100644
index 00000000..772e5b20
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_actions_secret.k
@@ -0,0 +1,703 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema ActionsSecret:
+ r"""
+ ActionsSecret is the Schema for the ActionsSecrets API. Creates and manages an Action Secret within a GitHub repository
+
+ Attributes
+ ----------
+ apiVersion : str, default is "actions.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "ActionsSecret", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : ActionsGithubUpboundIoV1alpha1ActionsSecretSpec, default is Undefined, required
+ spec
+ status : ActionsGithubUpboundIoV1alpha1ActionsSecretStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "actions.github.upbound.io/v1alpha1" = "actions.github.upbound.io/v1alpha1"
+
+ kind: "ActionsSecret" = "ActionsSecret"
+
+ metadata?: v1.ObjectMeta
+
+ spec: ActionsGithubUpboundIoV1alpha1ActionsSecretSpec
+
+ status?: ActionsGithubUpboundIoV1alpha1ActionsSecretStatus
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretSpec:
+ r"""
+ ActionsSecretSpec defines the desired state of ActionsSecret
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : ActionsGithubUpboundIoV1alpha1ActionsSecretSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : ActionsGithubUpboundIoV1alpha1ActionsSecretSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProvider
+
+ initProvider?: ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: ActionsGithubUpboundIoV1alpha1ActionsSecretSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: ActionsGithubUpboundIoV1alpha1ActionsSecretSpecWriteConnectionSecretToRef
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProvider:
+ r"""
+ actions github upbound io v1alpha1 actions secret spec for provider
+
+ Attributes
+ ----------
+ encryptedValueSecretRef : ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderEncryptedValueSecretRef, default is Undefined, optional
+ encrypted value secret ref
+ plaintextValueSecretRef : ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderPlaintextValueSecretRef, default is Undefined, optional
+ plaintext value secret ref
+ repository : str, default is Undefined, optional
+ Name of the repository
+ Name of the repository.
+ repositoryRef : ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ secretName : str, default is Undefined, optional
+ Name of the secret
+ Name of the secret.
+ """
+
+
+ encryptedValueSecretRef?: ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderEncryptedValueSecretRef
+
+ plaintextValueSecretRef?: ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderPlaintextValueSecretRef
+
+ repository?: str
+
+ repositoryRef?: ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositoryRef
+
+ repositorySelector?: ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositorySelector
+
+ secretName?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderEncryptedValueSecretRef:
+ r"""
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key to select.
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ key: str
+
+ name: str
+
+ namespace: str
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderPlaintextValueSecretRef:
+ r"""
+ Plaintext value of the secret to be encrypted
+ Plaintext value of the secret to be encrypted.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key to select.
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ key: str
+
+ name: str
+
+ namespace: str
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositoryRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositorySelectorPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretSpecForProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ encryptedValueSecretRef : ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderEncryptedValueSecretRef, default is Undefined, optional
+ encrypted value secret ref
+ plaintextValueSecretRef : ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderPlaintextValueSecretRef, default is Undefined, optional
+ plaintext value secret ref
+ repository : str, default is Undefined, optional
+ Name of the repository
+ Name of the repository.
+ repositoryRef : ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ secretName : str, default is Undefined, optional
+ Name of the secret
+ Name of the secret.
+ """
+
+
+ encryptedValueSecretRef?: ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderEncryptedValueSecretRef
+
+ plaintextValueSecretRef?: ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderPlaintextValueSecretRef
+
+ repository?: str
+
+ repositoryRef?: ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositoryRef
+
+ repositorySelector?: ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositorySelector
+
+ secretName?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderEncryptedValueSecretRef:
+ r"""
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key to select.
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ key: str
+
+ name: str
+
+ namespace: str
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderPlaintextValueSecretRef:
+ r"""
+ Plaintext value of the secret to be encrypted
+ Plaintext value of the secret to be encrypted.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key to select.
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ key: str
+
+ name: str
+
+ namespace: str
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositoryRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositorySelectorPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretSpecInitProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1ActionsSecretSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1ActionsSecretSpecProviderConfigRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretStatus:
+ r"""
+ ActionsSecretStatus defines the observed state of ActionsSecret.
+
+ Attributes
+ ----------
+ atProvider : ActionsGithubUpboundIoV1alpha1ActionsSecretStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [ActionsGithubUpboundIoV1alpha1ActionsSecretStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: ActionsGithubUpboundIoV1alpha1ActionsSecretStatusAtProvider
+
+ conditions?: [ActionsGithubUpboundIoV1alpha1ActionsSecretStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretStatusAtProvider:
+ r"""
+ actions github upbound io v1alpha1 actions secret status at provider
+
+ Attributes
+ ----------
+ createdAt : str, default is Undefined, optional
+ Date of actions_secret creation.
+ Date of 'actions_secret' creation.
+ id : str, default is Undefined, optional
+ id
+ repository : str, default is Undefined, optional
+ Name of the repository
+ Name of the repository.
+ secretName : str, default is Undefined, optional
+ Name of the secret
+ Name of the secret.
+ updatedAt : str, default is Undefined, optional
+ Date of actions_secret update.
+ Date of 'actions_secret' update.
+ """
+
+
+ createdAt?: str
+
+ id?: str
+
+ repository?: str
+
+ secretName?: str
+
+ updatedAt?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsSecretStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_actions_variable.k b/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_actions_variable.k
new file mode 100644
index 00000000..6419e8d6
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_actions_variable.k
@@ -0,0 +1,610 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema ActionsVariable:
+ r"""
+ ActionsVariable is the Schema for the ActionsVariables API. Creates and manages an Action variable within a GitHub repository
+
+ Attributes
+ ----------
+ apiVersion : str, default is "actions.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "ActionsVariable", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : ActionsGithubUpboundIoV1alpha1ActionsVariableSpec, default is Undefined, required
+ spec
+ status : ActionsGithubUpboundIoV1alpha1ActionsVariableStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "actions.github.upbound.io/v1alpha1" = "actions.github.upbound.io/v1alpha1"
+
+ kind: "ActionsVariable" = "ActionsVariable"
+
+ metadata?: v1.ObjectMeta
+
+ spec: ActionsGithubUpboundIoV1alpha1ActionsVariableSpec
+
+ status?: ActionsGithubUpboundIoV1alpha1ActionsVariableStatus
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsVariableSpec:
+ r"""
+ ActionsVariableSpec defines the desired state of ActionsVariable
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : ActionsGithubUpboundIoV1alpha1ActionsVariableSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : ActionsGithubUpboundIoV1alpha1ActionsVariableSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProvider
+
+ initProvider?: ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: ActionsGithubUpboundIoV1alpha1ActionsVariableSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: ActionsGithubUpboundIoV1alpha1ActionsVariableSpecWriteConnectionSecretToRef
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProvider:
+ r"""
+ actions github upbound io v1alpha1 actions variable spec for provider
+
+ Attributes
+ ----------
+ repository : str, default is Undefined, optional
+ Name of the repository
+ Name of the repository.
+ repositoryRef : ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ value : str, default is Undefined, optional
+ Value of the variable
+ Value of the variable.
+ variableName : str, default is Undefined, optional
+ Name of the variable
+ Name of the variable.
+ """
+
+
+ repository?: str
+
+ repositoryRef?: ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositoryRef
+
+ repositorySelector?: ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositorySelector
+
+ value?: str
+
+ variableName?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositoryRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositorySelectorPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsVariableSpecForProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ repository : str, default is Undefined, optional
+ Name of the repository
+ Name of the repository.
+ repositoryRef : ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ value : str, default is Undefined, optional
+ Value of the variable
+ Value of the variable.
+ variableName : str, default is Undefined, optional
+ Name of the variable
+ Name of the variable.
+ """
+
+
+ repository?: str
+
+ repositoryRef?: ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositoryRef
+
+ repositorySelector?: ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositorySelector
+
+ value?: str
+
+ variableName?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositoryRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositorySelectorPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsVariableSpecInitProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsVariableSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1ActionsVariableSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1ActionsVariableSpecProviderConfigRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsVariableSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsVariableSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsVariableSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsVariableStatus:
+ r"""
+ ActionsVariableStatus defines the observed state of ActionsVariable.
+
+ Attributes
+ ----------
+ atProvider : ActionsGithubUpboundIoV1alpha1ActionsVariableStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [ActionsGithubUpboundIoV1alpha1ActionsVariableStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: ActionsGithubUpboundIoV1alpha1ActionsVariableStatusAtProvider
+
+ conditions?: [ActionsGithubUpboundIoV1alpha1ActionsVariableStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsVariableStatusAtProvider:
+ r"""
+ actions github upbound io v1alpha1 actions variable status at provider
+
+ Attributes
+ ----------
+ createdAt : str, default is Undefined, optional
+ Date of actions_variable creation.
+ Date of 'actions_variable' creation.
+ id : str, default is Undefined, optional
+ id
+ repository : str, default is Undefined, optional
+ Name of the repository
+ Name of the repository.
+ updatedAt : str, default is Undefined, optional
+ Date of actions_variable update.
+ Date of 'actions_variable' update.
+ value : str, default is Undefined, optional
+ Value of the variable
+ Value of the variable.
+ variableName : str, default is Undefined, optional
+ Name of the variable
+ Name of the variable.
+ """
+
+
+ createdAt?: str
+
+ id?: str
+
+ repository?: str
+
+ updatedAt?: str
+
+ value?: str
+
+ variableName?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1ActionsVariableStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_environment_secret.k b/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_environment_secret.k
new file mode 100644
index 00000000..7e3aa798
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_environment_secret.k
@@ -0,0 +1,912 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema EnvironmentSecret:
+ r"""
+ EnvironmentSecret is the Schema for the EnvironmentSecrets API. Creates and manages an Action Secret within a GitHub repository environment
+
+ Attributes
+ ----------
+ apiVersion : str, default is "actions.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "EnvironmentSecret", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpec, default is Undefined, required
+ spec
+ status : ActionsGithubUpboundIoV1alpha1EnvironmentSecretStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "actions.github.upbound.io/v1alpha1" = "actions.github.upbound.io/v1alpha1"
+
+ kind: "EnvironmentSecret" = "EnvironmentSecret"
+
+ metadata?: v1.ObjectMeta
+
+ spec: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpec
+
+ status?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretStatus
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpec:
+ r"""
+ EnvironmentSecretSpec defines the desired state of EnvironmentSecret
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProvider
+
+ initProvider?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecWriteConnectionSecretToRef
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProvider:
+ r"""
+ actions github upbound io v1alpha1 environment secret spec for provider
+
+ Attributes
+ ----------
+ encryptedValueSecretRef : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEncryptedValueSecretRef, default is Undefined, optional
+ encrypted value secret ref
+ environment : str, default is Undefined, optional
+ Name of the environment.
+ Name of the environment.
+ environmentRef : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentRef, default is Undefined, optional
+ environment ref
+ environmentSelector : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentSelector, default is Undefined, optional
+ environment selector
+ plaintextValueSecretRef : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderPlaintextValueSecretRef, default is Undefined, optional
+ plaintext value secret ref
+ repository : str, default is Undefined, optional
+ Name of the repository.
+ Name of the repository.
+ repositoryRef : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ secretName : str, default is Undefined, optional
+ Name of the secret.
+ Name of the secret.
+ """
+
+
+ encryptedValueSecretRef?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEncryptedValueSecretRef
+
+ environment?: str
+
+ environmentRef?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentRef
+
+ environmentSelector?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentSelector
+
+ plaintextValueSecretRef?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderPlaintextValueSecretRef
+
+ repository?: str
+
+ repositoryRef?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositoryRef
+
+ repositorySelector?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositorySelector
+
+ secretName?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEncryptedValueSecretRef:
+ r"""
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key to select.
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ key: str
+
+ name: str
+
+ namespace: str
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentRef:
+ r"""
+ Reference to a Environment in repo to populate environment.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentSelector:
+ r"""
+ Selector for a Environment in repo to populate environment.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentSelectorPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderEnvironmentSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderPlaintextValueSecretRef:
+ r"""
+ Plaintext value of the secret to be encrypted.
+ Plaintext value of the secret to be encrypted.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key to select.
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ key: str
+
+ name: str
+
+ namespace: str
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositoryRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositorySelectorPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecForProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ encryptedValueSecretRef : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEncryptedValueSecretRef, default is Undefined, optional
+ encrypted value secret ref
+ environment : str, default is Undefined, optional
+ Name of the environment.
+ Name of the environment.
+ environmentRef : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentRef, default is Undefined, optional
+ environment ref
+ environmentSelector : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentSelector, default is Undefined, optional
+ environment selector
+ plaintextValueSecretRef : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderPlaintextValueSecretRef, default is Undefined, optional
+ plaintext value secret ref
+ repository : str, default is Undefined, optional
+ Name of the repository.
+ Name of the repository.
+ repositoryRef : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ secretName : str, default is Undefined, optional
+ Name of the secret.
+ Name of the secret.
+ """
+
+
+ encryptedValueSecretRef?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEncryptedValueSecretRef
+
+ environment?: str
+
+ environmentRef?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentRef
+
+ environmentSelector?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentSelector
+
+ plaintextValueSecretRef?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderPlaintextValueSecretRef
+
+ repository?: str
+
+ repositoryRef?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositoryRef
+
+ repositorySelector?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositorySelector
+
+ secretName?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEncryptedValueSecretRef:
+ r"""
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key to select.
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ key: str
+
+ name: str
+
+ namespace: str
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentRef:
+ r"""
+ Reference to a Environment in repo to populate environment.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentSelector:
+ r"""
+ Selector for a Environment in repo to populate environment.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentSelectorPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderEnvironmentSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderPlaintextValueSecretRef:
+ r"""
+ Plaintext value of the secret to be encrypted.
+ Plaintext value of the secret to be encrypted.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key to select.
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ key: str
+
+ name: str
+
+ namespace: str
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositoryRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositorySelectorPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecInitProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecProviderConfigRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretStatus:
+ r"""
+ EnvironmentSecretStatus defines the observed state of EnvironmentSecret.
+
+ Attributes
+ ----------
+ atProvider : ActionsGithubUpboundIoV1alpha1EnvironmentSecretStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [ActionsGithubUpboundIoV1alpha1EnvironmentSecretStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: ActionsGithubUpboundIoV1alpha1EnvironmentSecretStatusAtProvider
+
+ conditions?: [ActionsGithubUpboundIoV1alpha1EnvironmentSecretStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretStatusAtProvider:
+ r"""
+ actions github upbound io v1alpha1 environment secret status at provider
+
+ Attributes
+ ----------
+ createdAt : str, default is Undefined, optional
+ Date of actions_environment_secret creation.
+ Date of 'actions_environment_secret' creation.
+ environment : str, default is Undefined, optional
+ Name of the environment.
+ Name of the environment.
+ id : str, default is Undefined, optional
+ id
+ repository : str, default is Undefined, optional
+ Name of the repository.
+ Name of the repository.
+ secretName : str, default is Undefined, optional
+ Name of the secret.
+ Name of the secret.
+ updatedAt : str, default is Undefined, optional
+ Date of actions_environment_secret update.
+ Date of 'actions_environment_secret' update.
+ """
+
+
+ createdAt?: str
+
+ environment?: str
+
+ id?: str
+
+ repository?: str
+
+ secretName?: str
+
+ updatedAt?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentSecretStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_environment_variable.k b/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_environment_variable.k
new file mode 100644
index 00000000..c74f1afb
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_environment_variable.k
@@ -0,0 +1,819 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema EnvironmentVariable:
+ r"""
+ EnvironmentVariable is the Schema for the EnvironmentVariables API. Creates and manages an Action variable within a GitHub repository environment
+
+ Attributes
+ ----------
+ apiVersion : str, default is "actions.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "EnvironmentVariable", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpec, default is Undefined, required
+ spec
+ status : ActionsGithubUpboundIoV1alpha1EnvironmentVariableStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "actions.github.upbound.io/v1alpha1" = "actions.github.upbound.io/v1alpha1"
+
+ kind: "EnvironmentVariable" = "EnvironmentVariable"
+
+ metadata?: v1.ObjectMeta
+
+ spec: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpec
+
+ status?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableStatus
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpec:
+ r"""
+ EnvironmentVariableSpec defines the desired state of EnvironmentVariable
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProvider
+
+ initProvider?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecWriteConnectionSecretToRef
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProvider:
+ r"""
+ actions github upbound io v1alpha1 environment variable spec for provider
+
+ Attributes
+ ----------
+ environment : str, default is Undefined, optional
+ Name of the environment.
+ Name of the environment.
+ environmentRef : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentRef, default is Undefined, optional
+ environment ref
+ environmentSelector : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentSelector, default is Undefined, optional
+ environment selector
+ repository : str, default is Undefined, optional
+ Name of the repository.
+ Name of the repository.
+ repositoryRef : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ value : str, default is Undefined, optional
+ Value of the variable
+ Value of the variable.
+ variableName : str, default is Undefined, optional
+ Name of the variable.
+ Name of the variable.
+ """
+
+
+ environment?: str
+
+ environmentRef?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentRef
+
+ environmentSelector?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentSelector
+
+ repository?: str
+
+ repositoryRef?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositoryRef
+
+ repositorySelector?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositorySelector
+
+ value?: str
+
+ variableName?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentRef:
+ r"""
+ Reference to a Environment in repo to populate environment.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentSelector:
+ r"""
+ Selector for a Environment in repo to populate environment.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentSelectorPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderEnvironmentSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositoryRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositorySelectorPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecForProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ environment : str, default is Undefined, optional
+ Name of the environment.
+ Name of the environment.
+ environmentRef : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentRef, default is Undefined, optional
+ environment ref
+ environmentSelector : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentSelector, default is Undefined, optional
+ environment selector
+ repository : str, default is Undefined, optional
+ Name of the repository.
+ Name of the repository.
+ repositoryRef : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ value : str, default is Undefined, optional
+ Value of the variable
+ Value of the variable.
+ variableName : str, default is Undefined, optional
+ Name of the variable.
+ Name of the variable.
+ """
+
+
+ environment?: str
+
+ environmentRef?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentRef
+
+ environmentSelector?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentSelector
+
+ repository?: str
+
+ repositoryRef?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositoryRef
+
+ repositorySelector?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositorySelector
+
+ value?: str
+
+ variableName?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentRef:
+ r"""
+ Reference to a Environment in repo to populate environment.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentSelector:
+ r"""
+ Selector for a Environment in repo to populate environment.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentSelectorPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderEnvironmentSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositoryRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositorySelectorPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecInitProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecProviderConfigRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableStatus:
+ r"""
+ EnvironmentVariableStatus defines the observed state of EnvironmentVariable.
+
+ Attributes
+ ----------
+ atProvider : ActionsGithubUpboundIoV1alpha1EnvironmentVariableStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [ActionsGithubUpboundIoV1alpha1EnvironmentVariableStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: ActionsGithubUpboundIoV1alpha1EnvironmentVariableStatusAtProvider
+
+ conditions?: [ActionsGithubUpboundIoV1alpha1EnvironmentVariableStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableStatusAtProvider:
+ r"""
+ actions github upbound io v1alpha1 environment variable status at provider
+
+ Attributes
+ ----------
+ createdAt : str, default is Undefined, optional
+ Date of actions_environment_secret creation.
+ Date of 'actions_variable' creation.
+ environment : str, default is Undefined, optional
+ Name of the environment.
+ Name of the environment.
+ id : str, default is Undefined, optional
+ id
+ repository : str, default is Undefined, optional
+ Name of the repository.
+ Name of the repository.
+ updatedAt : str, default is Undefined, optional
+ Date of actions_environment_secret update.
+ Date of 'actions_variable' update.
+ value : str, default is Undefined, optional
+ Value of the variable
+ Value of the variable.
+ variableName : str, default is Undefined, optional
+ Name of the variable.
+ Name of the variable.
+ """
+
+
+ createdAt?: str
+
+ environment?: str
+
+ id?: str
+
+ repository?: str
+
+ updatedAt?: str
+
+ value?: str
+
+ variableName?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1EnvironmentVariableStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_organization_actions_secret.k b/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_organization_actions_secret.k
new file mode 100644
index 00000000..12f27341
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_organization_actions_secret.k
@@ -0,0 +1,527 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema OrganizationActionsSecret:
+ r"""
+ OrganizationActionsSecret is the Schema for the OrganizationActionsSecrets API. Creates and manages an Action Secret within a GitHub organization
+
+ Attributes
+ ----------
+ apiVersion : str, default is "actions.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "OrganizationActionsSecret", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpec, default is Undefined, required
+ spec
+ status : ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "actions.github.upbound.io/v1alpha1" = "actions.github.upbound.io/v1alpha1"
+
+ kind: "OrganizationActionsSecret" = "OrganizationActionsSecret"
+
+ metadata?: v1.ObjectMeta
+
+ spec: ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpec
+
+ status?: ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretStatus
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpec:
+ r"""
+ OrganizationActionsSecretSpec defines the desired state of OrganizationActionsSecret
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecForProvider
+
+ initProvider?: ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecWriteConnectionSecretToRef
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecForProvider:
+ r"""
+ actions github upbound io v1alpha1 organization actions secret spec for provider
+
+ Attributes
+ ----------
+ encryptedValueSecretRef : ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecForProviderEncryptedValueSecretRef, default is Undefined, optional
+ encrypted value secret ref
+ plaintextValueSecretRef : ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecForProviderPlaintextValueSecretRef, default is Undefined, optional
+ plaintext value secret ref
+ secretName : str, default is Undefined, optional
+ Name of the secret
+ Name of the secret.
+ selectedRepositoryIds : [int], default is Undefined, optional
+ An array of repository ids that can access the organization secret.
+ An array of repository ids that can access the organization secret.
+ visibility : str, default is Undefined, optional
+ Configures the access that repositories have to the organization secret.
+ Must be one of all, private, selected. selected_repository_ids is required if set to selected.
+ Configures the access that repositories have to the organization secret. Must be one of 'all', 'private', or 'selected'. 'selected_repository_ids' is required if set to 'selected'.
+ """
+
+
+ encryptedValueSecretRef?: ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecForProviderEncryptedValueSecretRef
+
+ plaintextValueSecretRef?: ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecForProviderPlaintextValueSecretRef
+
+ secretName?: str
+
+ selectedRepositoryIds?: [int]
+
+ visibility?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecForProviderEncryptedValueSecretRef:
+ r"""
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key to select.
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ key: str
+
+ name: str
+
+ namespace: str
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecForProviderPlaintextValueSecretRef:
+ r"""
+ Plaintext value of the secret to be encrypted
+ Plaintext value of the secret to be encrypted.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key to select.
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ key: str
+
+ name: str
+
+ namespace: str
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ encryptedValueSecretRef : ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecInitProviderEncryptedValueSecretRef, default is Undefined, optional
+ encrypted value secret ref
+ plaintextValueSecretRef : ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecInitProviderPlaintextValueSecretRef, default is Undefined, optional
+ plaintext value secret ref
+ secretName : str, default is Undefined, optional
+ Name of the secret
+ Name of the secret.
+ selectedRepositoryIds : [int], default is Undefined, optional
+ An array of repository ids that can access the organization secret.
+ An array of repository ids that can access the organization secret.
+ visibility : str, default is Undefined, optional
+ Configures the access that repositories have to the organization secret.
+ Must be one of all, private, selected. selected_repository_ids is required if set to selected.
+ Configures the access that repositories have to the organization secret. Must be one of 'all', 'private', or 'selected'. 'selected_repository_ids' is required if set to 'selected'.
+ """
+
+
+ encryptedValueSecretRef?: ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecInitProviderEncryptedValueSecretRef
+
+ plaintextValueSecretRef?: ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecInitProviderPlaintextValueSecretRef
+
+ secretName?: str
+
+ selectedRepositoryIds?: [int]
+
+ visibility?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecInitProviderEncryptedValueSecretRef:
+ r"""
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+ Encrypted value of the secret using the GitHub public key in Base64 format.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key to select.
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ key: str
+
+ name: str
+
+ namespace: str
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecInitProviderPlaintextValueSecretRef:
+ r"""
+ Plaintext value of the secret to be encrypted
+ Plaintext value of the secret to be encrypted.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key to select.
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ key: str
+
+ name: str
+
+ namespace: str
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecProviderConfigRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretStatus:
+ r"""
+ OrganizationActionsSecretStatus defines the observed state of OrganizationActionsSecret.
+
+ Attributes
+ ----------
+ atProvider : ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretStatusAtProvider
+
+ conditions?: [ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretStatusAtProvider:
+ r"""
+ actions github upbound io v1alpha1 organization actions secret status at provider
+
+ Attributes
+ ----------
+ createdAt : str, default is Undefined, optional
+ Date of actions_secret creation.
+ Date of 'actions_secret' creation.
+ id : str, default is Undefined, optional
+ id
+ secretName : str, default is Undefined, optional
+ Name of the secret
+ Name of the secret.
+ selectedRepositoryIds : [int], default is Undefined, optional
+ An array of repository ids that can access the organization secret.
+ An array of repository ids that can access the organization secret.
+ updatedAt : str, default is Undefined, optional
+ Date of actions_secret update.
+ Date of 'actions_secret' update.
+ visibility : str, default is Undefined, optional
+ Configures the access that repositories have to the organization secret.
+ Must be one of all, private, selected. selected_repository_ids is required if set to selected.
+ Configures the access that repositories have to the organization secret. Must be one of 'all', 'private', or 'selected'. 'selected_repository_ids' is required if set to 'selected'.
+ """
+
+
+ createdAt?: str
+
+ id?: str
+
+ secretName?: str
+
+ selectedRepositoryIds?: [int]
+
+ updatedAt?: str
+
+ visibility?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsSecretStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_organization_actions_variable.k b/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_organization_actions_variable.k
new file mode 100644
index 00000000..0b5bac55
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_organization_actions_variable.k
@@ -0,0 +1,434 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema OrganizationActionsVariable:
+ r"""
+ OrganizationActionsVariable is the Schema for the OrganizationActionsVariables API. Creates and manages an Action variable within a GitHub organization
+
+ Attributes
+ ----------
+ apiVersion : str, default is "actions.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "OrganizationActionsVariable", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpec, default is Undefined, required
+ spec
+ status : ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "actions.github.upbound.io/v1alpha1" = "actions.github.upbound.io/v1alpha1"
+
+ kind: "OrganizationActionsVariable" = "OrganizationActionsVariable"
+
+ metadata?: v1.ObjectMeta
+
+ spec: ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpec
+
+ status?: ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableStatus
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpec:
+ r"""
+ OrganizationActionsVariableSpec defines the desired state of OrganizationActionsVariable
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecForProvider
+
+ initProvider?: ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecWriteConnectionSecretToRef
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecForProvider:
+ r"""
+ actions github upbound io v1alpha1 organization actions variable spec for provider
+
+ Attributes
+ ----------
+ selectedRepositoryIds : [int], default is Undefined, optional
+ An array of repository ids that can access the organization variable.
+ An array of repository ids that can access the organization variable.
+ value : str, default is Undefined, optional
+ Value of the variable
+ Value of the variable.
+ variableName : str, default is Undefined, optional
+ Name of the variable
+ Name of the variable.
+ visibility : str, default is Undefined, optional
+ Configures the access that repositories have to the organization variable.
+ Must be one of all, private, selected. selected_repository_ids is required if set to selected.
+ Configures the access that repositories have to the organization variable. Must be one of 'all', 'private', or 'selected'. 'selected_repository_ids' is required if set to 'selected'.
+ """
+
+
+ selectedRepositoryIds?: [int]
+
+ value?: str
+
+ variableName?: str
+
+ visibility?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ selectedRepositoryIds : [int], default is Undefined, optional
+ An array of repository ids that can access the organization variable.
+ An array of repository ids that can access the organization variable.
+ value : str, default is Undefined, optional
+ Value of the variable
+ Value of the variable.
+ variableName : str, default is Undefined, optional
+ Name of the variable
+ Name of the variable.
+ visibility : str, default is Undefined, optional
+ Configures the access that repositories have to the organization variable.
+ Must be one of all, private, selected. selected_repository_ids is required if set to selected.
+ Configures the access that repositories have to the organization variable. Must be one of 'all', 'private', or 'selected'. 'selected_repository_ids' is required if set to 'selected'.
+ """
+
+
+ selectedRepositoryIds?: [int]
+
+ value?: str
+
+ variableName?: str
+
+ visibility?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecProviderConfigRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableStatus:
+ r"""
+ OrganizationActionsVariableStatus defines the observed state of OrganizationActionsVariable.
+
+ Attributes
+ ----------
+ atProvider : ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableStatusAtProvider
+
+ conditions?: [ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableStatusAtProvider:
+ r"""
+ actions github upbound io v1alpha1 organization actions variable status at provider
+
+ Attributes
+ ----------
+ createdAt : str, default is Undefined, optional
+ Date of actions_variable creation.
+ Date of 'actions_variable' creation.
+ id : str, default is Undefined, optional
+ id
+ selectedRepositoryIds : [int], default is Undefined, optional
+ An array of repository ids that can access the organization variable.
+ An array of repository ids that can access the organization variable.
+ updatedAt : str, default is Undefined, optional
+ Date of actions_variable update.
+ Date of 'actions_variable' update.
+ value : str, default is Undefined, optional
+ Value of the variable
+ Value of the variable.
+ variableName : str, default is Undefined, optional
+ Name of the variable
+ Name of the variable.
+ visibility : str, default is Undefined, optional
+ Configures the access that repositories have to the organization variable.
+ Must be one of all, private, selected. selected_repository_ids is required if set to selected.
+ Configures the access that repositories have to the organization variable. Must be one of 'all', 'private', or 'selected'. 'selected_repository_ids' is required if set to 'selected'.
+ """
+
+
+ createdAt?: str
+
+ id?: str
+
+ selectedRepositoryIds?: [int]
+
+ updatedAt?: str
+
+ value?: str
+
+ variableName?: str
+
+ visibility?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationActionsVariableStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_organization_permissions.k b/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_organization_permissions.k
new file mode 100644
index 00000000..9d5b07b9
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_organization_permissions.k
@@ -0,0 +1,541 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema OrganizationPermissions:
+ r"""
+ OrganizationPermissions is the Schema for the OrganizationPermissionss API. Creates and manages Actions permissions within a GitHub organization
+
+ Attributes
+ ----------
+ apiVersion : str, default is "actions.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "OrganizationPermissions", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpec, default is Undefined, required
+ spec
+ status : ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "actions.github.upbound.io/v1alpha1" = "actions.github.upbound.io/v1alpha1"
+
+ kind: "OrganizationPermissions" = "OrganizationPermissions"
+
+ metadata?: v1.ObjectMeta
+
+ spec: ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpec
+
+ status?: ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatus
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpec:
+ r"""
+ OrganizationPermissionsSpec defines the desired state of OrganizationPermissions
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecForProvider
+
+ initProvider?: ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecWriteConnectionSecretToRef
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecForProvider:
+ r"""
+ actions github upbound io v1alpha1 organization permissions spec for provider
+
+ Attributes
+ ----------
+ allowedActions : str, default is Undefined, optional
+ The permissions policy that controls the actions that are allowed to run. Can be one of: all, local_only, or selected.
+ The permissions policy that controls the actions that are allowed to run. Can be one of: 'all', 'local_only', or 'selected'.
+ allowedActionsConfig : [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecForProviderAllowedActionsConfigItems0], default is Undefined, optional
+ Sets the actions that are allowed in an organization. Only available when allowed_actions = selected. See Allowed Actions Config below for details.
+ Sets the actions that are allowed in an organization. Only available when 'allowed_actions' = 'selected'
+ enabledRepositories : str, default is Undefined, optional
+ The policy that controls the repositories in the organization that are allowed to run GitHub Actions. Can be one of: all, none, or selected.
+ The policy that controls the repositories in the organization that are allowed to run GitHub Actions. Can be one of: 'all', 'none', or 'selected'.
+ enabledRepositoriesConfig : [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecForProviderEnabledRepositoriesConfigItems0], default is Undefined, optional
+ Sets the list of selected repositories that are enabled for GitHub Actions in an organization. Only available when enabled_repositories = selected. See Enabled Repositories Config below for details.
+ Sets the list of selected repositories that are enabled for GitHub Actions in an organization. Only available when 'enabled_repositories' = 'selected'.
+ """
+
+
+ allowedActions?: str
+
+ allowedActionsConfig?: [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecForProviderAllowedActionsConfigItems0]
+
+ enabledRepositories?: str
+
+ enabledRepositoriesConfig?: [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecForProviderEnabledRepositoriesConfigItems0]
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecForProviderAllowedActionsConfigItems0:
+ r"""
+ actions github upbound io v1alpha1 organization permissions spec for provider allowed actions config items0
+
+ Attributes
+ ----------
+ githubOwnedAllowed : bool, default is Undefined, optional
+ Whether GitHub-owned actions are allowed in the organization.
+ Whether GitHub-owned actions are allowed in the organization.
+ patternsAllowed : [str], default is Undefined, optional
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@, monalisa/octocat@v2, monalisa/."
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, 'monalisa/octocat@', 'monalisa/octocat@v2', 'monalisa/'.
+ verifiedAllowed : bool, default is Undefined, optional
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to 'true' to allow all GitHub Marketplace actions by verified creators.
+ """
+
+
+ githubOwnedAllowed?: bool
+
+ patternsAllowed?: [str]
+
+ verifiedAllowed?: bool
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecForProviderEnabledRepositoriesConfigItems0:
+ r"""
+ actions github upbound io v1alpha1 organization permissions spec for provider enabled repositories config items0
+
+ Attributes
+ ----------
+ repositoryIds : [int], default is Undefined, optional
+ List of repository IDs to enable for GitHub Actions.
+ List of repository IDs to enable for GitHub Actions.
+ """
+
+
+ repositoryIds?: [int]
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ allowedActions : str, default is Undefined, optional
+ The permissions policy that controls the actions that are allowed to run. Can be one of: all, local_only, or selected.
+ The permissions policy that controls the actions that are allowed to run. Can be one of: 'all', 'local_only', or 'selected'.
+ allowedActionsConfig : [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecInitProviderAllowedActionsConfigItems0], default is Undefined, optional
+ Sets the actions that are allowed in an organization. Only available when allowed_actions = selected. See Allowed Actions Config below for details.
+ Sets the actions that are allowed in an organization. Only available when 'allowed_actions' = 'selected'
+ enabledRepositories : str, default is Undefined, optional
+ The policy that controls the repositories in the organization that are allowed to run GitHub Actions. Can be one of: all, none, or selected.
+ The policy that controls the repositories in the organization that are allowed to run GitHub Actions. Can be one of: 'all', 'none', or 'selected'.
+ enabledRepositoriesConfig : [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecInitProviderEnabledRepositoriesConfigItems0], default is Undefined, optional
+ Sets the list of selected repositories that are enabled for GitHub Actions in an organization. Only available when enabled_repositories = selected. See Enabled Repositories Config below for details.
+ Sets the list of selected repositories that are enabled for GitHub Actions in an organization. Only available when 'enabled_repositories' = 'selected'.
+ """
+
+
+ allowedActions?: str
+
+ allowedActionsConfig?: [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecInitProviderAllowedActionsConfigItems0]
+
+ enabledRepositories?: str
+
+ enabledRepositoriesConfig?: [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecInitProviderEnabledRepositoriesConfigItems0]
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecInitProviderAllowedActionsConfigItems0:
+ r"""
+ actions github upbound io v1alpha1 organization permissions spec init provider allowed actions config items0
+
+ Attributes
+ ----------
+ githubOwnedAllowed : bool, default is Undefined, optional
+ Whether GitHub-owned actions are allowed in the organization.
+ Whether GitHub-owned actions are allowed in the organization.
+ patternsAllowed : [str], default is Undefined, optional
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@, monalisa/octocat@v2, monalisa/."
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, 'monalisa/octocat@', 'monalisa/octocat@v2', 'monalisa/'.
+ verifiedAllowed : bool, default is Undefined, optional
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to 'true' to allow all GitHub Marketplace actions by verified creators.
+ """
+
+
+ githubOwnedAllowed?: bool
+
+ patternsAllowed?: [str]
+
+ verifiedAllowed?: bool
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecInitProviderEnabledRepositoriesConfigItems0:
+ r"""
+ actions github upbound io v1alpha1 organization permissions spec init provider enabled repositories config items0
+
+ Attributes
+ ----------
+ repositoryIds : [int], default is Undefined, optional
+ List of repository IDs to enable for GitHub Actions.
+ List of repository IDs to enable for GitHub Actions.
+ """
+
+
+ repositoryIds?: [int]
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecProviderConfigRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationPermissionsSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatus:
+ r"""
+ OrganizationPermissionsStatus defines the observed state of OrganizationPermissions.
+
+ Attributes
+ ----------
+ atProvider : ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusAtProvider
+
+ conditions?: [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusAtProvider:
+ r"""
+ actions github upbound io v1alpha1 organization permissions status at provider
+
+ Attributes
+ ----------
+ allowedActions : str, default is Undefined, optional
+ The permissions policy that controls the actions that are allowed to run. Can be one of: all, local_only, or selected.
+ The permissions policy that controls the actions that are allowed to run. Can be one of: 'all', 'local_only', or 'selected'.
+ allowedActionsConfig : [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusAtProviderAllowedActionsConfigItems0], default is Undefined, optional
+ Sets the actions that are allowed in an organization. Only available when allowed_actions = selected. See Allowed Actions Config below for details.
+ Sets the actions that are allowed in an organization. Only available when 'allowed_actions' = 'selected'
+ enabledRepositories : str, default is Undefined, optional
+ The policy that controls the repositories in the organization that are allowed to run GitHub Actions. Can be one of: all, none, or selected.
+ The policy that controls the repositories in the organization that are allowed to run GitHub Actions. Can be one of: 'all', 'none', or 'selected'.
+ enabledRepositoriesConfig : [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusAtProviderEnabledRepositoriesConfigItems0], default is Undefined, optional
+ Sets the list of selected repositories that are enabled for GitHub Actions in an organization. Only available when enabled_repositories = selected. See Enabled Repositories Config below for details.
+ Sets the list of selected repositories that are enabled for GitHub Actions in an organization. Only available when 'enabled_repositories' = 'selected'.
+ id : str, default is Undefined, optional
+ id
+ """
+
+
+ allowedActions?: str
+
+ allowedActionsConfig?: [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusAtProviderAllowedActionsConfigItems0]
+
+ enabledRepositories?: str
+
+ enabledRepositoriesConfig?: [ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusAtProviderEnabledRepositoriesConfigItems0]
+
+ id?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusAtProviderAllowedActionsConfigItems0:
+ r"""
+ actions github upbound io v1alpha1 organization permissions status at provider allowed actions config items0
+
+ Attributes
+ ----------
+ githubOwnedAllowed : bool, default is Undefined, optional
+ Whether GitHub-owned actions are allowed in the organization.
+ Whether GitHub-owned actions are allowed in the organization.
+ patternsAllowed : [str], default is Undefined, optional
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@, monalisa/octocat@v2, monalisa/."
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, 'monalisa/octocat@', 'monalisa/octocat@v2', 'monalisa/'.
+ verifiedAllowed : bool, default is Undefined, optional
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to 'true' to allow all GitHub Marketplace actions by verified creators.
+ """
+
+
+ githubOwnedAllowed?: bool
+
+ patternsAllowed?: [str]
+
+ verifiedAllowed?: bool
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusAtProviderEnabledRepositoriesConfigItems0:
+ r"""
+ actions github upbound io v1alpha1 organization permissions status at provider enabled repositories config items0
+
+ Attributes
+ ----------
+ repositoryIds : [int], default is Undefined, optional
+ List of repository IDs to enable for GitHub Actions.
+ List of repository IDs to enable for GitHub Actions.
+ """
+
+
+ repositoryIds?: [int]
+
+
+schema ActionsGithubUpboundIoV1alpha1OrganizationPermissionsStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_repository_access_level.k b/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_repository_access_level.k
new file mode 100644
index 00000000..ae5281ee
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_repository_access_level.k
@@ -0,0 +1,585 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema RepositoryAccessLevel:
+ r"""
+ RepositoryAccessLevel is the Schema for the RepositoryAccessLevels API. Manages Actions and Reusable Workflow access for a GitHub repository
+
+ Attributes
+ ----------
+ apiVersion : str, default is "actions.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "RepositoryAccessLevel", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpec, default is Undefined, required
+ spec
+ status : ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "actions.github.upbound.io/v1alpha1" = "actions.github.upbound.io/v1alpha1"
+
+ kind: "RepositoryAccessLevel" = "RepositoryAccessLevel"
+
+ metadata?: v1.ObjectMeta
+
+ spec: ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpec
+
+ status?: ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelStatus
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpec:
+ r"""
+ RepositoryAccessLevelSpec defines the desired state of RepositoryAccessLevel
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProvider
+
+ initProvider?: ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecWriteConnectionSecretToRef
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProvider:
+ r"""
+ actions github upbound io v1alpha1 repository access level spec for provider
+
+ Attributes
+ ----------
+ accessLevel : str, default is Undefined, optional
+ Where the actions or reusable workflows of the repository may be used. Possible values are none, user, organization, or enterprise.
+ Where the actions or reusable workflows of the repository may be used. Possible values are 'none', 'user', 'organization', or 'enterprise'.
+ repository : str, default is Undefined, optional
+ The GitHub repository
+ The GitHub repository.
+ repositoryRef : ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ """
+
+
+ accessLevel?: str
+
+ repository?: str
+
+ repositoryRef?: ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositoryRef
+
+ repositorySelector?: ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositorySelector
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositoryRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositorySelectorPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecForProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ accessLevel : str, default is Undefined, optional
+ Where the actions or reusable workflows of the repository may be used. Possible values are none, user, organization, or enterprise.
+ Where the actions or reusable workflows of the repository may be used. Possible values are 'none', 'user', 'organization', or 'enterprise'.
+ repository : str, default is Undefined, optional
+ The GitHub repository
+ The GitHub repository.
+ repositoryRef : ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ """
+
+
+ accessLevel?: str
+
+ repository?: str
+
+ repositoryRef?: ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositoryRef
+
+ repositorySelector?: ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositorySelector
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositoryRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositorySelectorPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecInitProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecProviderConfigRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelStatus:
+ r"""
+ RepositoryAccessLevelStatus defines the observed state of RepositoryAccessLevel.
+
+ Attributes
+ ----------
+ atProvider : ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelStatusAtProvider
+
+ conditions?: [ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelStatusAtProvider:
+ r"""
+ actions github upbound io v1alpha1 repository access level status at provider
+
+ Attributes
+ ----------
+ accessLevel : str, default is Undefined, optional
+ Where the actions or reusable workflows of the repository may be used. Possible values are none, user, organization, or enterprise.
+ Where the actions or reusable workflows of the repository may be used. Possible values are 'none', 'user', 'organization', or 'enterprise'.
+ id : str, default is Undefined, optional
+ id
+ repository : str, default is Undefined, optional
+ The GitHub repository
+ The GitHub repository.
+ """
+
+
+ accessLevel?: str
+
+ id?: str
+
+ repository?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryAccessLevelStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_repository_permissions.k b/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_repository_permissions.k
new file mode 100644
index 00000000..b5889b38
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_repository_permissions.k
@@ -0,0 +1,690 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema RepositoryPermissions:
+ r"""
+ RepositoryPermissions is the Schema for the RepositoryPermissionss API. Enables and manages Actions permissions for a GitHub repository
+
+ Attributes
+ ----------
+ apiVersion : str, default is "actions.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "RepositoryPermissions", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpec, default is Undefined, required
+ spec
+ status : ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "actions.github.upbound.io/v1alpha1" = "actions.github.upbound.io/v1alpha1"
+
+ kind: "RepositoryPermissions" = "RepositoryPermissions"
+
+ metadata?: v1.ObjectMeta
+
+ spec: ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpec
+
+ status?: ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatus
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpec:
+ r"""
+ RepositoryPermissionsSpec defines the desired state of RepositoryPermissions
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProvider
+
+ initProvider?: ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecWriteConnectionSecretToRef
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProvider:
+ r"""
+ actions github upbound io v1alpha1 repository permissions spec for provider
+
+ Attributes
+ ----------
+ allowedActions : str, default is Undefined, optional
+ The permissions policy that controls the actions that are allowed to run. Can be one of: all, local_only, or selected.
+ The permissions policy that controls the actions that are allowed to run. Can be one of: 'all', 'local_only', or 'selected'.
+ allowedActionsConfig : [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderAllowedActionsConfigItems0], default is Undefined, optional
+ Sets the actions that are allowed in an repository. Only available when allowed_actions = selected. See Allowed Actions Config below for details.
+ Sets the actions that are allowed in an repository. Only available when 'allowed_actions' = 'selected'.
+ enabled : bool, default is Undefined, optional
+ Should GitHub actions be enabled on this repository?
+ Should GitHub actions be enabled on this repository.
+ repository : str, default is Undefined, optional
+ The GitHub repository
+ The GitHub repository.
+ repositoryRef : ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ """
+
+
+ allowedActions?: str
+
+ allowedActionsConfig?: [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderAllowedActionsConfigItems0]
+
+ enabled?: bool
+
+ repository?: str
+
+ repositoryRef?: ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositoryRef
+
+ repositorySelector?: ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositorySelector
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderAllowedActionsConfigItems0:
+ r"""
+ actions github upbound io v1alpha1 repository permissions spec for provider allowed actions config items0
+
+ Attributes
+ ----------
+ githubOwnedAllowed : bool, default is Undefined, optional
+ Whether GitHub-owned actions are allowed in the repository.
+ Whether GitHub-owned actions are allowed in the repository.
+ patternsAllowed : [str], default is Undefined, optional
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@, monalisa/octocat@v2, monalisa/."
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, 'monalisa/octocat@', 'monalisa/octocat@v2', 'monalisa/'.
+ verifiedAllowed : bool, default is Undefined, optional
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to 'true' to allow all GitHub Marketplace actions by verified creators.
+ """
+
+
+ githubOwnedAllowed?: bool
+
+ patternsAllowed?: [str]
+
+ verifiedAllowed?: bool
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositoryRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositorySelectorPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecForProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ allowedActions : str, default is Undefined, optional
+ The permissions policy that controls the actions that are allowed to run. Can be one of: all, local_only, or selected.
+ The permissions policy that controls the actions that are allowed to run. Can be one of: 'all', 'local_only', or 'selected'.
+ allowedActionsConfig : [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderAllowedActionsConfigItems0], default is Undefined, optional
+ Sets the actions that are allowed in an repository. Only available when allowed_actions = selected. See Allowed Actions Config below for details.
+ Sets the actions that are allowed in an repository. Only available when 'allowed_actions' = 'selected'.
+ enabled : bool, default is Undefined, optional
+ Should GitHub actions be enabled on this repository?
+ Should GitHub actions be enabled on this repository.
+ repository : str, default is Undefined, optional
+ The GitHub repository
+ The GitHub repository.
+ repositoryRef : ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ """
+
+
+ allowedActions?: str
+
+ allowedActionsConfig?: [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderAllowedActionsConfigItems0]
+
+ enabled?: bool
+
+ repository?: str
+
+ repositoryRef?: ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositoryRef
+
+ repositorySelector?: ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositorySelector
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderAllowedActionsConfigItems0:
+ r"""
+ actions github upbound io v1alpha1 repository permissions spec init provider allowed actions config items0
+
+ Attributes
+ ----------
+ githubOwnedAllowed : bool, default is Undefined, optional
+ Whether GitHub-owned actions are allowed in the repository.
+ Whether GitHub-owned actions are allowed in the repository.
+ patternsAllowed : [str], default is Undefined, optional
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@, monalisa/octocat@v2, monalisa/."
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, 'monalisa/octocat@', 'monalisa/octocat@v2', 'monalisa/'.
+ verifiedAllowed : bool, default is Undefined, optional
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to 'true' to allow all GitHub Marketplace actions by verified creators.
+ """
+
+
+ githubOwnedAllowed?: bool
+
+ patternsAllowed?: [str]
+
+ verifiedAllowed?: bool
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositoryRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositorySelectorPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecInitProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecProviderConfigRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatus:
+ r"""
+ RepositoryPermissionsStatus defines the observed state of RepositoryPermissions.
+
+ Attributes
+ ----------
+ atProvider : ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatusAtProvider
+
+ conditions?: [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatusAtProvider:
+ r"""
+ actions github upbound io v1alpha1 repository permissions status at provider
+
+ Attributes
+ ----------
+ allowedActions : str, default is Undefined, optional
+ The permissions policy that controls the actions that are allowed to run. Can be one of: all, local_only, or selected.
+ The permissions policy that controls the actions that are allowed to run. Can be one of: 'all', 'local_only', or 'selected'.
+ allowedActionsConfig : [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatusAtProviderAllowedActionsConfigItems0], default is Undefined, optional
+ Sets the actions that are allowed in an repository. Only available when allowed_actions = selected. See Allowed Actions Config below for details.
+ Sets the actions that are allowed in an repository. Only available when 'allowed_actions' = 'selected'.
+ enabled : bool, default is Undefined, optional
+ Should GitHub actions be enabled on this repository?
+ Should GitHub actions be enabled on this repository.
+ id : str, default is Undefined, optional
+ id
+ repository : str, default is Undefined, optional
+ The GitHub repository
+ The GitHub repository.
+ """
+
+
+ allowedActions?: str
+
+ allowedActionsConfig?: [ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatusAtProviderAllowedActionsConfigItems0]
+
+ enabled?: bool
+
+ id?: str
+
+ repository?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatusAtProviderAllowedActionsConfigItems0:
+ r"""
+ actions github upbound io v1alpha1 repository permissions status at provider allowed actions config items0
+
+ Attributes
+ ----------
+ githubOwnedAllowed : bool, default is Undefined, optional
+ Whether GitHub-owned actions are allowed in the repository.
+ Whether GitHub-owned actions are allowed in the repository.
+ patternsAllowed : [str], default is Undefined, optional
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@, monalisa/octocat@v2, monalisa/."
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, 'monalisa/octocat@', 'monalisa/octocat@v2', 'monalisa/'.
+ verifiedAllowed : bool, default is Undefined, optional
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to 'true' to allow all GitHub Marketplace actions by verified creators.
+ """
+
+
+ githubOwnedAllowed?: bool
+
+ patternsAllowed?: [str]
+
+ verifiedAllowed?: bool
+
+
+schema ActionsGithubUpboundIoV1alpha1RepositoryPermissionsStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_runner_group.k b/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_runner_group.k
new file mode 100644
index 00000000..26e33404
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/actions_github_upbound_io_v1alpha1_runner_group.k
@@ -0,0 +1,670 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema RunnerGroup:
+ r"""
+ RunnerGroup is the Schema for the RunnerGroups API. Creates and manages an Actions Runner Group within a GitHub organization
+
+ Attributes
+ ----------
+ apiVersion : str, default is "actions.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "RunnerGroup", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : ActionsGithubUpboundIoV1alpha1RunnerGroupSpec, default is Undefined, required
+ spec
+ status : ActionsGithubUpboundIoV1alpha1RunnerGroupStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "actions.github.upbound.io/v1alpha1" = "actions.github.upbound.io/v1alpha1"
+
+ kind: "RunnerGroup" = "RunnerGroup"
+
+ metadata?: v1.ObjectMeta
+
+ spec: ActionsGithubUpboundIoV1alpha1RunnerGroupSpec
+
+ status?: ActionsGithubUpboundIoV1alpha1RunnerGroupStatus
+
+
+schema ActionsGithubUpboundIoV1alpha1RunnerGroupSpec:
+ r"""
+ RunnerGroupSpec defines the desired state of RunnerGroup
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : ActionsGithubUpboundIoV1alpha1RunnerGroupSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : ActionsGithubUpboundIoV1alpha1RunnerGroupSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProvider
+
+ initProvider?: ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: ActionsGithubUpboundIoV1alpha1RunnerGroupSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: ActionsGithubUpboundIoV1alpha1RunnerGroupSpecWriteConnectionSecretToRef
+
+
+schema ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProvider:
+ r"""
+ actions github upbound io v1alpha1 runner group spec for provider
+
+ Attributes
+ ----------
+ allowsPublicRepositories : bool, default is Undefined, optional
+ Whether public repositories can be added to the runner group. Defaults to false.
+ Whether public repositories can be added to the runner group.
+ name : str, default is Undefined, optional
+ Name of the runner group
+ Name of the runner group.
+ nameRef : ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameRef, default is Undefined, optional
+ name ref
+ nameSelector : ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameSelector, default is Undefined, optional
+ name selector
+ restrictedToWorkflows : bool, default is Undefined, optional
+ If true, the runner group will be restricted to running only the workflows specified in the selected_workflows array. Defaults to false.
+ If 'true', the runner group will be restricted to running only the workflows specified in the 'selected_workflows' array. Defaults to 'false'.
+ selectedRepositoryIds : [int], default is Undefined, optional
+ IDs of the repositories which should be added to the runner group
+ List of repository IDs that can access the runner group.
+ selectedWorkflows : [str], default is Undefined, optional
+ List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to true.
+ List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to 'true'.
+ visibility : str, default is Undefined, optional
+ Visibility of a runner group. Whether the runner group can include all, selected, or private repositories. A value of private is not currently supported due to limitations in the GitHub API.
+ The visibility of the runner group.
+ """
+
+
+ allowsPublicRepositories?: bool
+
+ name?: str
+
+ nameRef?: ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameRef
+
+ nameSelector?: ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameSelector
+
+ restrictedToWorkflows?: bool
+
+ selectedRepositoryIds?: [int]
+
+ selectedWorkflows?: [str]
+
+ visibility?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameRef:
+ r"""
+ Reference to a Repository in repo to populate name.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameSelector:
+ r"""
+ Selector for a Repository in repo to populate name.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameSelectorPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1RunnerGroupSpecForProviderNameSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ allowsPublicRepositories : bool, default is Undefined, optional
+ Whether public repositories can be added to the runner group. Defaults to false.
+ Whether public repositories can be added to the runner group.
+ name : str, default is Undefined, optional
+ Name of the runner group
+ Name of the runner group.
+ nameRef : ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameRef, default is Undefined, optional
+ name ref
+ nameSelector : ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameSelector, default is Undefined, optional
+ name selector
+ restrictedToWorkflows : bool, default is Undefined, optional
+ If true, the runner group will be restricted to running only the workflows specified in the selected_workflows array. Defaults to false.
+ If 'true', the runner group will be restricted to running only the workflows specified in the 'selected_workflows' array. Defaults to 'false'.
+ selectedRepositoryIds : [int], default is Undefined, optional
+ IDs of the repositories which should be added to the runner group
+ List of repository IDs that can access the runner group.
+ selectedWorkflows : [str], default is Undefined, optional
+ List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to true.
+ List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to 'true'.
+ visibility : str, default is Undefined, optional
+ Visibility of a runner group. Whether the runner group can include all, selected, or private repositories. A value of private is not currently supported due to limitations in the GitHub API.
+ The visibility of the runner group.
+ """
+
+
+ allowsPublicRepositories?: bool
+
+ name?: str
+
+ nameRef?: ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameRef
+
+ nameSelector?: ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameSelector
+
+ restrictedToWorkflows?: bool
+
+ selectedRepositoryIds?: [int]
+
+ selectedWorkflows?: [str]
+
+ visibility?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameRef:
+ r"""
+ Reference to a Repository in repo to populate name.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameSelector:
+ r"""
+ Selector for a Repository in repo to populate name.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameSelectorPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1RunnerGroupSpecInitProviderNameSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1RunnerGroupSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1RunnerGroupSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1RunnerGroupSpecProviderConfigRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1RunnerGroupSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema ActionsGithubUpboundIoV1alpha1RunnerGroupSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1RunnerGroupSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema ActionsGithubUpboundIoV1alpha1RunnerGroupStatus:
+ r"""
+ RunnerGroupStatus defines the observed state of RunnerGroup.
+
+ Attributes
+ ----------
+ atProvider : ActionsGithubUpboundIoV1alpha1RunnerGroupStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [ActionsGithubUpboundIoV1alpha1RunnerGroupStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: ActionsGithubUpboundIoV1alpha1RunnerGroupStatusAtProvider
+
+ conditions?: [ActionsGithubUpboundIoV1alpha1RunnerGroupStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema ActionsGithubUpboundIoV1alpha1RunnerGroupStatusAtProvider:
+ r"""
+ actions github upbound io v1alpha1 runner group status at provider
+
+ Attributes
+ ----------
+ allowsPublicRepositories : bool, default is Undefined, optional
+ Whether public repositories can be added to the runner group. Defaults to false.
+ Whether public repositories can be added to the runner group.
+ default : bool, default is Undefined, optional
+ Whether this is the default runner group
+ Whether this is the default runner group.
+ etag : str, default is Undefined, optional
+ An etag representing the runner group object
+ An etag representing the runner group object
+ id : str, default is Undefined, optional
+ id
+ inherited : bool, default is Undefined, optional
+ Whether the runner group is inherited from the enterprise level
+ Whether the runner group is inherited from the enterprise level
+ name : str, default is Undefined, optional
+ Name of the runner group
+ Name of the runner group.
+ restrictedToWorkflows : bool, default is Undefined, optional
+ If true, the runner group will be restricted to running only the workflows specified in the selected_workflows array. Defaults to false.
+ If 'true', the runner group will be restricted to running only the workflows specified in the 'selected_workflows' array. Defaults to 'false'.
+ runnersUrl : str, default is Undefined, optional
+ The GitHub API URL for the runner group's runners
+ The GitHub API URL for the runner group's runners.
+ selectedRepositoriesUrl : str, default is Undefined, optional
+ GitHub API URL for the runner group's repositories
+ GitHub API URL for the runner group's repositories.
+ selectedRepositoryIds : [int], default is Undefined, optional
+ IDs of the repositories which should be added to the runner group
+ List of repository IDs that can access the runner group.
+ selectedWorkflows : [str], default is Undefined, optional
+ List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to true.
+ List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to 'true'.
+ visibility : str, default is Undefined, optional
+ Visibility of a runner group. Whether the runner group can include all, selected, or private repositories. A value of private is not currently supported due to limitations in the GitHub API.
+ The visibility of the runner group.
+ """
+
+
+ allowsPublicRepositories?: bool
+
+ default?: bool
+
+ etag?: str
+
+ id?: str
+
+ inherited?: bool
+
+ name?: str
+
+ restrictedToWorkflows?: bool
+
+ runnersUrl?: str
+
+ selectedRepositoriesUrl?: str
+
+ selectedRepositoryIds?: [int]
+
+ selectedWorkflows?: [str]
+
+ visibility?: str
+
+
+schema ActionsGithubUpboundIoV1alpha1RunnerGroupStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/enterprise_github_upbound_io_v1alpha1_organization.k b/crossplane-provider-upjet-github/v1alpha1/enterprise_github_upbound_io_v1alpha1_organization.k
new file mode 100644
index 00000000..21377f5e
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/enterprise_github_upbound_io_v1alpha1_organization.k
@@ -0,0 +1,456 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema Organization:
+ r"""
+ Organization is the Schema for the Organizations API. Create and manages a GitHub enterprise organization.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "enterprise.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "Organization", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : EnterpriseGithubUpboundIoV1alpha1OrganizationSpec, default is Undefined, required
+ spec
+ status : EnterpriseGithubUpboundIoV1alpha1OrganizationStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "enterprise.github.upbound.io/v1alpha1" = "enterprise.github.upbound.io/v1alpha1"
+
+ kind: "Organization" = "Organization"
+
+ metadata?: v1.ObjectMeta
+
+ spec: EnterpriseGithubUpboundIoV1alpha1OrganizationSpec
+
+ status?: EnterpriseGithubUpboundIoV1alpha1OrganizationStatus
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationSpec:
+ r"""
+ OrganizationSpec defines the desired state of Organization
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : EnterpriseGithubUpboundIoV1alpha1OrganizationSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : EnterpriseGithubUpboundIoV1alpha1OrganizationSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : EnterpriseGithubUpboundIoV1alpha1OrganizationSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : EnterpriseGithubUpboundIoV1alpha1OrganizationSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: EnterpriseGithubUpboundIoV1alpha1OrganizationSpecForProvider
+
+ initProvider?: EnterpriseGithubUpboundIoV1alpha1OrganizationSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: EnterpriseGithubUpboundIoV1alpha1OrganizationSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: EnterpriseGithubUpboundIoV1alpha1OrganizationSpecWriteConnectionSecretToRef
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationSpecForProvider:
+ r"""
+ enterprise github upbound io v1alpha1 organization spec for provider
+
+ Attributes
+ ----------
+ adminLogins : [str], default is Undefined, optional
+ List of organization owner usernames.
+ List of organization owner usernames.
+ billingEmail : str, default is Undefined, optional
+ The billing email address.
+ The billing email address.
+ description : str, default is Undefined, optional
+ The description of the organization.
+ The description of the organization.
+ displayName : str, default is Undefined, optional
+ The display name of the organization.
+ The display name of the organization.
+ enterpriseId : str, default is Undefined, optional
+ The ID of the enterprise.
+ The ID of the enterprise.
+ name : str, default is Undefined, optional
+ The name of the organization.
+ The name of the organization.
+ """
+
+
+ adminLogins?: [str]
+
+ billingEmail?: str
+
+ description?: str
+
+ displayName?: str
+
+ enterpriseId?: str
+
+ name?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ adminLogins : [str], default is Undefined, optional
+ List of organization owner usernames.
+ List of organization owner usernames.
+ billingEmail : str, default is Undefined, optional
+ The billing email address.
+ The billing email address.
+ description : str, default is Undefined, optional
+ The description of the organization.
+ The description of the organization.
+ displayName : str, default is Undefined, optional
+ The display name of the organization.
+ The display name of the organization.
+ enterpriseId : str, default is Undefined, optional
+ The ID of the enterprise.
+ The ID of the enterprise.
+ name : str, default is Undefined, optional
+ The name of the organization.
+ The name of the organization.
+ """
+
+
+ adminLogins?: [str]
+
+ billingEmail?: str
+
+ description?: str
+
+ displayName?: str
+
+ enterpriseId?: str
+
+ name?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : EnterpriseGithubUpboundIoV1alpha1OrganizationSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: EnterpriseGithubUpboundIoV1alpha1OrganizationSpecProviderConfigRefPolicy
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationStatus:
+ r"""
+ OrganizationStatus defines the observed state of Organization.
+
+ Attributes
+ ----------
+ atProvider : EnterpriseGithubUpboundIoV1alpha1OrganizationStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [EnterpriseGithubUpboundIoV1alpha1OrganizationStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: EnterpriseGithubUpboundIoV1alpha1OrganizationStatusAtProvider
+
+ conditions?: [EnterpriseGithubUpboundIoV1alpha1OrganizationStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationStatusAtProvider:
+ r"""
+ enterprise github upbound io v1alpha1 organization status at provider
+
+ Attributes
+ ----------
+ adminLogins : [str], default is Undefined, optional
+ List of organization owner usernames.
+ List of organization owner usernames.
+ billingEmail : str, default is Undefined, optional
+ The billing email address.
+ The billing email address.
+ databaseId : int, default is Undefined, optional
+ The ID of the organization.
+ The database ID of the organization.
+ description : str, default is Undefined, optional
+ The description of the organization.
+ The description of the organization.
+ displayName : str, default is Undefined, optional
+ The display name of the organization.
+ The display name of the organization.
+ enterpriseId : str, default is Undefined, optional
+ The ID of the enterprise.
+ The ID of the enterprise.
+ id : str, default is Undefined, optional
+ The node ID of the organization for use with the v4 API.
+ name : str, default is Undefined, optional
+ The name of the organization.
+ The name of the organization.
+ """
+
+
+ adminLogins?: [str]
+
+ billingEmail?: str
+
+ databaseId?: int
+
+ description?: str
+
+ displayName?: str
+
+ enterpriseId?: str
+
+ id?: str
+
+ name?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/enterprise_github_upbound_io_v1alpha1_organization_ruleset.k b/crossplane-provider-upjet-github/v1alpha1/enterprise_github_upbound_io_v1alpha1_organization_ruleset.k
new file mode 100644
index 00000000..173cdead
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/enterprise_github_upbound_io_v1alpha1_organization_ruleset.k
@@ -0,0 +1,1591 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema OrganizationRuleset:
+ r"""
+ OrganizationRuleset is the Schema for the OrganizationRulesets API.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "enterprise.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "OrganizationRuleset", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpec, default is Undefined, required
+ spec
+ status : EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "enterprise.github.upbound.io/v1alpha1" = "enterprise.github.upbound.io/v1alpha1"
+
+ kind: "OrganizationRuleset" = "OrganizationRuleset"
+
+ metadata?: v1.ObjectMeta
+
+ spec: EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpec
+
+ status?: EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatus
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpec:
+ r"""
+ OrganizationRulesetSpec defines the desired state of OrganizationRuleset
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProvider
+
+ initProvider?: EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecWriteConnectionSecretToRef
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProvider:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec for provider
+
+ Attributes
+ ----------
+ bypassActors : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderBypassActorsItems0], default is Undefined, optional
+ The actors that can bypass the rules in this ruleset.
+ conditions : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderConditionsItems0], default is Undefined, optional
+ Parameters for an organization ruleset condition. `ref_name` is required alongside one of `repository_name` or `repository_id`.
+ enforcement : str, default is Undefined, optional
+ Possible values for Enforcement are `disabled`, `active`, `evaluate`. Note: `evaluate` is currently only supported for owners of type `organization`.
+ name : str, default is Undefined, optional
+ The name of the ruleset.
+ rules : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0], default is Undefined, optional
+ Rules within the ruleset.
+ target : str, default is Undefined, optional
+ Possible values are `branch`, `tag` and `push`. Note: The `push` target is in beta and is subject to change.
+ """
+
+
+ bypassActors?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderBypassActorsItems0]
+
+ conditions?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderConditionsItems0]
+
+ enforcement?: str
+
+ name?: str
+
+ rules?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0]
+
+ target?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderBypassActorsItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec for provider bypass actors items0
+
+ Attributes
+ ----------
+ actorId : int, default is Undefined, optional
+ The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`.
+ actorType : str, default is Undefined, optional
+ The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.
+ bypassMode : str, default is Undefined, optional
+ When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.
+ """
+
+
+ actorId?: int
+
+ actorType?: str
+
+ bypassMode?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderConditionsItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec for provider conditions items0
+
+ Attributes
+ ----------
+ refName : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderConditionsItems0RefNameItems0], default is Undefined, optional
+ ref name
+ repositoryId : [int], default is Undefined, optional
+ The repository IDs that the ruleset applies to. One of these IDs must match for the condition to pass.
+ repositoryName : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderConditionsItems0RepositoryNameItems0], default is Undefined, optional
+ repository name
+ """
+
+
+ refName?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderConditionsItems0RefNameItems0]
+
+ repositoryId?: [int]
+
+ repositoryName?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderConditionsItems0RepositoryNameItems0]
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderConditionsItems0RefNameItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec for provider conditions items0 ref name items0
+
+ Attributes
+ ----------
+ exclude : [str], default is Undefined, optional
+ Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.
+ include : [str], default is Undefined, optional
+ Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.
+ """
+
+
+ exclude?: [str]
+
+ include?: [str]
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderConditionsItems0RepositoryNameItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec for provider conditions items0 repository name items0
+
+ Attributes
+ ----------
+ exclude : [str], default is Undefined, optional
+ Array of repository names or patterns to exclude. The condition will not pass if any of these patterns match.
+ include : [str], default is Undefined, optional
+ Array of repository names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~ALL` to include all repositories.
+ protected : bool, default is Undefined, optional
+ Whether renaming of target repositories is prevented.
+ """
+
+
+ exclude?: [str]
+
+ include?: [str]
+
+ protected?: bool
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec for provider rules items0
+
+ Attributes
+ ----------
+ branchNamePattern : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0BranchNamePatternItems0], default is Undefined, optional
+ Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `tag_name_pattern` as it only applies to rulesets with target `branch`.
+ commitAuthorEmailPattern : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0CommitAuthorEmailPatternItems0], default is Undefined, optional
+ Parameters to be used for the commit_author_email_pattern rule.
+ commitMessagePattern : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0CommitMessagePatternItems0], default is Undefined, optional
+ Parameters to be used for the commit_message_pattern rule.
+ committerEmailPattern : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0CommitterEmailPatternItems0], default is Undefined, optional
+ Parameters to be used for the committer_email_pattern rule.
+ creation : bool, default is Undefined, optional
+ Only allow users with bypass permission to create matching refs.
+ deletion : bool, default is Undefined, optional
+ Only allow users with bypass permissions to delete matching refs.
+ nonFastForward : bool, default is Undefined, optional
+ Prevent users with push access from force pushing to branches.
+ pullRequest : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0PullRequestItems0], default is Undefined, optional
+ Require all commits be made to a non-target branch and submitted via a pull request before they can be merged.
+ requiredLinearHistory : bool, default is Undefined, optional
+ Prevent merge commits from being pushed to matching branches.
+ requiredSignatures : bool, default is Undefined, optional
+ Commits pushed to matching branches must have verified signatures.
+ requiredStatusChecks : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0], default is Undefined, optional
+ Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed.
+ requiredWorkflows : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredWorkflowsItems0], default is Undefined, optional
+ Choose which Actions workflows must pass before branches can be merged into a branch that matches this rule.
+ tagNamePattern : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0TagNamePatternItems0], default is Undefined, optional
+ Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `branch_name_pattern` as it only applies to rulesets with target `tag`.
+ update : bool, default is Undefined, optional
+ Only allow users with bypass permission to update matching refs.
+ """
+
+
+ branchNamePattern?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0BranchNamePatternItems0]
+
+ commitAuthorEmailPattern?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0CommitAuthorEmailPatternItems0]
+
+ commitMessagePattern?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0CommitMessagePatternItems0]
+
+ committerEmailPattern?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0CommitterEmailPatternItems0]
+
+ creation?: bool
+
+ deletion?: bool
+
+ nonFastForward?: bool
+
+ pullRequest?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0PullRequestItems0]
+
+ requiredLinearHistory?: bool
+
+ requiredSignatures?: bool
+
+ requiredStatusChecks?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0]
+
+ requiredWorkflows?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredWorkflowsItems0]
+
+ tagNamePattern?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0TagNamePatternItems0]
+
+ update?: bool
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0BranchNamePatternItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec for provider rules items0 branch name pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0CommitAuthorEmailPatternItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec for provider rules items0 commit author email pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0CommitMessagePatternItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec for provider rules items0 commit message pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0CommitterEmailPatternItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec for provider rules items0 committer email pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0PullRequestItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec for provider rules items0 pull request items0
+
+ Attributes
+ ----------
+ dismissStaleReviewsOnPush : bool, default is Undefined, optional
+ New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to `false`.
+ requireCodeOwnerReview : bool, default is Undefined, optional
+ Require an approving review in pull requests that modify files that have a designated code owner. Defaults to `false`.
+ requireLastPushApproval : bool, default is Undefined, optional
+ Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to `false`.
+ requiredApprovingReviewCount : int, default is Undefined, optional
+ The number of approving reviews that are required before a pull request can be merged. Defaults to `0`.
+ requiredReviewThreadResolution : bool, default is Undefined, optional
+ All conversations on code must be resolved before a pull request can be merged. Defaults to `false`.
+ """
+
+
+ dismissStaleReviewsOnPush?: bool
+
+ requireCodeOwnerReview?: bool
+
+ requireLastPushApproval?: bool
+
+ requiredApprovingReviewCount?: int
+
+ requiredReviewThreadResolution?: bool
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec for provider rules items0 required status checks items0
+
+ Attributes
+ ----------
+ requiredCheck : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0], default is Undefined, optional
+ Status checks that are required. Several can be defined.
+ strictRequiredStatusChecksPolicy : bool, default is Undefined, optional
+ Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to `false`.
+ """
+
+
+ requiredCheck?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0]
+
+ strictRequiredStatusChecksPolicy?: bool
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec for provider rules items0 required status checks items0 required check items0
+
+ Attributes
+ ----------
+ context : str, default is Undefined, optional
+ The status check context name that must be present on the commit.
+ integrationId : int, default is Undefined, optional
+ The optional integration ID that this status check must originate from.
+ """
+
+
+ context?: str
+
+ integrationId?: int
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredWorkflowsItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec for provider rules items0 required workflows items0
+
+ Attributes
+ ----------
+ requiredWorkflow : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredWorkflowsItems0RequiredWorkflowItems0], default is Undefined, optional
+ Actions workflows that are required. Several can be defined.
+ """
+
+
+ requiredWorkflow?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredWorkflowsItems0RequiredWorkflowItems0]
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0RequiredWorkflowsItems0RequiredWorkflowItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec for provider rules items0 required workflows items0 required workflow items0
+
+ Attributes
+ ----------
+ path : str, default is Undefined, optional
+ The path to the workflow YAML definition file.
+ ref : str, default is Undefined, optional
+ The ref (branch or tag) of the workflow file to use.
+ repositoryId : int, default is Undefined, optional
+ The repository in which the workflow is defined.
+ """
+
+
+ path?: str
+
+ ref?: str
+
+ repositoryId?: int
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecForProviderRulesItems0TagNamePatternItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec for provider rules items0 tag name pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ bypassActors : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderBypassActorsItems0], default is Undefined, optional
+ The actors that can bypass the rules in this ruleset.
+ conditions : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderConditionsItems0], default is Undefined, optional
+ Parameters for an organization ruleset condition. `ref_name` is required alongside one of `repository_name` or `repository_id`.
+ enforcement : str, default is Undefined, optional
+ Possible values for Enforcement are `disabled`, `active`, `evaluate`. Note: `evaluate` is currently only supported for owners of type `organization`.
+ name : str, default is Undefined, optional
+ The name of the ruleset.
+ rules : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0], default is Undefined, optional
+ Rules within the ruleset.
+ target : str, default is Undefined, optional
+ Possible values are `branch`, `tag` and `push`. Note: The `push` target is in beta and is subject to change.
+ """
+
+
+ bypassActors?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderBypassActorsItems0]
+
+ conditions?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderConditionsItems0]
+
+ enforcement?: str
+
+ name?: str
+
+ rules?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0]
+
+ target?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderBypassActorsItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec init provider bypass actors items0
+
+ Attributes
+ ----------
+ actorId : int, default is Undefined, optional
+ The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`.
+ actorType : str, default is Undefined, optional
+ The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.
+ bypassMode : str, default is Undefined, optional
+ When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.
+ """
+
+
+ actorId?: int
+
+ actorType?: str
+
+ bypassMode?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderConditionsItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec init provider conditions items0
+
+ Attributes
+ ----------
+ refName : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderConditionsItems0RefNameItems0], default is Undefined, optional
+ ref name
+ repositoryId : [int], default is Undefined, optional
+ The repository IDs that the ruleset applies to. One of these IDs must match for the condition to pass.
+ repositoryName : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderConditionsItems0RepositoryNameItems0], default is Undefined, optional
+ repository name
+ """
+
+
+ refName?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderConditionsItems0RefNameItems0]
+
+ repositoryId?: [int]
+
+ repositoryName?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderConditionsItems0RepositoryNameItems0]
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderConditionsItems0RefNameItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec init provider conditions items0 ref name items0
+
+ Attributes
+ ----------
+ exclude : [str], default is Undefined, optional
+ Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.
+ include : [str], default is Undefined, optional
+ Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.
+ """
+
+
+ exclude?: [str]
+
+ include?: [str]
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderConditionsItems0RepositoryNameItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec init provider conditions items0 repository name items0
+
+ Attributes
+ ----------
+ exclude : [str], default is Undefined, optional
+ Array of repository names or patterns to exclude. The condition will not pass if any of these patterns match.
+ include : [str], default is Undefined, optional
+ Array of repository names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~ALL` to include all repositories.
+ protected : bool, default is Undefined, optional
+ Whether renaming of target repositories is prevented.
+ """
+
+
+ exclude?: [str]
+
+ include?: [str]
+
+ protected?: bool
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec init provider rules items0
+
+ Attributes
+ ----------
+ branchNamePattern : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0BranchNamePatternItems0], default is Undefined, optional
+ Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `tag_name_pattern` as it only applies to rulesets with target `branch`.
+ commitAuthorEmailPattern : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0CommitAuthorEmailPatternItems0], default is Undefined, optional
+ Parameters to be used for the commit_author_email_pattern rule.
+ commitMessagePattern : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0CommitMessagePatternItems0], default is Undefined, optional
+ Parameters to be used for the commit_message_pattern rule.
+ committerEmailPattern : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0CommitterEmailPatternItems0], default is Undefined, optional
+ Parameters to be used for the committer_email_pattern rule.
+ creation : bool, default is Undefined, optional
+ Only allow users with bypass permission to create matching refs.
+ deletion : bool, default is Undefined, optional
+ Only allow users with bypass permissions to delete matching refs.
+ nonFastForward : bool, default is Undefined, optional
+ Prevent users with push access from force pushing to branches.
+ pullRequest : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0PullRequestItems0], default is Undefined, optional
+ Require all commits be made to a non-target branch and submitted via a pull request before they can be merged.
+ requiredLinearHistory : bool, default is Undefined, optional
+ Prevent merge commits from being pushed to matching branches.
+ requiredSignatures : bool, default is Undefined, optional
+ Commits pushed to matching branches must have verified signatures.
+ requiredStatusChecks : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0], default is Undefined, optional
+ Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed.
+ requiredWorkflows : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredWorkflowsItems0], default is Undefined, optional
+ Choose which Actions workflows must pass before branches can be merged into a branch that matches this rule.
+ tagNamePattern : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0TagNamePatternItems0], default is Undefined, optional
+ Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `branch_name_pattern` as it only applies to rulesets with target `tag`.
+ update : bool, default is Undefined, optional
+ Only allow users with bypass permission to update matching refs.
+ """
+
+
+ branchNamePattern?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0BranchNamePatternItems0]
+
+ commitAuthorEmailPattern?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0CommitAuthorEmailPatternItems0]
+
+ commitMessagePattern?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0CommitMessagePatternItems0]
+
+ committerEmailPattern?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0CommitterEmailPatternItems0]
+
+ creation?: bool
+
+ deletion?: bool
+
+ nonFastForward?: bool
+
+ pullRequest?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0PullRequestItems0]
+
+ requiredLinearHistory?: bool
+
+ requiredSignatures?: bool
+
+ requiredStatusChecks?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0]
+
+ requiredWorkflows?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredWorkflowsItems0]
+
+ tagNamePattern?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0TagNamePatternItems0]
+
+ update?: bool
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0BranchNamePatternItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec init provider rules items0 branch name pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0CommitAuthorEmailPatternItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec init provider rules items0 commit author email pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0CommitMessagePatternItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec init provider rules items0 commit message pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0CommitterEmailPatternItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec init provider rules items0 committer email pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0PullRequestItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec init provider rules items0 pull request items0
+
+ Attributes
+ ----------
+ dismissStaleReviewsOnPush : bool, default is Undefined, optional
+ New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to `false`.
+ requireCodeOwnerReview : bool, default is Undefined, optional
+ Require an approving review in pull requests that modify files that have a designated code owner. Defaults to `false`.
+ requireLastPushApproval : bool, default is Undefined, optional
+ Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to `false`.
+ requiredApprovingReviewCount : int, default is Undefined, optional
+ The number of approving reviews that are required before a pull request can be merged. Defaults to `0`.
+ requiredReviewThreadResolution : bool, default is Undefined, optional
+ All conversations on code must be resolved before a pull request can be merged. Defaults to `false`.
+ """
+
+
+ dismissStaleReviewsOnPush?: bool
+
+ requireCodeOwnerReview?: bool
+
+ requireLastPushApproval?: bool
+
+ requiredApprovingReviewCount?: int
+
+ requiredReviewThreadResolution?: bool
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec init provider rules items0 required status checks items0
+
+ Attributes
+ ----------
+ requiredCheck : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0], default is Undefined, optional
+ Status checks that are required. Several can be defined.
+ strictRequiredStatusChecksPolicy : bool, default is Undefined, optional
+ Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to `false`.
+ """
+
+
+ requiredCheck?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0]
+
+ strictRequiredStatusChecksPolicy?: bool
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec init provider rules items0 required status checks items0 required check items0
+
+ Attributes
+ ----------
+ context : str, default is Undefined, optional
+ The status check context name that must be present on the commit.
+ integrationId : int, default is Undefined, optional
+ The optional integration ID that this status check must originate from.
+ """
+
+
+ context?: str
+
+ integrationId?: int
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredWorkflowsItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec init provider rules items0 required workflows items0
+
+ Attributes
+ ----------
+ requiredWorkflow : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredWorkflowsItems0RequiredWorkflowItems0], default is Undefined, optional
+ Actions workflows that are required. Several can be defined.
+ """
+
+
+ requiredWorkflow?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredWorkflowsItems0RequiredWorkflowItems0]
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0RequiredWorkflowsItems0RequiredWorkflowItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec init provider rules items0 required workflows items0 required workflow items0
+
+ Attributes
+ ----------
+ path : str, default is Undefined, optional
+ The path to the workflow YAML definition file.
+ ref : str, default is Undefined, optional
+ The ref (branch or tag) of the workflow file to use.
+ repositoryId : int, default is Undefined, optional
+ The repository in which the workflow is defined.
+ """
+
+
+ path?: str
+
+ ref?: str
+
+ repositoryId?: int
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecInitProviderRulesItems0TagNamePatternItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset spec init provider rules items0 tag name pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecProviderConfigRefPolicy
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatus:
+ r"""
+ OrganizationRulesetStatus defines the observed state of OrganizationRuleset.
+
+ Attributes
+ ----------
+ atProvider : EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProvider
+
+ conditions?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProvider:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset status at provider
+
+ Attributes
+ ----------
+ bypassActors : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderBypassActorsItems0], default is Undefined, optional
+ The actors that can bypass the rules in this ruleset.
+ conditions : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderConditionsItems0], default is Undefined, optional
+ Parameters for an organization ruleset condition. `ref_name` is required alongside one of `repository_name` or `repository_id`.
+ enforcement : str, default is Undefined, optional
+ Possible values for Enforcement are `disabled`, `active`, `evaluate`. Note: `evaluate` is currently only supported for owners of type `organization`.
+ etag : str, default is Undefined, optional
+ etag
+ id : str, default is Undefined, optional
+ id
+ name : str, default is Undefined, optional
+ The name of the ruleset.
+ nodeId : str, default is Undefined, optional
+ GraphQL global node id for use with v4 API.
+ rules : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0], default is Undefined, optional
+ Rules within the ruleset.
+ rulesetId : int, default is Undefined, optional
+ GitHub ID for the ruleset.
+ target : str, default is Undefined, optional
+ Possible values are `branch`, `tag` and `push`. Note: The `push` target is in beta and is subject to change.
+ """
+
+
+ bypassActors?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderBypassActorsItems0]
+
+ conditions?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderConditionsItems0]
+
+ enforcement?: str
+
+ etag?: str
+
+ id?: str
+
+ name?: str
+
+ nodeId?: str
+
+ rules?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0]
+
+ rulesetId?: int
+
+ target?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderBypassActorsItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset status at provider bypass actors items0
+
+ Attributes
+ ----------
+ actorId : int, default is Undefined, optional
+ The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`.
+ actorType : str, default is Undefined, optional
+ The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.
+ bypassMode : str, default is Undefined, optional
+ When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.
+ """
+
+
+ actorId?: int
+
+ actorType?: str
+
+ bypassMode?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderConditionsItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset status at provider conditions items0
+
+ Attributes
+ ----------
+ refName : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderConditionsItems0RefNameItems0], default is Undefined, optional
+ ref name
+ repositoryId : [int], default is Undefined, optional
+ The repository IDs that the ruleset applies to. One of these IDs must match for the condition to pass.
+ repositoryName : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderConditionsItems0RepositoryNameItems0], default is Undefined, optional
+ repository name
+ """
+
+
+ refName?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderConditionsItems0RefNameItems0]
+
+ repositoryId?: [int]
+
+ repositoryName?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderConditionsItems0RepositoryNameItems0]
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderConditionsItems0RefNameItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset status at provider conditions items0 ref name items0
+
+ Attributes
+ ----------
+ exclude : [str], default is Undefined, optional
+ Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.
+ include : [str], default is Undefined, optional
+ Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.
+ """
+
+
+ exclude?: [str]
+
+ include?: [str]
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderConditionsItems0RepositoryNameItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset status at provider conditions items0 repository name items0
+
+ Attributes
+ ----------
+ exclude : [str], default is Undefined, optional
+ Array of repository names or patterns to exclude. The condition will not pass if any of these patterns match.
+ include : [str], default is Undefined, optional
+ Array of repository names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~ALL` to include all repositories.
+ protected : bool, default is Undefined, optional
+ Whether renaming of target repositories is prevented.
+ """
+
+
+ exclude?: [str]
+
+ include?: [str]
+
+ protected?: bool
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset status at provider rules items0
+
+ Attributes
+ ----------
+ branchNamePattern : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0BranchNamePatternItems0], default is Undefined, optional
+ Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `tag_name_pattern` as it only applies to rulesets with target `branch`.
+ commitAuthorEmailPattern : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0CommitAuthorEmailPatternItems0], default is Undefined, optional
+ Parameters to be used for the commit_author_email_pattern rule.
+ commitMessagePattern : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0CommitMessagePatternItems0], default is Undefined, optional
+ Parameters to be used for the commit_message_pattern rule.
+ committerEmailPattern : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0CommitterEmailPatternItems0], default is Undefined, optional
+ Parameters to be used for the committer_email_pattern rule.
+ creation : bool, default is Undefined, optional
+ Only allow users with bypass permission to create matching refs.
+ deletion : bool, default is Undefined, optional
+ Only allow users with bypass permissions to delete matching refs.
+ nonFastForward : bool, default is Undefined, optional
+ Prevent users with push access from force pushing to branches.
+ pullRequest : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0PullRequestItems0], default is Undefined, optional
+ Require all commits be made to a non-target branch and submitted via a pull request before they can be merged.
+ requiredLinearHistory : bool, default is Undefined, optional
+ Prevent merge commits from being pushed to matching branches.
+ requiredSignatures : bool, default is Undefined, optional
+ Commits pushed to matching branches must have verified signatures.
+ requiredStatusChecks : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0], default is Undefined, optional
+ Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed.
+ requiredWorkflows : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredWorkflowsItems0], default is Undefined, optional
+ Choose which Actions workflows must pass before branches can be merged into a branch that matches this rule.
+ tagNamePattern : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0TagNamePatternItems0], default is Undefined, optional
+ Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `branch_name_pattern` as it only applies to rulesets with target `tag`.
+ update : bool, default is Undefined, optional
+ Only allow users with bypass permission to update matching refs.
+ """
+
+
+ branchNamePattern?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0BranchNamePatternItems0]
+
+ commitAuthorEmailPattern?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0CommitAuthorEmailPatternItems0]
+
+ commitMessagePattern?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0CommitMessagePatternItems0]
+
+ committerEmailPattern?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0CommitterEmailPatternItems0]
+
+ creation?: bool
+
+ deletion?: bool
+
+ nonFastForward?: bool
+
+ pullRequest?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0PullRequestItems0]
+
+ requiredLinearHistory?: bool
+
+ requiredSignatures?: bool
+
+ requiredStatusChecks?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0]
+
+ requiredWorkflows?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredWorkflowsItems0]
+
+ tagNamePattern?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0TagNamePatternItems0]
+
+ update?: bool
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0BranchNamePatternItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset status at provider rules items0 branch name pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0CommitAuthorEmailPatternItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset status at provider rules items0 commit author email pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0CommitMessagePatternItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset status at provider rules items0 commit message pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0CommitterEmailPatternItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset status at provider rules items0 committer email pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0PullRequestItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset status at provider rules items0 pull request items0
+
+ Attributes
+ ----------
+ dismissStaleReviewsOnPush : bool, default is Undefined, optional
+ New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to `false`.
+ requireCodeOwnerReview : bool, default is Undefined, optional
+ Require an approving review in pull requests that modify files that have a designated code owner. Defaults to `false`.
+ requireLastPushApproval : bool, default is Undefined, optional
+ Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to `false`.
+ requiredApprovingReviewCount : int, default is Undefined, optional
+ The number of approving reviews that are required before a pull request can be merged. Defaults to `0`.
+ requiredReviewThreadResolution : bool, default is Undefined, optional
+ All conversations on code must be resolved before a pull request can be merged. Defaults to `false`.
+ """
+
+
+ dismissStaleReviewsOnPush?: bool
+
+ requireCodeOwnerReview?: bool
+
+ requireLastPushApproval?: bool
+
+ requiredApprovingReviewCount?: int
+
+ requiredReviewThreadResolution?: bool
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset status at provider rules items0 required status checks items0
+
+ Attributes
+ ----------
+ requiredCheck : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0], default is Undefined, optional
+ Status checks that are required. Several can be defined.
+ strictRequiredStatusChecksPolicy : bool, default is Undefined, optional
+ Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to `false`.
+ """
+
+
+ requiredCheck?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0]
+
+ strictRequiredStatusChecksPolicy?: bool
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset status at provider rules items0 required status checks items0 required check items0
+
+ Attributes
+ ----------
+ context : str, default is Undefined, optional
+ The status check context name that must be present on the commit.
+ integrationId : int, default is Undefined, optional
+ The optional integration ID that this status check must originate from.
+ """
+
+
+ context?: str
+
+ integrationId?: int
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredWorkflowsItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset status at provider rules items0 required workflows items0
+
+ Attributes
+ ----------
+ requiredWorkflow : [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredWorkflowsItems0RequiredWorkflowItems0], default is Undefined, optional
+ Actions workflows that are required. Several can be defined.
+ """
+
+
+ requiredWorkflow?: [EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredWorkflowsItems0RequiredWorkflowItems0]
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0RequiredWorkflowsItems0RequiredWorkflowItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset status at provider rules items0 required workflows items0 required workflow items0
+
+ Attributes
+ ----------
+ path : str, default is Undefined, optional
+ The path to the workflow YAML definition file.
+ ref : str, default is Undefined, optional
+ The ref (branch or tag) of the workflow file to use.
+ repositoryId : int, default is Undefined, optional
+ The repository in which the workflow is defined.
+ """
+
+
+ path?: str
+
+ ref?: str
+
+ repositoryId?: int
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusAtProviderRulesItems0TagNamePatternItems0:
+ r"""
+ enterprise github upbound io v1alpha1 organization ruleset status at provider rules items0 tag name pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema EnterpriseGithubUpboundIoV1alpha1OrganizationRulesetStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/github_upbound_io_v1alpha1_store_config.k b/crossplane-provider-upjet-github/v1alpha1/github_upbound_io_v1alpha1_store_config.k
new file mode 100644
index 00000000..e8e7dcb5
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/github_upbound_io_v1alpha1_store_config.k
@@ -0,0 +1,257 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema StoreConfig:
+ r"""
+ A StoreConfig configures how GCP controller should store connection details.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "StoreConfig", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : GithubUpboundIoV1alpha1StoreConfigSpec, default is Undefined, required
+ spec
+ status : GithubUpboundIoV1alpha1StoreConfigStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "github.upbound.io/v1alpha1" = "github.upbound.io/v1alpha1"
+
+ kind: "StoreConfig" = "StoreConfig"
+
+ metadata?: v1.ObjectMeta
+
+ spec: GithubUpboundIoV1alpha1StoreConfigSpec
+
+ status?: GithubUpboundIoV1alpha1StoreConfigStatus
+
+
+schema GithubUpboundIoV1alpha1StoreConfigSpec:
+ r"""
+ A StoreConfigSpec defines the desired state of a ProviderConfig.
+
+ Attributes
+ ----------
+ defaultScope : str, default is Undefined, required
+ DefaultScope used for scoping secrets for "cluster-scoped" resources.
+ If store type is "Kubernetes", this would mean the default namespace to
+ store connection secrets for cluster scoped resources.
+ In case of "Vault", this would be used as the default parent path.
+ Typically, should be set as Crossplane installation namespace.
+ kubernetes : GithubUpboundIoV1alpha1StoreConfigSpecKubernetes, default is Undefined, optional
+ kubernetes
+ plugin : GithubUpboundIoV1alpha1StoreConfigSpecPlugin, default is Undefined, optional
+ plugin
+ $type : str, default is "Kubernetes", optional
+ Type configures which secret store to be used. Only the configuration
+ block for this store will be used and others will be ignored if provided.
+ Default is Kubernetes.
+ """
+
+
+ defaultScope: str
+
+ kubernetes?: GithubUpboundIoV1alpha1StoreConfigSpecKubernetes
+
+ plugin?: GithubUpboundIoV1alpha1StoreConfigSpecPlugin
+
+ $type?: "Kubernetes" | "Vault" | "Plugin" = "Kubernetes"
+
+
+schema GithubUpboundIoV1alpha1StoreConfigSpecKubernetes:
+ r"""
+ Kubernetes configures a Kubernetes secret store.
+ If the "type" is "Kubernetes" but no config provided, in cluster config
+ will be used.
+
+ Attributes
+ ----------
+ auth : GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuth, default is Undefined, required
+ auth
+ """
+
+
+ auth: GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuth
+
+
+schema GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuth:
+ r"""
+ Credentials used to connect to the Kubernetes API.
+
+ Attributes
+ ----------
+ env : GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuthEnv, default is Undefined, optional
+ env
+ fs : GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuthFs, default is Undefined, optional
+ fs
+ secretRef : GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuthSecretRef, default is Undefined, optional
+ secret ref
+ source : str, default is Undefined, required
+ Source of the credentials.
+ """
+
+
+ env?: GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuthEnv
+
+ fs?: GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuthFs
+
+ secretRef?: GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuthSecretRef
+
+ source: "None" | "Secret" | "Environment" | "Filesystem"
+
+
+schema GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuthEnv:
+ r"""
+ Env is a reference to an environment variable that contains credentials
+ that must be used to connect to the provider.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name is the name of an environment variable.
+ """
+
+
+ name: str
+
+
+schema GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuthFs:
+ r"""
+ Fs is a reference to a filesystem location that contains credentials that
+ must be used to connect to the provider.
+
+ Attributes
+ ----------
+ path : str, default is Undefined, required
+ Path is a filesystem path.
+ """
+
+
+ path: str
+
+
+schema GithubUpboundIoV1alpha1StoreConfigSpecKubernetesAuthSecretRef:
+ r"""
+ A SecretRef is a reference to a secret key that contains the credentials
+ that must be used to connect to the provider.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key to select.
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ key: str
+
+ name: str
+
+ namespace: str
+
+
+schema GithubUpboundIoV1alpha1StoreConfigSpecPlugin:
+ r"""
+ Plugin configures External secret store as a plugin.
+
+ Attributes
+ ----------
+ configRef : GithubUpboundIoV1alpha1StoreConfigSpecPluginConfigRef, default is Undefined, optional
+ config ref
+ endpoint : str, default is Undefined, optional
+ Endpoint is the endpoint of the gRPC server.
+ """
+
+
+ configRef?: GithubUpboundIoV1alpha1StoreConfigSpecPluginConfigRef
+
+ endpoint?: str
+
+
+schema GithubUpboundIoV1alpha1StoreConfigSpecPluginConfigRef:
+ r"""
+ ConfigRef contains store config reference info.
+
+ Attributes
+ ----------
+ apiVersion : str, default is Undefined, required
+ APIVersion of the referenced config.
+ kind : str, default is Undefined, required
+ Kind of the referenced config.
+ name : str, default is Undefined, required
+ Name of the referenced config.
+ """
+
+
+ apiVersion: str
+
+ kind: str
+
+ name: str
+
+
+schema GithubUpboundIoV1alpha1StoreConfigStatus:
+ r"""
+ A StoreConfigStatus represents the status of a StoreConfig.
+
+ Attributes
+ ----------
+ conditions : [GithubUpboundIoV1alpha1StoreConfigStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ """
+
+
+ conditions?: [GithubUpboundIoV1alpha1StoreConfigStatusConditionsItems0]
+
+
+schema GithubUpboundIoV1alpha1StoreConfigStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_branch.k b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_branch.k
new file mode 100644
index 00000000..3581d5dd
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_branch.k
@@ -0,0 +1,630 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema Branch:
+ r"""
+ Branch is the Schema for the Branchs API. Creates and manages branches within GitHub repositories.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "repo.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "Branch", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : RepoGithubUpboundIoV1alpha1BranchSpec, default is Undefined, required
+ spec
+ status : RepoGithubUpboundIoV1alpha1BranchStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "repo.github.upbound.io/v1alpha1" = "repo.github.upbound.io/v1alpha1"
+
+ kind: "Branch" = "Branch"
+
+ metadata?: v1.ObjectMeta
+
+ spec: RepoGithubUpboundIoV1alpha1BranchSpec
+
+ status?: RepoGithubUpboundIoV1alpha1BranchStatus
+
+
+schema RepoGithubUpboundIoV1alpha1BranchSpec:
+ r"""
+ BranchSpec defines the desired state of Branch
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : RepoGithubUpboundIoV1alpha1BranchSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : RepoGithubUpboundIoV1alpha1BranchSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : RepoGithubUpboundIoV1alpha1BranchSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : RepoGithubUpboundIoV1alpha1BranchSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: RepoGithubUpboundIoV1alpha1BranchSpecForProvider
+
+ initProvider?: RepoGithubUpboundIoV1alpha1BranchSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: RepoGithubUpboundIoV1alpha1BranchSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: RepoGithubUpboundIoV1alpha1BranchSpecWriteConnectionSecretToRef
+
+
+schema RepoGithubUpboundIoV1alpha1BranchSpecForProvider:
+ r"""
+ repo github upbound io v1alpha1 branch spec for provider
+
+ Attributes
+ ----------
+ branch : str, default is Undefined, optional
+ The repository branch to create.
+ The repository branch to create.
+ repository : str, default is Undefined, optional
+ The GitHub repository name.
+ The GitHub repository name.
+ repositoryRef : RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ sourceBranch : str, default is Undefined, optional
+ The branch name to start from. Defaults to main.
+ The branch name to start from. Defaults to 'main'.
+ sourceSha : str, default is Undefined, optional
+ The commit hash to start from. Defaults to the tip of source_branch. If provided, source_branch is ignored.
+ The commit hash to start from. Defaults to the tip of 'source_branch'. If provided, 'source_branch' is ignored.
+ """
+
+
+ branch?: str
+
+ repository?: str
+
+ repositoryRef?: RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositoryRef
+
+ repositorySelector?: RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositorySelector
+
+ sourceBranch?: str
+
+ sourceSha?: str
+
+
+schema RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1BranchSpecForProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1BranchSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ branch : str, default is Undefined, optional
+ The repository branch to create.
+ The repository branch to create.
+ repository : str, default is Undefined, optional
+ The GitHub repository name.
+ The GitHub repository name.
+ repositoryRef : RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ sourceBranch : str, default is Undefined, optional
+ The branch name to start from. Defaults to main.
+ The branch name to start from. Defaults to 'main'.
+ sourceSha : str, default is Undefined, optional
+ The commit hash to start from. Defaults to the tip of source_branch. If provided, source_branch is ignored.
+ The commit hash to start from. Defaults to the tip of 'source_branch'. If provided, 'source_branch' is ignored.
+ """
+
+
+ branch?: str
+
+ repository?: str
+
+ repositoryRef?: RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositoryRef
+
+ repositorySelector?: RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositorySelector
+
+ sourceBranch?: str
+
+ sourceSha?: str
+
+
+schema RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1BranchSpecInitProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1BranchSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1BranchSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1BranchSpecProviderConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1BranchSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1BranchSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema RepoGithubUpboundIoV1alpha1BranchSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema RepoGithubUpboundIoV1alpha1BranchStatus:
+ r"""
+ BranchStatus defines the observed state of Branch.
+
+ Attributes
+ ----------
+ atProvider : RepoGithubUpboundIoV1alpha1BranchStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [RepoGithubUpboundIoV1alpha1BranchStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: RepoGithubUpboundIoV1alpha1BranchStatusAtProvider
+
+ conditions?: [RepoGithubUpboundIoV1alpha1BranchStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema RepoGithubUpboundIoV1alpha1BranchStatusAtProvider:
+ r"""
+ repo github upbound io v1alpha1 branch status at provider
+
+ Attributes
+ ----------
+ branch : str, default is Undefined, optional
+ The repository branch to create.
+ The repository branch to create.
+ etag : str, default is Undefined, optional
+ An etag representing the Branch object.
+ An etag representing the Branch object.
+ id : str, default is Undefined, optional
+ id
+ ref : str, default is Undefined, optional
+ A string representing a branch reference, in the form of refs/heads/.
+ A string representing a branch reference, in the form of 'refs/heads/'.
+ repository : str, default is Undefined, optional
+ The GitHub repository name.
+ The GitHub repository name.
+ sha : str, default is Undefined, optional
+ A string storing the reference's HEAD commit's SHA1.
+ A string storing the reference's HEAD commit's SHA1.
+ sourceBranch : str, default is Undefined, optional
+ The branch name to start from. Defaults to main.
+ The branch name to start from. Defaults to 'main'.
+ sourceSha : str, default is Undefined, optional
+ The commit hash to start from. Defaults to the tip of source_branch. If provided, source_branch is ignored.
+ The commit hash to start from. Defaults to the tip of 'source_branch'. If provided, 'source_branch' is ignored.
+ """
+
+
+ branch?: str
+
+ etag?: str
+
+ id?: str
+
+ ref?: str
+
+ repository?: str
+
+ sha?: str
+
+ sourceBranch?: str
+
+ sourceSha?: str
+
+
+schema RepoGithubUpboundIoV1alpha1BranchStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_branch_protection.k b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_branch_protection.k
new file mode 100644
index 00000000..691fa067
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_branch_protection.k
@@ -0,0 +1,1008 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema BranchProtection:
+ r"""
+ BranchProtection is the Schema for the BranchProtections API. Protects a GitHub branch.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "repo.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "BranchProtection", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : RepoGithubUpboundIoV1alpha1BranchProtectionSpec, default is Undefined, required
+ spec
+ status : RepoGithubUpboundIoV1alpha1BranchProtectionStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "repo.github.upbound.io/v1alpha1" = "repo.github.upbound.io/v1alpha1"
+
+ kind: "BranchProtection" = "BranchProtection"
+
+ metadata?: v1.ObjectMeta
+
+ spec: RepoGithubUpboundIoV1alpha1BranchProtectionSpec
+
+ status?: RepoGithubUpboundIoV1alpha1BranchProtectionStatus
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpec:
+ r"""
+ BranchProtectionSpec defines the desired state of BranchProtection
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : RepoGithubUpboundIoV1alpha1BranchProtectionSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : RepoGithubUpboundIoV1alpha1BranchProtectionSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProvider
+
+ initProvider?: RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: RepoGithubUpboundIoV1alpha1BranchProtectionSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: RepoGithubUpboundIoV1alpha1BranchProtectionSpecWriteConnectionSecretToRef
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProvider:
+ r"""
+ repo github upbound io v1alpha1 branch protection spec for provider
+
+ Attributes
+ ----------
+ allowsDeletions : bool, default is Undefined, optional
+ Boolean, setting this to true to allow the branch to be deleted.
+ Setting this to 'true' to allow the branch to be deleted.
+ allowsForcePushes : bool, default is Undefined, optional
+ Boolean, setting this to true to allow force pushes on the branch to everyone. Set it to false if you specify force_push_bypassers.
+ Setting this to 'true' to allow force pushes on the branch.
+ enforceAdmins : bool, default is Undefined, optional
+ Boolean, setting this to true enforces status checks for repository administrators.
+ Setting this to 'true' enforces status checks for repository administrators.
+ forcePushBypassers : [str], default is Undefined, optional
+ The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, allows_force_pushes should be set to false.
+ The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ lockBranch : bool, default is Undefined, optional
+ Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
+ Setting this to 'true' will make the branch read-only and preventing any pushes to it.
+ pattern : str, default is Undefined, optional
+ Identifies the protection rule pattern.
+ Identifies the protection rule pattern.
+ repositoryId : str, default is Undefined, optional
+ The name or node ID of the repository associated with this branch protection rule.
+ The name or node ID of the repository associated with this branch protection rule.
+ repositoryIdRef : RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDRef, default is Undefined, optional
+ repository Id ref
+ repositoryIdSelector : RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDSelector, default is Undefined, optional
+ repository Id selector
+ requireConversationResolution : bool, default is Undefined, optional
+ Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
+ Setting this to 'true' requires all conversations on code must be resolved before a pull request can be merged.
+ requireSignedCommits : bool, default is Undefined, optional
+ Boolean, setting this to true requires all commits to be signed with GPG.
+ Setting this to 'true' requires all commits to be signed with GPG.
+ requiredLinearHistory : bool, default is Undefined, optional
+ Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
+ Setting this to 'true' enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch.
+ requiredPullRequestReviews : [RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRequiredPullRequestReviewsItems0], default is Undefined, optional
+ Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
+ Enforce restrictions for pull request reviews.
+ requiredStatusChecks : [RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRequiredStatusChecksItems0], default is Undefined, optional
+ Enforce restrictions for required status checks. See Required Status Checks below for details.
+ Enforce restrictions for required status checks.
+ restrictPushes : [RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRestrictPushesItems0], default is Undefined, optional
+ Restrict pushes to matching branches. See Restrict Pushes below for details.
+ Restrict who can push to matching branches.
+ """
+
+
+ allowsDeletions?: bool
+
+ allowsForcePushes?: bool
+
+ enforceAdmins?: bool
+
+ forcePushBypassers?: [str]
+
+ lockBranch?: bool
+
+ pattern?: str
+
+ repositoryId?: str
+
+ repositoryIdRef?: RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDRef
+
+ repositoryIdSelector?: RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDSelector
+
+ requireConversationResolution?: bool
+
+ requireSignedCommits?: bool
+
+ requiredLinearHistory?: bool
+
+ requiredPullRequestReviews?: [RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRequiredPullRequestReviewsItems0]
+
+ requiredStatusChecks?: [RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRequiredStatusChecksItems0]
+
+ restrictPushes?: [RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRestrictPushesItems0]
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDRef:
+ r"""
+ Reference to a Repository in repo to populate repositoryId.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDSelector:
+ r"""
+ Selector for a Repository in repo to populate repositoryId.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDSelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRepositoryIDSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRequiredPullRequestReviewsItems0:
+ r"""
+ repo github upbound io v1alpha1 branch protection spec for provider required pull request reviews items0
+
+ Attributes
+ ----------
+ dismissStaleReviews : bool, default is Undefined, optional
+ : Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
+ Dismiss approved reviews automatically when a new commit is pushed.
+ dismissalRestrictions : [str], default is Undefined, optional
+ : The list of actor Names/IDs with dismissal access. If not empty, restrict_dismissals is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
+ The list of actor Names/IDs with dismissal access. If not empty, 'restrict_dismissals' is ignored. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ pullRequestBypassers : [str], default is Undefined, optional
+ : The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
+ The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ requireCodeOwnerReviews : bool, default is Undefined, optional
+ : Require an approved review in pull requests including files with a designated code owner. Defaults to false.
+ Require an approved review in pull requests including files with a designated code owner.
+ requireLastPushApproval : bool, default is Undefined, optional
+ : Require that The most recent push must be approved by someone other than the last pusher. Defaults to false
+ Require that The most recent push must be approved by someone other than the last pusher.
+ requiredApprovingReviewCount : int, default is Undefined, optional
+ 6. This requirement matches GitHub's API, see the upstream documentation for more information.
+ (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
+ Require 'x' number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6.
+ restrictDismissals : bool, default is Undefined, optional
+ : Restrict pull request review dismissals.
+ Restrict pull request review dismissals.
+ """
+
+
+ dismissStaleReviews?: bool
+
+ dismissalRestrictions?: [str]
+
+ pullRequestBypassers?: [str]
+
+ requireCodeOwnerReviews?: bool
+
+ requireLastPushApproval?: bool
+
+ requiredApprovingReviewCount?: int
+
+ restrictDismissals?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRequiredStatusChecksItems0:
+ r"""
+ repo github upbound io v1alpha1 branch protection spec for provider required status checks items0
+
+ Attributes
+ ----------
+ contexts : [str], default is Undefined, optional
+ : The list of status checks to require in order to merge into this branch. No status checks are required by default.
+ The list of status checks to require in order to merge into this branch. No status checks are required by default.
+ strict : bool, default is Undefined, optional
+ : Require branches to be up to date before merging. Defaults to false.
+ Require branches to be up to date before merging.
+ """
+
+
+ contexts?: [str]
+
+ strict?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecForProviderRestrictPushesItems0:
+ r"""
+ repo github upbound io v1alpha1 branch protection spec for provider restrict pushes items0
+
+ Attributes
+ ----------
+ blocksCreations : bool, default is Undefined, optional
+ Boolean, setting this to false allows people, teams, or apps to create new branches matching this rule. Defaults to true.
+ Restrict pushes that create matching branches.
+ pushAllowances : [str], default is Undefined, optional
+ A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed.
+ The list of actor Names/IDs that may push to the branch. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ """
+
+
+ blocksCreations?: bool
+
+ pushAllowances?: [str]
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ allowsDeletions : bool, default is Undefined, optional
+ Boolean, setting this to true to allow the branch to be deleted.
+ Setting this to 'true' to allow the branch to be deleted.
+ allowsForcePushes : bool, default is Undefined, optional
+ Boolean, setting this to true to allow force pushes on the branch to everyone. Set it to false if you specify force_push_bypassers.
+ Setting this to 'true' to allow force pushes on the branch.
+ enforceAdmins : bool, default is Undefined, optional
+ Boolean, setting this to true enforces status checks for repository administrators.
+ Setting this to 'true' enforces status checks for repository administrators.
+ forcePushBypassers : [str], default is Undefined, optional
+ The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, allows_force_pushes should be set to false.
+ The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ lockBranch : bool, default is Undefined, optional
+ Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
+ Setting this to 'true' will make the branch read-only and preventing any pushes to it.
+ pattern : str, default is Undefined, optional
+ Identifies the protection rule pattern.
+ Identifies the protection rule pattern.
+ repositoryId : str, default is Undefined, optional
+ The name or node ID of the repository associated with this branch protection rule.
+ The name or node ID of the repository associated with this branch protection rule.
+ repositoryIdRef : RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDRef, default is Undefined, optional
+ repository Id ref
+ repositoryIdSelector : RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDSelector, default is Undefined, optional
+ repository Id selector
+ requireConversationResolution : bool, default is Undefined, optional
+ Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
+ Setting this to 'true' requires all conversations on code must be resolved before a pull request can be merged.
+ requireSignedCommits : bool, default is Undefined, optional
+ Boolean, setting this to true requires all commits to be signed with GPG.
+ Setting this to 'true' requires all commits to be signed with GPG.
+ requiredLinearHistory : bool, default is Undefined, optional
+ Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
+ Setting this to 'true' enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch.
+ requiredPullRequestReviews : [RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRequiredPullRequestReviewsItems0], default is Undefined, optional
+ Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
+ Enforce restrictions for pull request reviews.
+ requiredStatusChecks : [RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRequiredStatusChecksItems0], default is Undefined, optional
+ Enforce restrictions for required status checks. See Required Status Checks below for details.
+ Enforce restrictions for required status checks.
+ restrictPushes : [RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRestrictPushesItems0], default is Undefined, optional
+ Restrict pushes to matching branches. See Restrict Pushes below for details.
+ Restrict who can push to matching branches.
+ """
+
+
+ allowsDeletions?: bool
+
+ allowsForcePushes?: bool
+
+ enforceAdmins?: bool
+
+ forcePushBypassers?: [str]
+
+ lockBranch?: bool
+
+ pattern?: str
+
+ repositoryId?: str
+
+ repositoryIdRef?: RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDRef
+
+ repositoryIdSelector?: RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDSelector
+
+ requireConversationResolution?: bool
+
+ requireSignedCommits?: bool
+
+ requiredLinearHistory?: bool
+
+ requiredPullRequestReviews?: [RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRequiredPullRequestReviewsItems0]
+
+ requiredStatusChecks?: [RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRequiredStatusChecksItems0]
+
+ restrictPushes?: [RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRestrictPushesItems0]
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDRef:
+ r"""
+ Reference to a Repository in repo to populate repositoryId.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDSelector:
+ r"""
+ Selector for a Repository in repo to populate repositoryId.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDSelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRepositoryIDSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRequiredPullRequestReviewsItems0:
+ r"""
+ repo github upbound io v1alpha1 branch protection spec init provider required pull request reviews items0
+
+ Attributes
+ ----------
+ dismissStaleReviews : bool, default is Undefined, optional
+ : Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
+ Dismiss approved reviews automatically when a new commit is pushed.
+ dismissalRestrictions : [str], default is Undefined, optional
+ : The list of actor Names/IDs with dismissal access. If not empty, restrict_dismissals is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
+ The list of actor Names/IDs with dismissal access. If not empty, 'restrict_dismissals' is ignored. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ pullRequestBypassers : [str], default is Undefined, optional
+ : The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
+ The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ requireCodeOwnerReviews : bool, default is Undefined, optional
+ : Require an approved review in pull requests including files with a designated code owner. Defaults to false.
+ Require an approved review in pull requests including files with a designated code owner.
+ requireLastPushApproval : bool, default is Undefined, optional
+ : Require that The most recent push must be approved by someone other than the last pusher. Defaults to false
+ Require that The most recent push must be approved by someone other than the last pusher.
+ requiredApprovingReviewCount : int, default is Undefined, optional
+ 6. This requirement matches GitHub's API, see the upstream documentation for more information.
+ (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
+ Require 'x' number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6.
+ restrictDismissals : bool, default is Undefined, optional
+ : Restrict pull request review dismissals.
+ Restrict pull request review dismissals.
+ """
+
+
+ dismissStaleReviews?: bool
+
+ dismissalRestrictions?: [str]
+
+ pullRequestBypassers?: [str]
+
+ requireCodeOwnerReviews?: bool
+
+ requireLastPushApproval?: bool
+
+ requiredApprovingReviewCount?: int
+
+ restrictDismissals?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRequiredStatusChecksItems0:
+ r"""
+ repo github upbound io v1alpha1 branch protection spec init provider required status checks items0
+
+ Attributes
+ ----------
+ contexts : [str], default is Undefined, optional
+ : The list of status checks to require in order to merge into this branch. No status checks are required by default.
+ The list of status checks to require in order to merge into this branch. No status checks are required by default.
+ strict : bool, default is Undefined, optional
+ : Require branches to be up to date before merging. Defaults to false.
+ Require branches to be up to date before merging.
+ """
+
+
+ contexts?: [str]
+
+ strict?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecInitProviderRestrictPushesItems0:
+ r"""
+ repo github upbound io v1alpha1 branch protection spec init provider restrict pushes items0
+
+ Attributes
+ ----------
+ blocksCreations : bool, default is Undefined, optional
+ Boolean, setting this to false allows people, teams, or apps to create new branches matching this rule. Defaults to true.
+ Restrict pushes that create matching branches.
+ pushAllowances : [str], default is Undefined, optional
+ A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed.
+ The list of actor Names/IDs that may push to the branch. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ """
+
+
+ blocksCreations?: bool
+
+ pushAllowances?: [str]
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1BranchProtectionSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1BranchProtectionSpecProviderConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionStatus:
+ r"""
+ BranchProtectionStatus defines the observed state of BranchProtection.
+
+ Attributes
+ ----------
+ atProvider : RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [RepoGithubUpboundIoV1alpha1BranchProtectionStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProvider
+
+ conditions?: [RepoGithubUpboundIoV1alpha1BranchProtectionStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProvider:
+ r"""
+ repo github upbound io v1alpha1 branch protection status at provider
+
+ Attributes
+ ----------
+ allowsDeletions : bool, default is Undefined, optional
+ Boolean, setting this to true to allow the branch to be deleted.
+ Setting this to 'true' to allow the branch to be deleted.
+ allowsForcePushes : bool, default is Undefined, optional
+ Boolean, setting this to true to allow force pushes on the branch to everyone. Set it to false if you specify force_push_bypassers.
+ Setting this to 'true' to allow force pushes on the branch.
+ enforceAdmins : bool, default is Undefined, optional
+ Boolean, setting this to true enforces status checks for repository administrators.
+ Setting this to 'true' enforces status checks for repository administrators.
+ forcePushBypassers : [str], default is Undefined, optional
+ The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, allows_force_pushes should be set to false.
+ The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ id : str, default is Undefined, optional
+ id
+ lockBranch : bool, default is Undefined, optional
+ Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
+ Setting this to 'true' will make the branch read-only and preventing any pushes to it.
+ pattern : str, default is Undefined, optional
+ Identifies the protection rule pattern.
+ Identifies the protection rule pattern.
+ repositoryId : str, default is Undefined, optional
+ The name or node ID of the repository associated with this branch protection rule.
+ The name or node ID of the repository associated with this branch protection rule.
+ requireConversationResolution : bool, default is Undefined, optional
+ Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
+ Setting this to 'true' requires all conversations on code must be resolved before a pull request can be merged.
+ requireSignedCommits : bool, default is Undefined, optional
+ Boolean, setting this to true requires all commits to be signed with GPG.
+ Setting this to 'true' requires all commits to be signed with GPG.
+ requiredLinearHistory : bool, default is Undefined, optional
+ Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
+ Setting this to 'true' enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch.
+ requiredPullRequestReviews : [RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProviderRequiredPullRequestReviewsItems0], default is Undefined, optional
+ Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
+ Enforce restrictions for pull request reviews.
+ requiredStatusChecks : [RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProviderRequiredStatusChecksItems0], default is Undefined, optional
+ Enforce restrictions for required status checks. See Required Status Checks below for details.
+ Enforce restrictions for required status checks.
+ restrictPushes : [RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProviderRestrictPushesItems0], default is Undefined, optional
+ Restrict pushes to matching branches. See Restrict Pushes below for details.
+ Restrict who can push to matching branches.
+ """
+
+
+ allowsDeletions?: bool
+
+ allowsForcePushes?: bool
+
+ enforceAdmins?: bool
+
+ forcePushBypassers?: [str]
+
+ id?: str
+
+ lockBranch?: bool
+
+ pattern?: str
+
+ repositoryId?: str
+
+ requireConversationResolution?: bool
+
+ requireSignedCommits?: bool
+
+ requiredLinearHistory?: bool
+
+ requiredPullRequestReviews?: [RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProviderRequiredPullRequestReviewsItems0]
+
+ requiredStatusChecks?: [RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProviderRequiredStatusChecksItems0]
+
+ restrictPushes?: [RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProviderRestrictPushesItems0]
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProviderRequiredPullRequestReviewsItems0:
+ r"""
+ repo github upbound io v1alpha1 branch protection status at provider required pull request reviews items0
+
+ Attributes
+ ----------
+ dismissStaleReviews : bool, default is Undefined, optional
+ : Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
+ Dismiss approved reviews automatically when a new commit is pushed.
+ dismissalRestrictions : [str], default is Undefined, optional
+ : The list of actor Names/IDs with dismissal access. If not empty, restrict_dismissals is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
+ The list of actor Names/IDs with dismissal access. If not empty, 'restrict_dismissals' is ignored. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ pullRequestBypassers : [str], default is Undefined, optional
+ : The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
+ The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ requireCodeOwnerReviews : bool, default is Undefined, optional
+ : Require an approved review in pull requests including files with a designated code owner. Defaults to false.
+ Require an approved review in pull requests including files with a designated code owner.
+ requireLastPushApproval : bool, default is Undefined, optional
+ : Require that The most recent push must be approved by someone other than the last pusher. Defaults to false
+ Require that The most recent push must be approved by someone other than the last pusher.
+ requiredApprovingReviewCount : int, default is Undefined, optional
+ 6. This requirement matches GitHub's API, see the upstream documentation for more information.
+ (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
+ Require 'x' number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6.
+ restrictDismissals : bool, default is Undefined, optional
+ : Restrict pull request review dismissals.
+ Restrict pull request review dismissals.
+ """
+
+
+ dismissStaleReviews?: bool
+
+ dismissalRestrictions?: [str]
+
+ pullRequestBypassers?: [str]
+
+ requireCodeOwnerReviews?: bool
+
+ requireLastPushApproval?: bool
+
+ requiredApprovingReviewCount?: int
+
+ restrictDismissals?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProviderRequiredStatusChecksItems0:
+ r"""
+ repo github upbound io v1alpha1 branch protection status at provider required status checks items0
+
+ Attributes
+ ----------
+ contexts : [str], default is Undefined, optional
+ : The list of status checks to require in order to merge into this branch. No status checks are required by default.
+ The list of status checks to require in order to merge into this branch. No status checks are required by default.
+ strict : bool, default is Undefined, optional
+ : Require branches to be up to date before merging. Defaults to false.
+ Require branches to be up to date before merging.
+ """
+
+
+ contexts?: [str]
+
+ strict?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionStatusAtProviderRestrictPushesItems0:
+ r"""
+ repo github upbound io v1alpha1 branch protection status at provider restrict pushes items0
+
+ Attributes
+ ----------
+ blocksCreations : bool, default is Undefined, optional
+ Boolean, setting this to false allows people, teams, or apps to create new branches matching this rule. Defaults to true.
+ Restrict pushes that create matching branches.
+ pushAllowances : [str], default is Undefined, optional
+ A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed.
+ The list of actor Names/IDs that may push to the branch. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.
+ """
+
+
+ blocksCreations?: bool
+
+ pushAllowances?: [str]
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_branch_protectionv3.k b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_branch_protectionv3.k
new file mode 100644
index 00000000..71143a5d
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_branch_protectionv3.k
@@ -0,0 +1,1072 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema BranchProtectionv3:
+ r"""
+ BranchProtectionv3 is the Schema for the BranchProtectionv3s API. Protects a GitHub branch using the v3 / REST implementation. The
+
+ Attributes
+ ----------
+ apiVersion : str, default is "repo.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "BranchProtectionv3", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : RepoGithubUpboundIoV1alpha1BranchProtectionv3Spec, default is Undefined, required
+ spec
+ status : RepoGithubUpboundIoV1alpha1BranchProtectionv3Status, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "repo.github.upbound.io/v1alpha1" = "repo.github.upbound.io/v1alpha1"
+
+ kind: "BranchProtectionv3" = "BranchProtectionv3"
+
+ metadata?: v1.ObjectMeta
+
+ spec: RepoGithubUpboundIoV1alpha1BranchProtectionv3Spec
+
+ status?: RepoGithubUpboundIoV1alpha1BranchProtectionv3Status
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3Spec:
+ r"""
+ BranchProtectionv3Spec defines the desired state of BranchProtectionv3
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProvider, default is Undefined, required
+ for provider
+ initProvider : RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProvider
+
+ initProvider?: RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecProviderConfigRef
+
+ publishConnectionDetailsTo?: RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecWriteConnectionSecretToRef
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProvider:
+ r"""
+ repo github upbound io v1alpha1 branch protectionv3 spec for provider
+
+ Attributes
+ ----------
+ branch : str, default is Undefined, optional
+ The Git branch to protect.
+ The Git branch to protect.
+ enforceAdmins : bool, default is Undefined, optional
+ Boolean, setting this to true enforces status checks for repository administrators.
+ Setting this to 'true' enforces status checks for repository administrators.
+ repository : str, default is Undefined, optional
+ The GitHub repository name.
+ The GitHub repository name.
+ repositoryRef : RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ requireConversationResolution : bool, default is Undefined, optional
+ Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
+ Setting this to 'true' requires all conversations on code must be resolved before a pull request can be merged.
+ requireSignedCommits : bool, default is Undefined, optional
+ Boolean, setting this to true requires all commits to be signed with GPG.
+ Setting this to 'true' requires all commits to be signed with GPG.
+ requiredPullRequestReviews : [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRequiredPullRequestReviewsItems0], default is Undefined, optional
+ Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
+ Enforce restrictions for pull request reviews.
+ requiredStatusChecks : [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRequiredStatusChecksItems0], default is Undefined, optional
+ Enforce restrictions for required status checks. See Required Status Checks below for details.
+ Enforce restrictions for required status checks.
+ restrictions : [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRestrictionsItems0], default is Undefined, optional
+ Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
+ Enforce restrictions for the users and teams that may push to the branch.
+ """
+
+
+ branch?: str
+
+ enforceAdmins?: bool
+
+ repository?: str
+
+ repositoryRef?: RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositoryRef
+
+ repositorySelector?: RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositorySelector
+
+ requireConversationResolution?: bool
+
+ requireSignedCommits?: bool
+
+ requiredPullRequestReviews?: [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRequiredPullRequestReviewsItems0]
+
+ requiredStatusChecks?: [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRequiredStatusChecksItems0]
+
+ restrictions?: [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRestrictionsItems0]
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRequiredPullRequestReviewsItems0:
+ r"""
+ repo github upbound io v1alpha1 branch protectionv3 spec for provider required pull request reviews items0
+
+ Attributes
+ ----------
+ bypassPullRequestAllowances : [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRequiredPullRequestReviewsItems0BypassPullRequestAllowancesItems0], default is Undefined, optional
+ : Allow specific users, teams, or apps to bypass pull request requirements. See Bypass Pull Request Allowances below for details.
+ dismissStaleReviews : bool, default is Undefined, optional
+ : Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
+ Dismiss approved reviews automatically when a new commit is pushed.
+ dismissalApps : [str], default is Undefined, optional
+ : The list of app slugs with dismissal access.
+ The list of apps slugs with dismissal access. Always use slug of the app, not its name. Each app already has to have access to the repository.
+ dismissalTeams : [str], default is Undefined, optional
+ : The list of team slugs with dismissal access.
+ Always use slug of the team, not its name. Each team already has to have access to the repository.
+ The list of team slugs with dismissal access. Always use slug of the team, not its name. Each team already has to have access to the repository.
+ dismissalUsers : [str], default is Undefined, optional
+ : The list of user logins with dismissal access
+ The list of user logins with dismissal access.
+ includeAdmins : bool, default is Undefined, optional
+ include admins
+ requireCodeOwnerReviews : bool, default is Undefined, optional
+ : Require an approved review in pull requests including files with a designated code owner. Defaults to false.
+ Require an approved review in pull requests including files with a designated code owner.
+ requireLastPushApproval : bool, default is Undefined, optional
+ : Require that the most recent push must be approved by someone other than the last pusher. Defaults to false
+ Require that the most recent push must be approved by someone other than the last pusher.
+ requiredApprovingReviewCount : int, default is Undefined, optional
+ 6. This requirement matches GitHub's API, see the upstream documentation for more information.
+ Require 'x' number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6.
+ """
+
+
+ bypassPullRequestAllowances?: [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRequiredPullRequestReviewsItems0BypassPullRequestAllowancesItems0]
+
+ dismissStaleReviews?: bool
+
+ dismissalApps?: [str]
+
+ dismissalTeams?: [str]
+
+ dismissalUsers?: [str]
+
+ includeAdmins?: bool
+
+ requireCodeOwnerReviews?: bool
+
+ requireLastPushApproval?: bool
+
+ requiredApprovingReviewCount?: int
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRequiredPullRequestReviewsItems0BypassPullRequestAllowancesItems0:
+ r"""
+ repo github upbound io v1alpha1 branch protectionv3 spec for provider required pull request reviews items0 bypass pull request allowances items0
+
+ Attributes
+ ----------
+ apps : [str], default is Undefined, optional
+ : The list of app slugs with push access.
+ teams : [str], default is Undefined, optional
+ : The list of team slugs with push access.
+ Always use slug of the team, not its name. Each team already has to have access to the repository.
+ users : [str], default is Undefined, optional
+ : The list of user logins with push access.
+ """
+
+
+ apps?: [str]
+
+ teams?: [str]
+
+ users?: [str]
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRequiredStatusChecksItems0:
+ r"""
+ repo github upbound io v1alpha1 branch protectionv3 spec for provider required status checks items0
+
+ Attributes
+ ----------
+ checks : [str], default is Undefined, optional
+ : The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".
+ The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the 'context' and 'app_id' like so 'context:app_id'
+ contexts : [str], default is Undefined, optional
+ : [DEPRECATED] The list of status checks to require in order to merge into this branch. No status checks are required by default.
+ includeAdmins : bool, default is Undefined, optional
+ include admins
+ strict : bool, default is Undefined, optional
+ : Require branches to be up to date before merging. Defaults to false.
+ Require branches to be up to date before merging.
+ """
+
+
+ checks?: [str]
+
+ contexts?: [str]
+
+ includeAdmins?: bool
+
+ strict?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecForProviderRestrictionsItems0:
+ r"""
+ repo github upbound io v1alpha1 branch protectionv3 spec for provider restrictions items0
+
+ Attributes
+ ----------
+ apps : [str], default is Undefined, optional
+ : The list of app slugs with push access.
+ The list of app slugs with push access.
+ teams : [str], default is Undefined, optional
+ : The list of team slugs with push access.
+ Always use slug of the team, not its name. Each team already has to have access to the repository.
+ The list of team slugs with push access. Always use slug of the team, not its name. Each team already has to have access to the repository.
+ users : [str], default is Undefined, optional
+ : The list of user logins with push access.
+ The list of user logins with push access.
+ """
+
+
+ apps?: [str]
+
+ teams?: [str]
+
+ users?: [str]
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ branch : str, default is Undefined, optional
+ The Git branch to protect.
+ The Git branch to protect.
+ enforceAdmins : bool, default is Undefined, optional
+ Boolean, setting this to true enforces status checks for repository administrators.
+ Setting this to 'true' enforces status checks for repository administrators.
+ repository : str, default is Undefined, optional
+ The GitHub repository name.
+ The GitHub repository name.
+ repositoryRef : RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ requireConversationResolution : bool, default is Undefined, optional
+ Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
+ Setting this to 'true' requires all conversations on code must be resolved before a pull request can be merged.
+ requireSignedCommits : bool, default is Undefined, optional
+ Boolean, setting this to true requires all commits to be signed with GPG.
+ Setting this to 'true' requires all commits to be signed with GPG.
+ requiredPullRequestReviews : [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRequiredPullRequestReviewsItems0], default is Undefined, optional
+ Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
+ Enforce restrictions for pull request reviews.
+ requiredStatusChecks : [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRequiredStatusChecksItems0], default is Undefined, optional
+ Enforce restrictions for required status checks. See Required Status Checks below for details.
+ Enforce restrictions for required status checks.
+ restrictions : [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRestrictionsItems0], default is Undefined, optional
+ Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
+ Enforce restrictions for the users and teams that may push to the branch.
+ """
+
+
+ branch?: str
+
+ enforceAdmins?: bool
+
+ repository?: str
+
+ repositoryRef?: RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositoryRef
+
+ repositorySelector?: RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositorySelector
+
+ requireConversationResolution?: bool
+
+ requireSignedCommits?: bool
+
+ requiredPullRequestReviews?: [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRequiredPullRequestReviewsItems0]
+
+ requiredStatusChecks?: [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRequiredStatusChecksItems0]
+
+ restrictions?: [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRestrictionsItems0]
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRequiredPullRequestReviewsItems0:
+ r"""
+ repo github upbound io v1alpha1 branch protectionv3 spec init provider required pull request reviews items0
+
+ Attributes
+ ----------
+ bypassPullRequestAllowances : [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRequiredPullRequestReviewsItems0BypassPullRequestAllowancesItems0], default is Undefined, optional
+ : Allow specific users, teams, or apps to bypass pull request requirements. See Bypass Pull Request Allowances below for details.
+ dismissStaleReviews : bool, default is Undefined, optional
+ : Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
+ Dismiss approved reviews automatically when a new commit is pushed.
+ dismissalApps : [str], default is Undefined, optional
+ : The list of app slugs with dismissal access.
+ The list of apps slugs with dismissal access. Always use slug of the app, not its name. Each app already has to have access to the repository.
+ dismissalTeams : [str], default is Undefined, optional
+ : The list of team slugs with dismissal access.
+ Always use slug of the team, not its name. Each team already has to have access to the repository.
+ The list of team slugs with dismissal access. Always use slug of the team, not its name. Each team already has to have access to the repository.
+ dismissalUsers : [str], default is Undefined, optional
+ : The list of user logins with dismissal access
+ The list of user logins with dismissal access.
+ includeAdmins : bool, default is Undefined, optional
+ include admins
+ requireCodeOwnerReviews : bool, default is Undefined, optional
+ : Require an approved review in pull requests including files with a designated code owner. Defaults to false.
+ Require an approved review in pull requests including files with a designated code owner.
+ requireLastPushApproval : bool, default is Undefined, optional
+ : Require that the most recent push must be approved by someone other than the last pusher. Defaults to false
+ Require that the most recent push must be approved by someone other than the last pusher.
+ requiredApprovingReviewCount : int, default is Undefined, optional
+ 6. This requirement matches GitHub's API, see the upstream documentation for more information.
+ Require 'x' number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6.
+ """
+
+
+ bypassPullRequestAllowances?: [RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRequiredPullRequestReviewsItems0BypassPullRequestAllowancesItems0]
+
+ dismissStaleReviews?: bool
+
+ dismissalApps?: [str]
+
+ dismissalTeams?: [str]
+
+ dismissalUsers?: [str]
+
+ includeAdmins?: bool
+
+ requireCodeOwnerReviews?: bool
+
+ requireLastPushApproval?: bool
+
+ requiredApprovingReviewCount?: int
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRequiredPullRequestReviewsItems0BypassPullRequestAllowancesItems0:
+ r"""
+ repo github upbound io v1alpha1 branch protectionv3 spec init provider required pull request reviews items0 bypass pull request allowances items0
+
+ Attributes
+ ----------
+ apps : [str], default is Undefined, optional
+ : The list of app slugs with push access.
+ teams : [str], default is Undefined, optional
+ : The list of team slugs with push access.
+ Always use slug of the team, not its name. Each team already has to have access to the repository.
+ users : [str], default is Undefined, optional
+ : The list of user logins with push access.
+ """
+
+
+ apps?: [str]
+
+ teams?: [str]
+
+ users?: [str]
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRequiredStatusChecksItems0:
+ r"""
+ repo github upbound io v1alpha1 branch protectionv3 spec init provider required status checks items0
+
+ Attributes
+ ----------
+ checks : [str], default is Undefined, optional
+ : The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".
+ The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the 'context' and 'app_id' like so 'context:app_id'
+ contexts : [str], default is Undefined, optional
+ : [DEPRECATED] The list of status checks to require in order to merge into this branch. No status checks are required by default.
+ includeAdmins : bool, default is Undefined, optional
+ include admins
+ strict : bool, default is Undefined, optional
+ : Require branches to be up to date before merging. Defaults to false.
+ Require branches to be up to date before merging.
+ """
+
+
+ checks?: [str]
+
+ contexts?: [str]
+
+ includeAdmins?: bool
+
+ strict?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecInitProviderRestrictionsItems0:
+ r"""
+ repo github upbound io v1alpha1 branch protectionv3 spec init provider restrictions items0
+
+ Attributes
+ ----------
+ apps : [str], default is Undefined, optional
+ : The list of app slugs with push access.
+ The list of app slugs with push access.
+ teams : [str], default is Undefined, optional
+ : The list of team slugs with push access.
+ Always use slug of the team, not its name. Each team already has to have access to the repository.
+ The list of team slugs with push access. Always use slug of the team, not its name. Each team already has to have access to the repository.
+ users : [str], default is Undefined, optional
+ : The list of user logins with push access.
+ The list of user logins with push access.
+ """
+
+
+ apps?: [str]
+
+ teams?: [str]
+
+ users?: [str]
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecProviderConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsToConfigRef
+
+ metadata?: RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3SpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3Status:
+ r"""
+ BranchProtectionv3Status defines the observed state of BranchProtectionv3.
+
+ Attributes
+ ----------
+ atProvider : RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProvider
+
+ conditions?: [RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProvider:
+ r"""
+ repo github upbound io v1alpha1 branch protectionv3 status at provider
+
+ Attributes
+ ----------
+ branch : str, default is Undefined, optional
+ The Git branch to protect.
+ The Git branch to protect.
+ enforceAdmins : bool, default is Undefined, optional
+ Boolean, setting this to true enforces status checks for repository administrators.
+ Setting this to 'true' enforces status checks for repository administrators.
+ etag : str, default is Undefined, optional
+ etag
+ id : str, default is Undefined, optional
+ id
+ repository : str, default is Undefined, optional
+ The GitHub repository name.
+ The GitHub repository name.
+ requireConversationResolution : bool, default is Undefined, optional
+ Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
+ Setting this to 'true' requires all conversations on code must be resolved before a pull request can be merged.
+ requireSignedCommits : bool, default is Undefined, optional
+ Boolean, setting this to true requires all commits to be signed with GPG.
+ Setting this to 'true' requires all commits to be signed with GPG.
+ requiredPullRequestReviews : [RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRequiredPullRequestReviewsItems0], default is Undefined, optional
+ Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
+ Enforce restrictions for pull request reviews.
+ requiredStatusChecks : [RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRequiredStatusChecksItems0], default is Undefined, optional
+ Enforce restrictions for required status checks. See Required Status Checks below for details.
+ Enforce restrictions for required status checks.
+ restrictions : [RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRestrictionsItems0], default is Undefined, optional
+ Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
+ Enforce restrictions for the users and teams that may push to the branch.
+ """
+
+
+ branch?: str
+
+ enforceAdmins?: bool
+
+ etag?: str
+
+ id?: str
+
+ repository?: str
+
+ requireConversationResolution?: bool
+
+ requireSignedCommits?: bool
+
+ requiredPullRequestReviews?: [RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRequiredPullRequestReviewsItems0]
+
+ requiredStatusChecks?: [RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRequiredStatusChecksItems0]
+
+ restrictions?: [RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRestrictionsItems0]
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRequiredPullRequestReviewsItems0:
+ r"""
+ repo github upbound io v1alpha1 branch protectionv3 status at provider required pull request reviews items0
+
+ Attributes
+ ----------
+ bypassPullRequestAllowances : [RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRequiredPullRequestReviewsItems0BypassPullRequestAllowancesItems0], default is Undefined, optional
+ : Allow specific users, teams, or apps to bypass pull request requirements. See Bypass Pull Request Allowances below for details.
+ dismissStaleReviews : bool, default is Undefined, optional
+ : Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
+ Dismiss approved reviews automatically when a new commit is pushed.
+ dismissalApps : [str], default is Undefined, optional
+ : The list of app slugs with dismissal access.
+ The list of apps slugs with dismissal access. Always use slug of the app, not its name. Each app already has to have access to the repository.
+ dismissalTeams : [str], default is Undefined, optional
+ : The list of team slugs with dismissal access.
+ Always use slug of the team, not its name. Each team already has to have access to the repository.
+ The list of team slugs with dismissal access. Always use slug of the team, not its name. Each team already has to have access to the repository.
+ dismissalUsers : [str], default is Undefined, optional
+ : The list of user logins with dismissal access
+ The list of user logins with dismissal access.
+ includeAdmins : bool, default is Undefined, optional
+ include admins
+ requireCodeOwnerReviews : bool, default is Undefined, optional
+ : Require an approved review in pull requests including files with a designated code owner. Defaults to false.
+ Require an approved review in pull requests including files with a designated code owner.
+ requireLastPushApproval : bool, default is Undefined, optional
+ : Require that the most recent push must be approved by someone other than the last pusher. Defaults to false
+ Require that the most recent push must be approved by someone other than the last pusher.
+ requiredApprovingReviewCount : int, default is Undefined, optional
+ 6. This requirement matches GitHub's API, see the upstream documentation for more information.
+ Require 'x' number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6.
+ """
+
+
+ bypassPullRequestAllowances?: [RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRequiredPullRequestReviewsItems0BypassPullRequestAllowancesItems0]
+
+ dismissStaleReviews?: bool
+
+ dismissalApps?: [str]
+
+ dismissalTeams?: [str]
+
+ dismissalUsers?: [str]
+
+ includeAdmins?: bool
+
+ requireCodeOwnerReviews?: bool
+
+ requireLastPushApproval?: bool
+
+ requiredApprovingReviewCount?: int
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRequiredPullRequestReviewsItems0BypassPullRequestAllowancesItems0:
+ r"""
+ repo github upbound io v1alpha1 branch protectionv3 status at provider required pull request reviews items0 bypass pull request allowances items0
+
+ Attributes
+ ----------
+ apps : [str], default is Undefined, optional
+ : The list of app slugs with push access.
+ teams : [str], default is Undefined, optional
+ : The list of team slugs with push access.
+ Always use slug of the team, not its name. Each team already has to have access to the repository.
+ users : [str], default is Undefined, optional
+ : The list of user logins with push access.
+ """
+
+
+ apps?: [str]
+
+ teams?: [str]
+
+ users?: [str]
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRequiredStatusChecksItems0:
+ r"""
+ repo github upbound io v1alpha1 branch protectionv3 status at provider required status checks items0
+
+ Attributes
+ ----------
+ checks : [str], default is Undefined, optional
+ : The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".
+ The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the 'context' and 'app_id' like so 'context:app_id'
+ contexts : [str], default is Undefined, optional
+ : [DEPRECATED] The list of status checks to require in order to merge into this branch. No status checks are required by default.
+ includeAdmins : bool, default is Undefined, optional
+ include admins
+ strict : bool, default is Undefined, optional
+ : Require branches to be up to date before merging. Defaults to false.
+ Require branches to be up to date before merging.
+ """
+
+
+ checks?: [str]
+
+ contexts?: [str]
+
+ includeAdmins?: bool
+
+ strict?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusAtProviderRestrictionsItems0:
+ r"""
+ repo github upbound io v1alpha1 branch protectionv3 status at provider restrictions items0
+
+ Attributes
+ ----------
+ apps : [str], default is Undefined, optional
+ : The list of app slugs with push access.
+ The list of app slugs with push access.
+ teams : [str], default is Undefined, optional
+ : The list of team slugs with push access.
+ Always use slug of the team, not its name. Each team already has to have access to the repository.
+ The list of team slugs with push access. Always use slug of the team, not its name. Each team already has to have access to the repository.
+ users : [str], default is Undefined, optional
+ : The list of user logins with push access.
+ The list of user logins with push access.
+ """
+
+
+ apps?: [str]
+
+ teams?: [str]
+
+ users?: [str]
+
+
+schema RepoGithubUpboundIoV1alpha1BranchProtectionv3StatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_default_branch.k b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_default_branch.k
new file mode 100644
index 00000000..8f95bfe0
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_default_branch.k
@@ -0,0 +1,589 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema DefaultBranch:
+ r"""
+ DefaultBranch is the Schema for the DefaultBranchs API. Provides a GitHub branch default for a given repository.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "repo.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "DefaultBranch", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : RepoGithubUpboundIoV1alpha1DefaultBranchSpec, default is Undefined, required
+ spec
+ status : RepoGithubUpboundIoV1alpha1DefaultBranchStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "repo.github.upbound.io/v1alpha1" = "repo.github.upbound.io/v1alpha1"
+
+ kind: "DefaultBranch" = "DefaultBranch"
+
+ metadata?: v1.ObjectMeta
+
+ spec: RepoGithubUpboundIoV1alpha1DefaultBranchSpec
+
+ status?: RepoGithubUpboundIoV1alpha1DefaultBranchStatus
+
+
+schema RepoGithubUpboundIoV1alpha1DefaultBranchSpec:
+ r"""
+ DefaultBranchSpec defines the desired state of DefaultBranch
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : RepoGithubUpboundIoV1alpha1DefaultBranchSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : RepoGithubUpboundIoV1alpha1DefaultBranchSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProvider
+
+ initProvider?: RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: RepoGithubUpboundIoV1alpha1DefaultBranchSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: RepoGithubUpboundIoV1alpha1DefaultBranchSpecWriteConnectionSecretToRef
+
+
+schema RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProvider:
+ r"""
+ repo github upbound io v1alpha1 default branch spec for provider
+
+ Attributes
+ ----------
+ branch : str, default is Undefined, optional
+ The branch (e.g. main)
+ The branch (e.g. 'main').
+ branchRef : RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchRef, default is Undefined, optional
+ branch ref
+ branchSelector : RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchSelector, default is Undefined, optional
+ branch selector
+ rename : bool, default is Undefined, optional
+ Indicate if it should rename the branch rather than use an existing branch. Defaults to false.
+ Indicate if it should rename the branch rather than use an existing branch. Defaults to 'false'.
+ """
+
+
+ branch?: str
+
+ branchRef?: RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchRef
+
+ branchSelector?: RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchSelector
+
+ rename?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchRef:
+ r"""
+ Reference to a Branch in repo to populate branch.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchSelector:
+ r"""
+ Selector for a Branch in repo to populate branch.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchSelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1DefaultBranchSpecForProviderBranchSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ branch : str, default is Undefined, optional
+ The branch (e.g. main)
+ The branch (e.g. 'main').
+ branchRef : RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchRef, default is Undefined, optional
+ branch ref
+ branchSelector : RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchSelector, default is Undefined, optional
+ branch selector
+ rename : bool, default is Undefined, optional
+ Indicate if it should rename the branch rather than use an existing branch. Defaults to false.
+ Indicate if it should rename the branch rather than use an existing branch. Defaults to 'false'.
+ """
+
+
+ branch?: str
+
+ branchRef?: RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchRef
+
+ branchSelector?: RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchSelector
+
+ rename?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchRef:
+ r"""
+ Reference to a Branch in repo to populate branch.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchSelector:
+ r"""
+ Selector for a Branch in repo to populate branch.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchSelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1DefaultBranchSpecInitProviderBranchSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1DefaultBranchSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1DefaultBranchSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1DefaultBranchSpecProviderConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1DefaultBranchSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1DefaultBranchSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema RepoGithubUpboundIoV1alpha1DefaultBranchSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema RepoGithubUpboundIoV1alpha1DefaultBranchStatus:
+ r"""
+ DefaultBranchStatus defines the observed state of DefaultBranch.
+
+ Attributes
+ ----------
+ atProvider : RepoGithubUpboundIoV1alpha1DefaultBranchStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [RepoGithubUpboundIoV1alpha1DefaultBranchStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: RepoGithubUpboundIoV1alpha1DefaultBranchStatusAtProvider
+
+ conditions?: [RepoGithubUpboundIoV1alpha1DefaultBranchStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema RepoGithubUpboundIoV1alpha1DefaultBranchStatusAtProvider:
+ r"""
+ repo github upbound io v1alpha1 default branch status at provider
+
+ Attributes
+ ----------
+ branch : str, default is Undefined, optional
+ The branch (e.g. main)
+ The branch (e.g. 'main').
+ etag : str, default is Undefined, optional
+ etag
+ id : str, default is Undefined, optional
+ id
+ rename : bool, default is Undefined, optional
+ Indicate if it should rename the branch rather than use an existing branch. Defaults to false.
+ Indicate if it should rename the branch rather than use an existing branch. Defaults to 'false'.
+ """
+
+
+ branch?: str
+
+ etag?: str
+
+ id?: str
+
+ rename?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1DefaultBranchStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_deploy_key.k b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_deploy_key.k
new file mode 100644
index 00000000..22aab1a7
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_deploy_key.k
@@ -0,0 +1,658 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema DeployKey:
+ r"""
+ DeployKey is the Schema for the DeployKeys API. Provides a GitHub repository deploy key resource.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "repo.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "DeployKey", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : RepoGithubUpboundIoV1alpha1DeployKeySpec, default is Undefined, required
+ spec
+ status : RepoGithubUpboundIoV1alpha1DeployKeyStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "repo.github.upbound.io/v1alpha1" = "repo.github.upbound.io/v1alpha1"
+
+ kind: "DeployKey" = "DeployKey"
+
+ metadata?: v1.ObjectMeta
+
+ spec: RepoGithubUpboundIoV1alpha1DeployKeySpec
+
+ status?: RepoGithubUpboundIoV1alpha1DeployKeyStatus
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeySpec:
+ r"""
+ DeployKeySpec defines the desired state of DeployKey
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : RepoGithubUpboundIoV1alpha1DeployKeySpecForProvider, default is Undefined, required
+ for provider
+ initProvider : RepoGithubUpboundIoV1alpha1DeployKeySpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : RepoGithubUpboundIoV1alpha1DeployKeySpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : RepoGithubUpboundIoV1alpha1DeployKeySpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: RepoGithubUpboundIoV1alpha1DeployKeySpecForProvider
+
+ initProvider?: RepoGithubUpboundIoV1alpha1DeployKeySpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: RepoGithubUpboundIoV1alpha1DeployKeySpecProviderConfigRef
+
+ publishConnectionDetailsTo?: RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: RepoGithubUpboundIoV1alpha1DeployKeySpecWriteConnectionSecretToRef
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeySpecForProvider:
+ r"""
+ repo github upbound io v1alpha1 deploy key spec for provider
+
+ Attributes
+ ----------
+ keySecretRef : RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderKeySecretRef, default is Undefined, optional
+ key secret ref
+ readOnly : bool, default is Undefined, optional
+ A boolean qualifying the key to be either read only or read/write.
+ A boolean qualifying the key to be either read only or read/write.
+ repository : str, default is Undefined, optional
+ Name of the GitHub repository.
+ Name of the GitHub repository.
+ repositoryRef : RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ title : str, default is Undefined, optional
+ A title.
+ A title.
+ """
+
+
+ keySecretRef?: RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderKeySecretRef
+
+ readOnly?: bool
+
+ repository?: str
+
+ repositoryRef?: RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositoryRef
+
+ repositorySelector?: RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositorySelector
+
+ title?: str
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderKeySecretRef:
+ r"""
+ A SSH key.
+ A SSH key.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key to select.
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ key: str
+
+ name: str
+
+ namespace: str
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeySpecForProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeySpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ keySecretRef : RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderKeySecretRef, default is Undefined, required
+ key secret ref
+ readOnly : bool, default is Undefined, optional
+ A boolean qualifying the key to be either read only or read/write.
+ A boolean qualifying the key to be either read only or read/write.
+ repository : str, default is Undefined, optional
+ Name of the GitHub repository.
+ Name of the GitHub repository.
+ repositoryRef : RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ title : str, default is Undefined, optional
+ A title.
+ A title.
+ """
+
+
+ keySecretRef: RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderKeySecretRef
+
+ readOnly?: bool
+
+ repository?: str
+
+ repositoryRef?: RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositoryRef
+
+ repositorySelector?: RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositorySelector
+
+ title?: str
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderKeySecretRef:
+ r"""
+ A SSH key.
+ A SSH key.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key to select.
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ key: str
+
+ name: str
+
+ namespace: str
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeySpecInitProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeySpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1DeployKeySpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1DeployKeySpecProviderConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeySpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsToConfigRef
+
+ metadata?: RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeySpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeySpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeyStatus:
+ r"""
+ DeployKeyStatus defines the observed state of DeployKey.
+
+ Attributes
+ ----------
+ atProvider : RepoGithubUpboundIoV1alpha1DeployKeyStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [RepoGithubUpboundIoV1alpha1DeployKeyStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: RepoGithubUpboundIoV1alpha1DeployKeyStatusAtProvider
+
+ conditions?: [RepoGithubUpboundIoV1alpha1DeployKeyStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeyStatusAtProvider:
+ r"""
+ repo github upbound io v1alpha1 deploy key status at provider
+
+ Attributes
+ ----------
+ etag : str, default is Undefined, optional
+ etag
+ id : str, default is Undefined, optional
+ id
+ readOnly : bool, default is Undefined, optional
+ A boolean qualifying the key to be either read only or read/write.
+ A boolean qualifying the key to be either read only or read/write.
+ repository : str, default is Undefined, optional
+ Name of the GitHub repository.
+ Name of the GitHub repository.
+ title : str, default is Undefined, optional
+ A title.
+ A title.
+ """
+
+
+ etag?: str
+
+ id?: str
+
+ readOnly?: bool
+
+ repository?: str
+
+ title?: str
+
+
+schema RepoGithubUpboundIoV1alpha1DeployKeyStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_environment.k b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_environment.k
new file mode 100644
index 00000000..77e7839e
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_environment.k
@@ -0,0 +1,774 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema Environment:
+ r"""
+ Environment is the Schema for the Environments API. Creates and manages environments for GitHub repositories
+
+ Attributes
+ ----------
+ apiVersion : str, default is "repo.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "Environment", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : RepoGithubUpboundIoV1alpha1EnvironmentSpec, default is Undefined, required
+ spec
+ status : RepoGithubUpboundIoV1alpha1EnvironmentStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "repo.github.upbound.io/v1alpha1" = "repo.github.upbound.io/v1alpha1"
+
+ kind: "Environment" = "Environment"
+
+ metadata?: v1.ObjectMeta
+
+ spec: RepoGithubUpboundIoV1alpha1EnvironmentSpec
+
+ status?: RepoGithubUpboundIoV1alpha1EnvironmentStatus
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentSpec:
+ r"""
+ EnvironmentSpec defines the desired state of Environment
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : RepoGithubUpboundIoV1alpha1EnvironmentSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : RepoGithubUpboundIoV1alpha1EnvironmentSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : RepoGithubUpboundIoV1alpha1EnvironmentSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: RepoGithubUpboundIoV1alpha1EnvironmentSpecForProvider
+
+ initProvider?: RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: RepoGithubUpboundIoV1alpha1EnvironmentSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: RepoGithubUpboundIoV1alpha1EnvironmentSpecWriteConnectionSecretToRef
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentSpecForProvider:
+ r"""
+ repo github upbound io v1alpha1 environment spec for provider
+
+ Attributes
+ ----------
+ canAdminsBypass : bool, default is Undefined, optional
+ Can repository admins bypass the environment protections. Defaults to true.
+ Can Admins bypass deployment protections
+ deploymentBranchPolicy : [RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderDeploymentBranchPolicyItems0], default is Undefined, optional
+ The deployment branch policy configuration
+ environment : str, default is Undefined, optional
+ The name of the environment.
+ The name of the environment.
+ preventSelfReview : bool, default is Undefined, optional
+ Whether or not a user who created the job is prevented from approving their own job. Defaults to false.
+ Prevent users from approving workflows runs that they triggered.
+ repository : str, default is Undefined, optional
+ The repository of the environment.
+ The repository of the environment.
+ repositoryRef : RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ reviewers : [RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderReviewersItems0], default is Undefined, optional
+ The environment reviewers configuration.
+ waitTimer : int, default is Undefined, optional
+ Amount of time to delay a job after the job is initially triggered.
+ Amount of time to delay a job after the job is initially triggered.
+ """
+
+
+ canAdminsBypass?: bool
+
+ deploymentBranchPolicy?: [RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderDeploymentBranchPolicyItems0]
+
+ environment?: str
+
+ preventSelfReview?: bool
+
+ repository?: str
+
+ repositoryRef?: RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositoryRef
+
+ repositorySelector?: RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositorySelector
+
+ reviewers?: [RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderReviewersItems0]
+
+ waitTimer?: int
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderDeploymentBranchPolicyItems0:
+ r"""
+ repo github upbound io v1alpha1 environment spec for provider deployment branch policy items0
+
+ Attributes
+ ----------
+ customBranchPolicies : bool, default is Undefined, optional
+ Whether only branches that match the specified name patterns can deploy to this environment.
+ Whether only branches that match the specified name patterns can deploy to this environment.
+ protectedBranches : bool, default is Undefined, optional
+ Whether only branches with branch protection rules can deploy to this environment.
+ Whether only branches with branch protection rules can deploy to this environment.
+ """
+
+
+ customBranchPolicies?: bool
+
+ protectedBranches?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentSpecForProviderReviewersItems0:
+ r"""
+ repo github upbound io v1alpha1 environment spec for provider reviewers items0
+
+ Attributes
+ ----------
+ teams : [int], default is Undefined, optional
+ Up to 6 IDs for teams who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ Up to 6 IDs for teams who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ users : [int], default is Undefined, optional
+ Up to 6 IDs for users who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ Up to 6 IDs for users who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ """
+
+
+ teams?: [int]
+
+ users?: [int]
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ canAdminsBypass : bool, default is Undefined, optional
+ Can repository admins bypass the environment protections. Defaults to true.
+ Can Admins bypass deployment protections
+ deploymentBranchPolicy : [RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderDeploymentBranchPolicyItems0], default is Undefined, optional
+ The deployment branch policy configuration
+ environment : str, default is Undefined, optional
+ The name of the environment.
+ The name of the environment.
+ preventSelfReview : bool, default is Undefined, optional
+ Whether or not a user who created the job is prevented from approving their own job. Defaults to false.
+ Prevent users from approving workflows runs that they triggered.
+ repository : str, default is Undefined, optional
+ The repository of the environment.
+ The repository of the environment.
+ repositoryRef : RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ reviewers : [RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderReviewersItems0], default is Undefined, optional
+ The environment reviewers configuration.
+ waitTimer : int, default is Undefined, optional
+ Amount of time to delay a job after the job is initially triggered.
+ Amount of time to delay a job after the job is initially triggered.
+ """
+
+
+ canAdminsBypass?: bool
+
+ deploymentBranchPolicy?: [RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderDeploymentBranchPolicyItems0]
+
+ environment?: str
+
+ preventSelfReview?: bool
+
+ repository?: str
+
+ repositoryRef?: RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositoryRef
+
+ repositorySelector?: RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositorySelector
+
+ reviewers?: [RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderReviewersItems0]
+
+ waitTimer?: int
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderDeploymentBranchPolicyItems0:
+ r"""
+ repo github upbound io v1alpha1 environment spec init provider deployment branch policy items0
+
+ Attributes
+ ----------
+ customBranchPolicies : bool, default is Undefined, optional
+ Whether only branches that match the specified name patterns can deploy to this environment.
+ Whether only branches that match the specified name patterns can deploy to this environment.
+ protectedBranches : bool, default is Undefined, optional
+ Whether only branches with branch protection rules can deploy to this environment.
+ Whether only branches with branch protection rules can deploy to this environment.
+ """
+
+
+ customBranchPolicies?: bool
+
+ protectedBranches?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentSpecInitProviderReviewersItems0:
+ r"""
+ repo github upbound io v1alpha1 environment spec init provider reviewers items0
+
+ Attributes
+ ----------
+ teams : [int], default is Undefined, optional
+ Up to 6 IDs for teams who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ Up to 6 IDs for teams who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ users : [int], default is Undefined, optional
+ Up to 6 IDs for users who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ Up to 6 IDs for users who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ """
+
+
+ teams?: [int]
+
+ users?: [int]
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1EnvironmentSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1EnvironmentSpecProviderConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentStatus:
+ r"""
+ EnvironmentStatus defines the observed state of Environment.
+
+ Attributes
+ ----------
+ atProvider : RepoGithubUpboundIoV1alpha1EnvironmentStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [RepoGithubUpboundIoV1alpha1EnvironmentStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: RepoGithubUpboundIoV1alpha1EnvironmentStatusAtProvider
+
+ conditions?: [RepoGithubUpboundIoV1alpha1EnvironmentStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentStatusAtProvider:
+ r"""
+ repo github upbound io v1alpha1 environment status at provider
+
+ Attributes
+ ----------
+ canAdminsBypass : bool, default is Undefined, optional
+ Can repository admins bypass the environment protections. Defaults to true.
+ Can Admins bypass deployment protections
+ deploymentBranchPolicy : [RepoGithubUpboundIoV1alpha1EnvironmentStatusAtProviderDeploymentBranchPolicyItems0], default is Undefined, optional
+ The deployment branch policy configuration
+ environment : str, default is Undefined, optional
+ The name of the environment.
+ The name of the environment.
+ id : str, default is Undefined, optional
+ id
+ preventSelfReview : bool, default is Undefined, optional
+ Whether or not a user who created the job is prevented from approving their own job. Defaults to false.
+ Prevent users from approving workflows runs that they triggered.
+ repository : str, default is Undefined, optional
+ The repository of the environment.
+ The repository of the environment.
+ reviewers : [RepoGithubUpboundIoV1alpha1EnvironmentStatusAtProviderReviewersItems0], default is Undefined, optional
+ The environment reviewers configuration.
+ waitTimer : int, default is Undefined, optional
+ Amount of time to delay a job after the job is initially triggered.
+ Amount of time to delay a job after the job is initially triggered.
+ """
+
+
+ canAdminsBypass?: bool
+
+ deploymentBranchPolicy?: [RepoGithubUpboundIoV1alpha1EnvironmentStatusAtProviderDeploymentBranchPolicyItems0]
+
+ environment?: str
+
+ id?: str
+
+ preventSelfReview?: bool
+
+ repository?: str
+
+ reviewers?: [RepoGithubUpboundIoV1alpha1EnvironmentStatusAtProviderReviewersItems0]
+
+ waitTimer?: int
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentStatusAtProviderDeploymentBranchPolicyItems0:
+ r"""
+ repo github upbound io v1alpha1 environment status at provider deployment branch policy items0
+
+ Attributes
+ ----------
+ customBranchPolicies : bool, default is Undefined, optional
+ Whether only branches that match the specified name patterns can deploy to this environment.
+ Whether only branches that match the specified name patterns can deploy to this environment.
+ protectedBranches : bool, default is Undefined, optional
+ Whether only branches with branch protection rules can deploy to this environment.
+ Whether only branches with branch protection rules can deploy to this environment.
+ """
+
+
+ customBranchPolicies?: bool
+
+ protectedBranches?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentStatusAtProviderReviewersItems0:
+ r"""
+ repo github upbound io v1alpha1 environment status at provider reviewers items0
+
+ Attributes
+ ----------
+ teams : [int], default is Undefined, optional
+ Up to 6 IDs for teams who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ Up to 6 IDs for teams who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ users : [int], default is Undefined, optional
+ Up to 6 IDs for users who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ Up to 6 IDs for users who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed.
+ """
+
+
+ teams?: [int]
+
+ users?: [int]
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_environment_deployment_policy.k b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_environment_deployment_policy.k
new file mode 100644
index 00000000..cb1b24fa
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_environment_deployment_policy.k
@@ -0,0 +1,794 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema EnvironmentDeploymentPolicy:
+ r"""
+ EnvironmentDeploymentPolicy is the Schema for the EnvironmentDeploymentPolicys API. Creates and manages environment deployment branch policies for GitHub repositories
+
+ Attributes
+ ----------
+ apiVersion : str, default is "repo.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "EnvironmentDeploymentPolicy", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpec, default is Undefined, required
+ spec
+ status : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicyStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "repo.github.upbound.io/v1alpha1" = "repo.github.upbound.io/v1alpha1"
+
+ kind: "EnvironmentDeploymentPolicy" = "EnvironmentDeploymentPolicy"
+
+ metadata?: v1.ObjectMeta
+
+ spec: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpec
+
+ status?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicyStatus
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpec:
+ r"""
+ EnvironmentDeploymentPolicySpec defines the desired state of EnvironmentDeploymentPolicy
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProvider, default is Undefined, required
+ for provider
+ initProvider : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProvider
+
+ initProvider?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecProviderConfigRef
+
+ publishConnectionDetailsTo?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecWriteConnectionSecretToRef
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProvider:
+ r"""
+ repo github upbound io v1alpha1 environment deployment policy spec for provider
+
+ Attributes
+ ----------
+ branchPattern : str, default is Undefined, optional
+ The name pattern that branches must match in order to deploy to the environment.
+ The name pattern that branches must match in order to deploy to the environment.
+ environment : str, default is Undefined, optional
+ The name of the environment.
+ The name of the environment.
+ environmentRef : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentRef, default is Undefined, optional
+ environment ref
+ environmentSelector : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentSelector, default is Undefined, optional
+ environment selector
+ repository : str, default is Undefined, optional
+ The repository of the environment.
+ The name of the repository. The name is not case sensitive.
+ repositoryRef : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ """
+
+
+ branchPattern?: str
+
+ environment?: str
+
+ environmentRef?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentRef
+
+ environmentSelector?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentSelector
+
+ repository?: str
+
+ repositoryRef?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositoryRef
+
+ repositorySelector?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositorySelector
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentRef:
+ r"""
+ Reference to a Environment in repo to populate environment.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentSelector:
+ r"""
+ Selector for a Environment in repo to populate environment.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentSelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderEnvironmentSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecForProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ branchPattern : str, default is Undefined, optional
+ The name pattern that branches must match in order to deploy to the environment.
+ The name pattern that branches must match in order to deploy to the environment.
+ environment : str, default is Undefined, optional
+ The name of the environment.
+ The name of the environment.
+ environmentRef : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentRef, default is Undefined, optional
+ environment ref
+ environmentSelector : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentSelector, default is Undefined, optional
+ environment selector
+ repository : str, default is Undefined, optional
+ The repository of the environment.
+ The name of the repository. The name is not case sensitive.
+ repositoryRef : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ """
+
+
+ branchPattern?: str
+
+ environment?: str
+
+ environmentRef?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentRef
+
+ environmentSelector?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentSelector
+
+ repository?: str
+
+ repositoryRef?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositoryRef
+
+ repositorySelector?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositorySelector
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentRef:
+ r"""
+ Reference to a Environment in repo to populate environment.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentSelector:
+ r"""
+ Selector for a Environment in repo to populate environment.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentSelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderEnvironmentSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecInitProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecProviderConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsToConfigRef
+
+ metadata?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicySpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicyStatus:
+ r"""
+ EnvironmentDeploymentPolicyStatus defines the observed state of EnvironmentDeploymentPolicy.
+
+ Attributes
+ ----------
+ atProvider : RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicyStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicyStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicyStatusAtProvider
+
+ conditions?: [RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicyStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicyStatusAtProvider:
+ r"""
+ repo github upbound io v1alpha1 environment deployment policy status at provider
+
+ Attributes
+ ----------
+ branchPattern : str, default is Undefined, optional
+ The name pattern that branches must match in order to deploy to the environment.
+ The name pattern that branches must match in order to deploy to the environment.
+ environment : str, default is Undefined, optional
+ The name of the environment.
+ The name of the environment.
+ id : str, default is Undefined, optional
+ id
+ repository : str, default is Undefined, optional
+ The repository of the environment.
+ The name of the repository. The name is not case sensitive.
+ """
+
+
+ branchPattern?: str
+
+ environment?: str
+
+ id?: str
+
+ repository?: str
+
+
+schema RepoGithubUpboundIoV1alpha1EnvironmentDeploymentPolicyStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_issue_labels.k b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_issue_labels.k
new file mode 100644
index 00000000..3eeaa495
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_issue_labels.k
@@ -0,0 +1,468 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema IssueLabels:
+ r"""
+ IssueLabels is the Schema for the IssueLabelss API. Provides GitHub issue labels resource.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "repo.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "IssueLabels", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : RepoGithubUpboundIoV1alpha1IssueLabelsSpec, default is Undefined, required
+ spec
+ status : RepoGithubUpboundIoV1alpha1IssueLabelsStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "repo.github.upbound.io/v1alpha1" = "repo.github.upbound.io/v1alpha1"
+
+ kind: "IssueLabels" = "IssueLabels"
+
+ metadata?: v1.ObjectMeta
+
+ spec: RepoGithubUpboundIoV1alpha1IssueLabelsSpec
+
+ status?: RepoGithubUpboundIoV1alpha1IssueLabelsStatus
+
+
+schema RepoGithubUpboundIoV1alpha1IssueLabelsSpec:
+ r"""
+ IssueLabelsSpec defines the desired state of IssueLabels
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : RepoGithubUpboundIoV1alpha1IssueLabelsSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : RepoGithubUpboundIoV1alpha1IssueLabelsSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : RepoGithubUpboundIoV1alpha1IssueLabelsSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : RepoGithubUpboundIoV1alpha1IssueLabelsSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: RepoGithubUpboundIoV1alpha1IssueLabelsSpecForProvider
+
+ initProvider?: RepoGithubUpboundIoV1alpha1IssueLabelsSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: RepoGithubUpboundIoV1alpha1IssueLabelsSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: RepoGithubUpboundIoV1alpha1IssueLabelsSpecWriteConnectionSecretToRef
+
+
+schema RepoGithubUpboundIoV1alpha1IssueLabelsSpecForProvider:
+ r"""
+ repo github upbound io v1alpha1 issue labels spec for provider
+
+ Attributes
+ ----------
+ label : [RepoGithubUpboundIoV1alpha1IssueLabelsSpecForProviderLabelItems0], default is Undefined, optional
+ List of labels
+ repository : str, default is Undefined, optional
+ The GitHub repository
+ The GitHub repository.
+ """
+
+
+ label?: [RepoGithubUpboundIoV1alpha1IssueLabelsSpecForProviderLabelItems0]
+
+ repository?: str
+
+
+schema RepoGithubUpboundIoV1alpha1IssueLabelsSpecForProviderLabelItems0:
+ r"""
+ repo github upbound io v1alpha1 issue labels spec for provider label items0
+
+ Attributes
+ ----------
+ color : str, default is Undefined, optional
+ A 6 character hex code, without the leading #, identifying the color of the label.
+ A 6 character hex code, without the leading '#', identifying the color of the label.
+ description : str, default is Undefined, optional
+ A short description of the label.
+ A short description of the label.
+ name : str, default is Undefined, optional
+ The name of the label.
+ The name of the label.
+ """
+
+
+ color?: str
+
+ description?: str
+
+ name?: str
+
+
+schema RepoGithubUpboundIoV1alpha1IssueLabelsSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ label : [RepoGithubUpboundIoV1alpha1IssueLabelsSpecInitProviderLabelItems0], default is Undefined, optional
+ List of labels
+ repository : str, default is Undefined, optional
+ The GitHub repository
+ The GitHub repository.
+ """
+
+
+ label?: [RepoGithubUpboundIoV1alpha1IssueLabelsSpecInitProviderLabelItems0]
+
+ repository?: str
+
+
+schema RepoGithubUpboundIoV1alpha1IssueLabelsSpecInitProviderLabelItems0:
+ r"""
+ repo github upbound io v1alpha1 issue labels spec init provider label items0
+
+ Attributes
+ ----------
+ color : str, default is Undefined, optional
+ A 6 character hex code, without the leading #, identifying the color of the label.
+ A 6 character hex code, without the leading '#', identifying the color of the label.
+ description : str, default is Undefined, optional
+ A short description of the label.
+ A short description of the label.
+ name : str, default is Undefined, optional
+ The name of the label.
+ The name of the label.
+ """
+
+
+ color?: str
+
+ description?: str
+
+ name?: str
+
+
+schema RepoGithubUpboundIoV1alpha1IssueLabelsSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1IssueLabelsSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1IssueLabelsSpecProviderConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1IssueLabelsSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1IssueLabelsSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema RepoGithubUpboundIoV1alpha1IssueLabelsSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema RepoGithubUpboundIoV1alpha1IssueLabelsStatus:
+ r"""
+ IssueLabelsStatus defines the observed state of IssueLabels.
+
+ Attributes
+ ----------
+ atProvider : RepoGithubUpboundIoV1alpha1IssueLabelsStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [RepoGithubUpboundIoV1alpha1IssueLabelsStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: RepoGithubUpboundIoV1alpha1IssueLabelsStatusAtProvider
+
+ conditions?: [RepoGithubUpboundIoV1alpha1IssueLabelsStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema RepoGithubUpboundIoV1alpha1IssueLabelsStatusAtProvider:
+ r"""
+ repo github upbound io v1alpha1 issue labels status at provider
+
+ Attributes
+ ----------
+ id : str, default is Undefined, optional
+ id
+ label : [RepoGithubUpboundIoV1alpha1IssueLabelsStatusAtProviderLabelItems0], default is Undefined, optional
+ List of labels
+ repository : str, default is Undefined, optional
+ The GitHub repository
+ The GitHub repository.
+ """
+
+
+ id?: str
+
+ label?: [RepoGithubUpboundIoV1alpha1IssueLabelsStatusAtProviderLabelItems0]
+
+ repository?: str
+
+
+schema RepoGithubUpboundIoV1alpha1IssueLabelsStatusAtProviderLabelItems0:
+ r"""
+ repo github upbound io v1alpha1 issue labels status at provider label items0
+
+ Attributes
+ ----------
+ color : str, default is Undefined, optional
+ A 6 character hex code, without the leading #, identifying the color of the label.
+ A 6 character hex code, without the leading '#', identifying the color of the label.
+ description : str, default is Undefined, optional
+ A short description of the label.
+ A short description of the label.
+ name : str, default is Undefined, optional
+ The name of the label.
+ The name of the label.
+ url : str, default is Undefined, optional
+ (Computed) The URL to the issue label
+ The URL to the issue label.
+ """
+
+
+ color?: str
+
+ description?: str
+
+ name?: str
+
+ url?: str
+
+
+schema RepoGithubUpboundIoV1alpha1IssueLabelsStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_pull_request.k b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_pull_request.k
new file mode 100644
index 00000000..265408db
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_pull_request.k
@@ -0,0 +1,899 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema PullRequest:
+ r"""
+ PullRequest is the Schema for the PullRequests API. Get information on a single GitHub Pull Request.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "repo.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "PullRequest", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : RepoGithubUpboundIoV1alpha1PullRequestSpec, default is Undefined, required
+ spec
+ status : RepoGithubUpboundIoV1alpha1PullRequestStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "repo.github.upbound.io/v1alpha1" = "repo.github.upbound.io/v1alpha1"
+
+ kind: "PullRequest" = "PullRequest"
+
+ metadata?: v1.ObjectMeta
+
+ spec: RepoGithubUpboundIoV1alpha1PullRequestSpec
+
+ status?: RepoGithubUpboundIoV1alpha1PullRequestStatus
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpec:
+ r"""
+ PullRequestSpec defines the desired state of PullRequest
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : RepoGithubUpboundIoV1alpha1PullRequestSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : RepoGithubUpboundIoV1alpha1PullRequestSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : RepoGithubUpboundIoV1alpha1PullRequestSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : RepoGithubUpboundIoV1alpha1PullRequestSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: RepoGithubUpboundIoV1alpha1PullRequestSpecForProvider
+
+ initProvider?: RepoGithubUpboundIoV1alpha1PullRequestSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: RepoGithubUpboundIoV1alpha1PullRequestSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: RepoGithubUpboundIoV1alpha1PullRequestSpecWriteConnectionSecretToRef
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecForProvider:
+ r"""
+ repo github upbound io v1alpha1 pull request spec for provider
+
+ Attributes
+ ----------
+ baseRef : str, default is Undefined, optional
+ Name of the branch serving as the base of the Pull Request.
+ Name of the branch serving as the base of the Pull Request.
+ baseRepository : str, default is Undefined, optional
+ Name of the base repository to retrieve the Pull Requests from.
+ Name of the base repository to retrieve the Pull Requests from.
+ baseRepositoryRef : RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositoryRef, default is Undefined, optional
+ base repository ref
+ baseRepositorySelector : RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositorySelector, default is Undefined, optional
+ base repository selector
+ body : str, default is Undefined, optional
+ Body of the Pull Request.
+ Body of the Pull Request.
+ headRef : str, default is Undefined, optional
+ Name of the branch serving as the head of the Pull Request.
+ Name of the branch serving as the head of the Pull Request.
+ headRefRef : RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefRef, default is Undefined, optional
+ head ref ref
+ headRefSelector : RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefSelector, default is Undefined, optional
+ head ref selector
+ maintainerCanModify : bool, default is Undefined, optional
+ Controls whether the base repository maintainers can modify the Pull Request. Default: false.
+ Controls whether the base repository maintainers can modify the Pull Request. Default: 'false'.
+ owner : str, default is Undefined, optional
+ Owner of the repository. If not provided, the provider's default owner is used.
+ Owner of the repository. If not provided, the provider's default owner is used.
+ title : str, default is Undefined, optional
+ The title of the Pull Request.
+ The title of the Pull Request.
+ """
+
+
+ baseRef?: str
+
+ baseRepository?: str
+
+ baseRepositoryRef?: RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositoryRef
+
+ baseRepositorySelector?: RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositorySelector
+
+ body?: str
+
+ headRef?: str
+
+ headRefRef?: RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefRef
+
+ headRefSelector?: RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefSelector
+
+ maintainerCanModify?: bool
+
+ owner?: str
+
+ title?: str
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate baseRepository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate baseRepository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderBaseRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefRef:
+ r"""
+ Reference to a Branch in repo to populate headRef.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefSelector:
+ r"""
+ Selector for a Branch in repo to populate headRef.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefSelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecForProviderHeadRefSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ baseRef : str, default is Undefined, optional
+ Name of the branch serving as the base of the Pull Request.
+ Name of the branch serving as the base of the Pull Request.
+ baseRepository : str, default is Undefined, optional
+ Name of the base repository to retrieve the Pull Requests from.
+ Name of the base repository to retrieve the Pull Requests from.
+ baseRepositoryRef : RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositoryRef, default is Undefined, optional
+ base repository ref
+ baseRepositorySelector : RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositorySelector, default is Undefined, optional
+ base repository selector
+ body : str, default is Undefined, optional
+ Body of the Pull Request.
+ Body of the Pull Request.
+ headRef : str, default is Undefined, optional
+ Name of the branch serving as the head of the Pull Request.
+ Name of the branch serving as the head of the Pull Request.
+ headRefRef : RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefRef, default is Undefined, optional
+ head ref ref
+ headRefSelector : RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefSelector, default is Undefined, optional
+ head ref selector
+ maintainerCanModify : bool, default is Undefined, optional
+ Controls whether the base repository maintainers can modify the Pull Request. Default: false.
+ Controls whether the base repository maintainers can modify the Pull Request. Default: 'false'.
+ owner : str, default is Undefined, optional
+ Owner of the repository. If not provided, the provider's default owner is used.
+ Owner of the repository. If not provided, the provider's default owner is used.
+ title : str, default is Undefined, optional
+ The title of the Pull Request.
+ The title of the Pull Request.
+ """
+
+
+ baseRef?: str
+
+ baseRepository?: str
+
+ baseRepositoryRef?: RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositoryRef
+
+ baseRepositorySelector?: RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositorySelector
+
+ body?: str
+
+ headRef?: str
+
+ headRefRef?: RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefRef
+
+ headRefSelector?: RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefSelector
+
+ maintainerCanModify?: bool
+
+ owner?: str
+
+ title?: str
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate baseRepository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate baseRepository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderBaseRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefRef:
+ r"""
+ Reference to a Branch in repo to populate headRef.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefSelector:
+ r"""
+ Selector for a Branch in repo to populate headRef.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefSelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecInitProviderHeadRefSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1PullRequestSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1PullRequestSpecProviderConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestStatus:
+ r"""
+ PullRequestStatus defines the observed state of PullRequest.
+
+ Attributes
+ ----------
+ atProvider : RepoGithubUpboundIoV1alpha1PullRequestStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [RepoGithubUpboundIoV1alpha1PullRequestStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: RepoGithubUpboundIoV1alpha1PullRequestStatusAtProvider
+
+ conditions?: [RepoGithubUpboundIoV1alpha1PullRequestStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestStatusAtProvider:
+ r"""
+ repo github upbound io v1alpha1 pull request status at provider
+
+ Attributes
+ ----------
+ baseRef : str, default is Undefined, optional
+ Name of the branch serving as the base of the Pull Request.
+ Name of the branch serving as the base of the Pull Request.
+ baseRepository : str, default is Undefined, optional
+ Name of the base repository to retrieve the Pull Requests from.
+ Name of the base repository to retrieve the Pull Requests from.
+ baseSha : str, default is Undefined, optional
+ Head commit SHA of the Pull Request base.
+ Head commit SHA of the Pull Request base.
+ body : str, default is Undefined, optional
+ Body of the Pull Request.
+ Body of the Pull Request.
+ draft : bool, default is Undefined, optional
+ Indicates Whether this Pull Request is a draft.
+ Indicates Whether this Pull Request is a draft.
+ headRef : str, default is Undefined, optional
+ Name of the branch serving as the head of the Pull Request.
+ Name of the branch serving as the head of the Pull Request.
+ headSha : str, default is Undefined, optional
+ Head commit SHA of the Pull Request head.
+ Head commit SHA of the Pull Request head.
+ id : str, default is Undefined, optional
+ id
+ labels : [str], default is Undefined, optional
+ List of label names set on the Pull Request.
+ List of names of labels on the PR
+ maintainerCanModify : bool, default is Undefined, optional
+ Controls whether the base repository maintainers can modify the Pull Request. Default: false.
+ Controls whether the base repository maintainers can modify the Pull Request. Default: 'false'.
+ number : int, default is Undefined, optional
+ The number of the Pull Request within the repository.
+ The number of the Pull Request within the repository.
+ openedAt : int, default is Undefined, optional
+ Unix timestamp indicating the Pull Request creation time.
+ Unix timestamp indicating the Pull Request creation time.
+ openedBy : str, default is Undefined, optional
+ GitHub login of the user who opened the Pull Request.
+ Username of the PR creator
+ owner : str, default is Undefined, optional
+ Owner of the repository. If not provided, the provider's default owner is used.
+ Owner of the repository. If not provided, the provider's default owner is used.
+ state : str, default is Undefined, optional
+ the current Pull Request state - can be "open", "closed" or "merged".
+ The current Pull Request state - can be 'open', 'closed' or 'merged'.
+ title : str, default is Undefined, optional
+ The title of the Pull Request.
+ The title of the Pull Request.
+ updatedAt : int, default is Undefined, optional
+ The timestamp of the last Pull Request update.
+ The timestamp of the last Pull Request update.
+ """
+
+
+ baseRef?: str
+
+ baseRepository?: str
+
+ baseSha?: str
+
+ body?: str
+
+ draft?: bool
+
+ headRef?: str
+
+ headSha?: str
+
+ id?: str
+
+ labels?: [str]
+
+ maintainerCanModify?: bool
+
+ number?: int
+
+ openedAt?: int
+
+ openedBy?: str
+
+ owner?: str
+
+ state?: str
+
+ title?: str
+
+ updatedAt?: int
+
+
+schema RepoGithubUpboundIoV1alpha1PullRequestStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_repository.k b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_repository.k
new file mode 100644
index 00000000..48c6031d
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_repository.k
@@ -0,0 +1,1370 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema Repository:
+ r"""
+ Repository is the Schema for the Repositorys API. Creates and manages repositories within GitHub organizations or personal accounts
+
+ Attributes
+ ----------
+ apiVersion : str, default is "repo.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "Repository", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : RepoGithubUpboundIoV1alpha1RepositorySpec, default is Undefined, required
+ spec
+ status : RepoGithubUpboundIoV1alpha1RepositoryStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "repo.github.upbound.io/v1alpha1" = "repo.github.upbound.io/v1alpha1"
+
+ kind: "Repository" = "Repository"
+
+ metadata?: v1.ObjectMeta
+
+ spec: RepoGithubUpboundIoV1alpha1RepositorySpec
+
+ status?: RepoGithubUpboundIoV1alpha1RepositoryStatus
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpec:
+ r"""
+ RepositorySpec defines the desired state of Repository
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : RepoGithubUpboundIoV1alpha1RepositorySpecForProvider, default is Undefined, required
+ for provider
+ initProvider : RepoGithubUpboundIoV1alpha1RepositorySpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : RepoGithubUpboundIoV1alpha1RepositorySpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : RepoGithubUpboundIoV1alpha1RepositorySpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: RepoGithubUpboundIoV1alpha1RepositorySpecForProvider
+
+ initProvider?: RepoGithubUpboundIoV1alpha1RepositorySpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: RepoGithubUpboundIoV1alpha1RepositorySpecProviderConfigRef
+
+ publishConnectionDetailsTo?: RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: RepoGithubUpboundIoV1alpha1RepositorySpecWriteConnectionSecretToRef
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecForProvider:
+ r"""
+ repo github upbound io v1alpha1 repository spec for provider
+
+ Attributes
+ ----------
+ allowAutoMerge : bool, default is Undefined, optional
+ Set to true to allow auto-merging pull requests on the repository.
+ Set to 'true' to allow auto-merging pull requests on the repository.
+ allowMergeCommit : bool, default is Undefined, optional
+ (including the related merge_commit_title and merge_commit_message)
+ Set to 'false' to disable merge commits on the repository.
+ allowRebaseMerge : bool, default is Undefined, optional
+ Set to false to disable rebase merges on the repository.
+ Set to 'false' to disable rebase merges on the repository.
+ allowSquashMerge : bool, default is Undefined, optional
+ (including the related squash_merge_commit_title and squash_merge_commit_message)
+ Set to 'false' to disable squash merges on the repository.
+ allowUpdateBranch : bool, default is Undefined, optional
+ Set to true to always suggest updating pull request branches.
+ Set to 'true' to always suggest updating pull request branches.
+ archiveOnDestroy : bool, default is Undefined, optional
+ Set to true to archive the repository instead of deleting on destroy.
+ Set to 'true' to archive the repository instead of deleting on destroy.
+ archived : bool, default is Undefined, optional
+ Specifies if the repository should be archived. Defaults to false. NOTE Currently, the API does not support unarchiving.
+ Specifies if the repository should be archived. Defaults to 'false'. NOTE Currently, the API does not support unarchiving.
+ autoInit : bool, default is Undefined, optional
+ Set to true to produce an initial commit in the repository.
+ Set to 'true' to produce an initial commit in the repository.
+ defaultBranch : str, default is Undefined, optional
+ (Deprecated: Use github_branch_default resource instead) The name of the default branch of the repository. NOTE: This can only be set after a repository has already been created,
+ and after a correct reference has been created for the target branch inside the repository. This means a user will have to omit this parameter from the
+ initial repository creation and create the target branch inside of the repository prior to setting this attribute.
+ Can only be set after initial repository creation, and only if the target branch exists
+ deleteBranchOnMerge : bool, default is Undefined, optional
+ Automatically delete head branch after a pull request is merged. Defaults to false.
+ Automatically delete head branch after a pull request is merged. Defaults to 'false'.
+ description : str, default is Undefined, optional
+ A description of the repository.
+ A description of the repository.
+ gitignoreTemplate : str, default is Undefined, optional
+ Use the name of the template without the extension. For example, "Haskell".
+ Use the name of the template without the extension. For example, 'Haskell'.
+ hasDiscussions : bool, default is Undefined, optional
+ Set to true to enable GitHub Discussions on the repository. Defaults to false.
+ Set to 'true' to enable GitHub Discussions on the repository. Defaults to 'false'.
+ hasDownloads : bool, default is Undefined, optional
+ Set to true to enable the (deprecated) downloads features on the repository.
+ Set to 'true' to enable the (deprecated) downloads features on the repository.
+ hasIssues : bool, default is Undefined, optional
+ Set to true to enable the GitHub Issues features
+ on the repository.
+ Set to 'true' to enable the GitHub Issues features on the repository
+ hasProjects : bool, default is Undefined, optional
+ Set to true to enable the GitHub Projects features on the repository. Per the GitHub documentation when in an organization that has disabled repository projects it will default to false and will otherwise default to true. If you specify true when it has been disabled it will return an error.
+ Set to 'true' to enable the GitHub Projects features on the repository. Per the GitHub documentation when in an organization that has disabled repository projects it will default to 'false' and will otherwise default to 'true'. If you specify 'true' when it has been disabled it will return an error.
+ hasWiki : bool, default is Undefined, optional
+ Set to true to enable the GitHub Wiki features on
+ the repository.
+ Set to 'true' to enable the GitHub Wiki features on the repository.
+ homepageUrl : str, default is Undefined, optional
+ URL of a page describing the project.
+ URL of a page describing the project.
+ ignoreVulnerabilityAlertsDuringRead : bool, default is Undefined, optional
+ Set to true to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read.
+ Set to true to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read.
+ isTemplate : bool, default is Undefined, optional
+ Set to true to tell GitHub that this is a template repository.
+ Set to 'true' to tell GitHub that this is a template repository.
+ licenseTemplate : str, default is Undefined, optional
+ Use the name of the template without the extension. For example, "mit" or "mpl-2.0".
+ Use the name of the template without the extension. For example, 'mit' or 'mpl-2.0'.
+ mergeCommitMessage : str, default is Undefined, optional
+ Can be PR_BODY, PR_TITLE, or BLANK for a default merge commit message. Applicable only if allow_merge_commit is true.
+ Can be 'PR_BODY', 'PR_TITLE', or 'BLANK' for a default merge commit message.
+ mergeCommitTitle : str, default is Undefined, optional
+ Can be PR_TITLE or MERGE_MESSAGE for a default merge commit title. Applicable only if allow_merge_commit is true.
+ Can be 'PR_TITLE' or 'MERGE_MESSAGE' for a default merge commit title.
+ name : str, default is Undefined, optional
+ The name of the repository.
+ The name of the repository.
+ pages : [RepoGithubUpboundIoV1alpha1RepositorySpecForProviderPagesItems0], default is Undefined, optional
+ The repository's GitHub Pages configuration. See GitHub Pages Configuration below for details.
+ The repository's GitHub Pages configuration
+ private : bool, default is Undefined, optional
+ Set to true to create a private repository.
+ Repositories are created as public (e.g. open source) by default.
+ securityAndAnalysis : [RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0], default is Undefined, optional
+ The repository's security and analysis configuration. See Security and Analysis Configuration below for details.
+ Security and analysis settings for the repository. To use this parameter you must have admin permissions for the repository or be an owner or security manager for the organization that owns the repository.
+ squashMergeCommitMessage : str, default is Undefined, optional
+ Can be PR_BODY, COMMIT_MESSAGES, or BLANK for a default squash merge commit message. Applicable only if allow_squash_merge is true.
+ Can be 'PR_BODY', 'COMMIT_MESSAGES', or 'BLANK' for a default squash merge commit message.
+ squashMergeCommitTitle : str, default is Undefined, optional
+ Can be PR_TITLE or COMMIT_OR_PR_TITLE for a default squash merge commit title. Applicable only if allow_squash_merge is true.
+ Can be 'PR_TITLE' or 'COMMIT_OR_PR_TITLE' for a default squash merge commit title.
+ template : [RepoGithubUpboundIoV1alpha1RepositorySpecForProviderTemplateItems0], default is Undefined, optional
+ Use a template repository to create this resource. See Template Repositories below for details.
+ Use a template repository to create this resource.
+ topics : [str], default is Undefined, optional
+ The list of topics of the repository.
+ The list of topics of the repository.
+ visibility : str, default is Undefined, optional
+ Can be public or private. If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be internal. The visibility parameter overrides the private parameter.
+ Can be 'public' or 'private'. If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be 'internal'.
+ vulnerabilityAlerts : bool, default is Undefined, optional
+ Set to true to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default.) See GitHub Documentation for details. Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings.
+ Set to 'true' to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default). Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings.
+ webCommitSignoffRequired : bool, default is Undefined, optional
+ Require contributors to sign off on web-based commits. See more here. Defaults to false.
+ Require contributors to sign off on web-based commits. Defaults to 'false'.
+ """
+
+
+ allowAutoMerge?: bool
+
+ allowMergeCommit?: bool
+
+ allowRebaseMerge?: bool
+
+ allowSquashMerge?: bool
+
+ allowUpdateBranch?: bool
+
+ archiveOnDestroy?: bool
+
+ archived?: bool
+
+ autoInit?: bool
+
+ defaultBranch?: str
+
+ deleteBranchOnMerge?: bool
+
+ description?: str
+
+ gitignoreTemplate?: str
+
+ hasDiscussions?: bool
+
+ hasDownloads?: bool
+
+ hasIssues?: bool
+
+ hasProjects?: bool
+
+ hasWiki?: bool
+
+ homepageUrl?: str
+
+ ignoreVulnerabilityAlertsDuringRead?: bool
+
+ isTemplate?: bool
+
+ licenseTemplate?: str
+
+ mergeCommitMessage?: str
+
+ mergeCommitTitle?: str
+
+ name?: str
+
+ pages?: [RepoGithubUpboundIoV1alpha1RepositorySpecForProviderPagesItems0]
+
+ private?: bool
+
+ securityAndAnalysis?: [RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0]
+
+ squashMergeCommitMessage?: str
+
+ squashMergeCommitTitle?: str
+
+ template?: [RepoGithubUpboundIoV1alpha1RepositorySpecForProviderTemplateItems0]
+
+ topics?: [str]
+
+ visibility?: str
+
+ vulnerabilityAlerts?: bool
+
+ webCommitSignoffRequired?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecForProviderPagesItems0:
+ r"""
+ repo github upbound io v1alpha1 repository spec for provider pages items0
+
+ Attributes
+ ----------
+ buildType : str, default is Undefined, optional
+ The type of GitHub Pages site to build. Can be legacy or workflow. If you use legacy as build type you need to set the option source.
+ The type the page should be sourced.
+ cname : str, default is Undefined, optional
+ The custom domain for the repository. This can only be set after the repository has been created.
+ The custom domain for the repository. This can only be set after the repository has been created.
+ source : [RepoGithubUpboundIoV1alpha1RepositorySpecForProviderPagesItems0SourceItems0], default is Undefined, optional
+ The source branch and directory for the rendered Pages site. See GitHub Pages Source below for details.
+ The source branch and directory for the rendered Pages site.
+ """
+
+
+ buildType?: str
+
+ cname?: str
+
+ source?: [RepoGithubUpboundIoV1alpha1RepositorySpecForProviderPagesItems0SourceItems0]
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecForProviderPagesItems0SourceItems0:
+ r"""
+ repo github upbound io v1alpha1 repository spec for provider pages items0 source items0
+
+ Attributes
+ ----------
+ branch : str, default is Undefined, optional
+ The repository branch used to publish the site's source files. (i.e. main or gh-pages.
+ The repository branch used to publish the site's source files. (i.e. 'main' or 'gh-pages')
+ path : str, default is Undefined, optional
+ The repository directory from which the site publishes (Default: /).
+ The repository directory from which the site publishes (Default: '/')
+ """
+
+
+ branch?: str
+
+ path?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0:
+ r"""
+ repo github upbound io v1alpha1 repository spec for provider security and analysis items0
+
+ Attributes
+ ----------
+ advancedSecurity : [RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0AdvancedSecurityItems0], default is Undefined, optional
+ The advanced security configuration for the repository. See Advanced Security Configuration below for details. If a repository's visibility is public, advanced security is always enabled and cannot be changed, so this setting cannot be supplied.
+ The advanced security configuration for the repository. If a repository's visibility is 'public', advanced security is always enabled and cannot be changed, so this setting cannot be supplied.
+ secretScanning : [RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0SecretScanningItems0], default is Undefined, optional
+ The secret scanning configuration for the repository. See Secret Scanning Configuration below for details.
+ The secret scanning configuration for the repository.
+ secretScanningPushProtection : [RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0SecretScanningPushProtectionItems0], default is Undefined, optional
+ The secret scanning push protection configuration for the repository. See Secret Scanning Push Protection Configuration below for details.
+ The secret scanning push protection configuration for the repository.
+ """
+
+
+ advancedSecurity?: [RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0AdvancedSecurityItems0]
+
+ secretScanning?: [RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0SecretScanningItems0]
+
+ secretScanningPushProtection?: [RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0SecretScanningPushProtectionItems0]
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0AdvancedSecurityItems0:
+ r"""
+ repo github upbound io v1alpha1 repository spec for provider security and analysis items0 advanced security items0
+
+ Attributes
+ ----------
+ status : str, default is Undefined, optional
+ Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
+ Set to 'enabled' to enable advanced security features on the repository. Can be 'enabled' or 'disabled'.
+ """
+
+
+ status?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0SecretScanningItems0:
+ r"""
+ repo github upbound io v1alpha1 repository spec for provider security and analysis items0 secret scanning items0
+
+ Attributes
+ ----------
+ status : str, default is Undefined, optional
+ Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
+ Set to 'enabled' to enable secret scanning on the repository. Can be 'enabled' or 'disabled'. If set to 'enabled', the repository's visibility must be 'public' or 'security_and_analysis[0].advanced_security[0].status' must also be set to 'enabled'.
+ """
+
+
+ status?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecForProviderSecurityAndAnalysisItems0SecretScanningPushProtectionItems0:
+ r"""
+ repo github upbound io v1alpha1 repository spec for provider security and analysis items0 secret scanning push protection items0
+
+ Attributes
+ ----------
+ status : str, default is Undefined, optional
+ Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
+ Set to 'enabled' to enable secret scanning push protection on the repository. Can be 'enabled' or 'disabled'. If set to 'enabled', the repository's visibility must be 'public' or 'security_and_analysis[0].advanced_security[0].status' must also be set to 'enabled'.
+ """
+
+
+ status?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecForProviderTemplateItems0:
+ r"""
+ repo github upbound io v1alpha1 repository spec for provider template items0
+
+ Attributes
+ ----------
+ includeAllBranches : bool, default is Undefined, optional
+ : Whether the new repository should include all the branches from the template repository (defaults to false, which includes only the default branch from the template).
+ Whether the new repository should include all the branches from the template repository (defaults to 'false', which includes only the default branch from the template).
+ owner : str, default is Undefined, optional
+ : The GitHub organization or user the template repository is owned by.
+ The GitHub organization or user the template repository is owned by.
+ repository : str, default is Undefined, optional
+ : The name of the template repository.
+ The name of the template repository.
+ """
+
+
+ includeAllBranches?: bool
+
+ owner?: str
+
+ repository?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ allowAutoMerge : bool, default is Undefined, optional
+ Set to true to allow auto-merging pull requests on the repository.
+ Set to 'true' to allow auto-merging pull requests on the repository.
+ allowMergeCommit : bool, default is Undefined, optional
+ (including the related merge_commit_title and merge_commit_message)
+ Set to 'false' to disable merge commits on the repository.
+ allowRebaseMerge : bool, default is Undefined, optional
+ Set to false to disable rebase merges on the repository.
+ Set to 'false' to disable rebase merges on the repository.
+ allowSquashMerge : bool, default is Undefined, optional
+ (including the related squash_merge_commit_title and squash_merge_commit_message)
+ Set to 'false' to disable squash merges on the repository.
+ allowUpdateBranch : bool, default is Undefined, optional
+ Set to true to always suggest updating pull request branches.
+ Set to 'true' to always suggest updating pull request branches.
+ archiveOnDestroy : bool, default is Undefined, optional
+ Set to true to archive the repository instead of deleting on destroy.
+ Set to 'true' to archive the repository instead of deleting on destroy.
+ archived : bool, default is Undefined, optional
+ Specifies if the repository should be archived. Defaults to false. NOTE Currently, the API does not support unarchiving.
+ Specifies if the repository should be archived. Defaults to 'false'. NOTE Currently, the API does not support unarchiving.
+ autoInit : bool, default is Undefined, optional
+ Set to true to produce an initial commit in the repository.
+ Set to 'true' to produce an initial commit in the repository.
+ defaultBranch : str, default is Undefined, optional
+ (Deprecated: Use github_branch_default resource instead) The name of the default branch of the repository. NOTE: This can only be set after a repository has already been created,
+ and after a correct reference has been created for the target branch inside the repository. This means a user will have to omit this parameter from the
+ initial repository creation and create the target branch inside of the repository prior to setting this attribute.
+ Can only be set after initial repository creation, and only if the target branch exists
+ deleteBranchOnMerge : bool, default is Undefined, optional
+ Automatically delete head branch after a pull request is merged. Defaults to false.
+ Automatically delete head branch after a pull request is merged. Defaults to 'false'.
+ description : str, default is Undefined, optional
+ A description of the repository.
+ A description of the repository.
+ gitignoreTemplate : str, default is Undefined, optional
+ Use the name of the template without the extension. For example, "Haskell".
+ Use the name of the template without the extension. For example, 'Haskell'.
+ hasDiscussions : bool, default is Undefined, optional
+ Set to true to enable GitHub Discussions on the repository. Defaults to false.
+ Set to 'true' to enable GitHub Discussions on the repository. Defaults to 'false'.
+ hasDownloads : bool, default is Undefined, optional
+ Set to true to enable the (deprecated) downloads features on the repository.
+ Set to 'true' to enable the (deprecated) downloads features on the repository.
+ hasIssues : bool, default is Undefined, optional
+ Set to true to enable the GitHub Issues features
+ on the repository.
+ Set to 'true' to enable the GitHub Issues features on the repository
+ hasProjects : bool, default is Undefined, optional
+ Set to true to enable the GitHub Projects features on the repository. Per the GitHub documentation when in an organization that has disabled repository projects it will default to false and will otherwise default to true. If you specify true when it has been disabled it will return an error.
+ Set to 'true' to enable the GitHub Projects features on the repository. Per the GitHub documentation when in an organization that has disabled repository projects it will default to 'false' and will otherwise default to 'true'. If you specify 'true' when it has been disabled it will return an error.
+ hasWiki : bool, default is Undefined, optional
+ Set to true to enable the GitHub Wiki features on
+ the repository.
+ Set to 'true' to enable the GitHub Wiki features on the repository.
+ homepageUrl : str, default is Undefined, optional
+ URL of a page describing the project.
+ URL of a page describing the project.
+ ignoreVulnerabilityAlertsDuringRead : bool, default is Undefined, optional
+ Set to true to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read.
+ Set to true to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read.
+ isTemplate : bool, default is Undefined, optional
+ Set to true to tell GitHub that this is a template repository.
+ Set to 'true' to tell GitHub that this is a template repository.
+ licenseTemplate : str, default is Undefined, optional
+ Use the name of the template without the extension. For example, "mit" or "mpl-2.0".
+ Use the name of the template without the extension. For example, 'mit' or 'mpl-2.0'.
+ mergeCommitMessage : str, default is Undefined, optional
+ Can be PR_BODY, PR_TITLE, or BLANK for a default merge commit message. Applicable only if allow_merge_commit is true.
+ Can be 'PR_BODY', 'PR_TITLE', or 'BLANK' for a default merge commit message.
+ mergeCommitTitle : str, default is Undefined, optional
+ Can be PR_TITLE or MERGE_MESSAGE for a default merge commit title. Applicable only if allow_merge_commit is true.
+ Can be 'PR_TITLE' or 'MERGE_MESSAGE' for a default merge commit title.
+ name : str, default is Undefined, optional
+ The name of the repository.
+ The name of the repository.
+ pages : [RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderPagesItems0], default is Undefined, optional
+ The repository's GitHub Pages configuration. See GitHub Pages Configuration below for details.
+ The repository's GitHub Pages configuration
+ private : bool, default is Undefined, optional
+ Set to true to create a private repository.
+ Repositories are created as public (e.g. open source) by default.
+ securityAndAnalysis : [RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0], default is Undefined, optional
+ The repository's security and analysis configuration. See Security and Analysis Configuration below for details.
+ Security and analysis settings for the repository. To use this parameter you must have admin permissions for the repository or be an owner or security manager for the organization that owns the repository.
+ squashMergeCommitMessage : str, default is Undefined, optional
+ Can be PR_BODY, COMMIT_MESSAGES, or BLANK for a default squash merge commit message. Applicable only if allow_squash_merge is true.
+ Can be 'PR_BODY', 'COMMIT_MESSAGES', or 'BLANK' for a default squash merge commit message.
+ squashMergeCommitTitle : str, default is Undefined, optional
+ Can be PR_TITLE or COMMIT_OR_PR_TITLE for a default squash merge commit title. Applicable only if allow_squash_merge is true.
+ Can be 'PR_TITLE' or 'COMMIT_OR_PR_TITLE' for a default squash merge commit title.
+ template : [RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderTemplateItems0], default is Undefined, optional
+ Use a template repository to create this resource. See Template Repositories below for details.
+ Use a template repository to create this resource.
+ topics : [str], default is Undefined, optional
+ The list of topics of the repository.
+ The list of topics of the repository.
+ visibility : str, default is Undefined, optional
+ Can be public or private. If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be internal. The visibility parameter overrides the private parameter.
+ Can be 'public' or 'private'. If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be 'internal'.
+ vulnerabilityAlerts : bool, default is Undefined, optional
+ Set to true to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default.) See GitHub Documentation for details. Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings.
+ Set to 'true' to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default). Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings.
+ webCommitSignoffRequired : bool, default is Undefined, optional
+ Require contributors to sign off on web-based commits. See more here. Defaults to false.
+ Require contributors to sign off on web-based commits. Defaults to 'false'.
+ """
+
+
+ allowAutoMerge?: bool
+
+ allowMergeCommit?: bool
+
+ allowRebaseMerge?: bool
+
+ allowSquashMerge?: bool
+
+ allowUpdateBranch?: bool
+
+ archiveOnDestroy?: bool
+
+ archived?: bool
+
+ autoInit?: bool
+
+ defaultBranch?: str
+
+ deleteBranchOnMerge?: bool
+
+ description?: str
+
+ gitignoreTemplate?: str
+
+ hasDiscussions?: bool
+
+ hasDownloads?: bool
+
+ hasIssues?: bool
+
+ hasProjects?: bool
+
+ hasWiki?: bool
+
+ homepageUrl?: str
+
+ ignoreVulnerabilityAlertsDuringRead?: bool
+
+ isTemplate?: bool
+
+ licenseTemplate?: str
+
+ mergeCommitMessage?: str
+
+ mergeCommitTitle?: str
+
+ name?: str
+
+ pages?: [RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderPagesItems0]
+
+ private?: bool
+
+ securityAndAnalysis?: [RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0]
+
+ squashMergeCommitMessage?: str
+
+ squashMergeCommitTitle?: str
+
+ template?: [RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderTemplateItems0]
+
+ topics?: [str]
+
+ visibility?: str
+
+ vulnerabilityAlerts?: bool
+
+ webCommitSignoffRequired?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderPagesItems0:
+ r"""
+ repo github upbound io v1alpha1 repository spec init provider pages items0
+
+ Attributes
+ ----------
+ buildType : str, default is Undefined, optional
+ The type of GitHub Pages site to build. Can be legacy or workflow. If you use legacy as build type you need to set the option source.
+ The type the page should be sourced.
+ cname : str, default is Undefined, optional
+ The custom domain for the repository. This can only be set after the repository has been created.
+ The custom domain for the repository. This can only be set after the repository has been created.
+ source : [RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderPagesItems0SourceItems0], default is Undefined, optional
+ The source branch and directory for the rendered Pages site. See GitHub Pages Source below for details.
+ The source branch and directory for the rendered Pages site.
+ """
+
+
+ buildType?: str
+
+ cname?: str
+
+ source?: [RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderPagesItems0SourceItems0]
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderPagesItems0SourceItems0:
+ r"""
+ repo github upbound io v1alpha1 repository spec init provider pages items0 source items0
+
+ Attributes
+ ----------
+ branch : str, default is Undefined, optional
+ The repository branch used to publish the site's source files. (i.e. main or gh-pages.
+ The repository branch used to publish the site's source files. (i.e. 'main' or 'gh-pages')
+ path : str, default is Undefined, optional
+ The repository directory from which the site publishes (Default: /).
+ The repository directory from which the site publishes (Default: '/')
+ """
+
+
+ branch?: str
+
+ path?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0:
+ r"""
+ repo github upbound io v1alpha1 repository spec init provider security and analysis items0
+
+ Attributes
+ ----------
+ advancedSecurity : [RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0AdvancedSecurityItems0], default is Undefined, optional
+ The advanced security configuration for the repository. See Advanced Security Configuration below for details. If a repository's visibility is public, advanced security is always enabled and cannot be changed, so this setting cannot be supplied.
+ The advanced security configuration for the repository. If a repository's visibility is 'public', advanced security is always enabled and cannot be changed, so this setting cannot be supplied.
+ secretScanning : [RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0SecretScanningItems0], default is Undefined, optional
+ The secret scanning configuration for the repository. See Secret Scanning Configuration below for details.
+ The secret scanning configuration for the repository.
+ secretScanningPushProtection : [RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0SecretScanningPushProtectionItems0], default is Undefined, optional
+ The secret scanning push protection configuration for the repository. See Secret Scanning Push Protection Configuration below for details.
+ The secret scanning push protection configuration for the repository.
+ """
+
+
+ advancedSecurity?: [RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0AdvancedSecurityItems0]
+
+ secretScanning?: [RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0SecretScanningItems0]
+
+ secretScanningPushProtection?: [RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0SecretScanningPushProtectionItems0]
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0AdvancedSecurityItems0:
+ r"""
+ repo github upbound io v1alpha1 repository spec init provider security and analysis items0 advanced security items0
+
+ Attributes
+ ----------
+ status : str, default is Undefined, optional
+ Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
+ Set to 'enabled' to enable advanced security features on the repository. Can be 'enabled' or 'disabled'.
+ """
+
+
+ status?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0SecretScanningItems0:
+ r"""
+ repo github upbound io v1alpha1 repository spec init provider security and analysis items0 secret scanning items0
+
+ Attributes
+ ----------
+ status : str, default is Undefined, optional
+ Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
+ Set to 'enabled' to enable secret scanning on the repository. Can be 'enabled' or 'disabled'. If set to 'enabled', the repository's visibility must be 'public' or 'security_and_analysis[0].advanced_security[0].status' must also be set to 'enabled'.
+ """
+
+
+ status?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderSecurityAndAnalysisItems0SecretScanningPushProtectionItems0:
+ r"""
+ repo github upbound io v1alpha1 repository spec init provider security and analysis items0 secret scanning push protection items0
+
+ Attributes
+ ----------
+ status : str, default is Undefined, optional
+ Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
+ Set to 'enabled' to enable secret scanning push protection on the repository. Can be 'enabled' or 'disabled'. If set to 'enabled', the repository's visibility must be 'public' or 'security_and_analysis[0].advanced_security[0].status' must also be set to 'enabled'.
+ """
+
+
+ status?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecInitProviderTemplateItems0:
+ r"""
+ repo github upbound io v1alpha1 repository spec init provider template items0
+
+ Attributes
+ ----------
+ includeAllBranches : bool, default is Undefined, optional
+ : Whether the new repository should include all the branches from the template repository (defaults to false, which includes only the default branch from the template).
+ Whether the new repository should include all the branches from the template repository (defaults to 'false', which includes only the default branch from the template).
+ owner : str, default is Undefined, optional
+ : The GitHub organization or user the template repository is owned by.
+ The GitHub organization or user the template repository is owned by.
+ repository : str, default is Undefined, optional
+ : The name of the template repository.
+ The name of the template repository.
+ """
+
+
+ includeAllBranches?: bool
+
+ owner?: str
+
+ repository?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositorySpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositorySpecProviderConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsToConfigRef
+
+ metadata?: RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositorySpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryStatus:
+ r"""
+ RepositoryStatus defines the observed state of Repository.
+
+ Attributes
+ ----------
+ atProvider : RepoGithubUpboundIoV1alpha1RepositoryStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [RepoGithubUpboundIoV1alpha1RepositoryStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: RepoGithubUpboundIoV1alpha1RepositoryStatusAtProvider
+
+ conditions?: [RepoGithubUpboundIoV1alpha1RepositoryStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryStatusAtProvider:
+ r"""
+ repo github upbound io v1alpha1 repository status at provider
+
+ Attributes
+ ----------
+ allowAutoMerge : bool, default is Undefined, optional
+ Set to true to allow auto-merging pull requests on the repository.
+ Set to 'true' to allow auto-merging pull requests on the repository.
+ allowMergeCommit : bool, default is Undefined, optional
+ (including the related merge_commit_title and merge_commit_message)
+ Set to 'false' to disable merge commits on the repository.
+ allowRebaseMerge : bool, default is Undefined, optional
+ Set to false to disable rebase merges on the repository.
+ Set to 'false' to disable rebase merges on the repository.
+ allowSquashMerge : bool, default is Undefined, optional
+ (including the related squash_merge_commit_title and squash_merge_commit_message)
+ Set to 'false' to disable squash merges on the repository.
+ allowUpdateBranch : bool, default is Undefined, optional
+ Set to true to always suggest updating pull request branches.
+ Set to 'true' to always suggest updating pull request branches.
+ archiveOnDestroy : bool, default is Undefined, optional
+ Set to true to archive the repository instead of deleting on destroy.
+ Set to 'true' to archive the repository instead of deleting on destroy.
+ archived : bool, default is Undefined, optional
+ Specifies if the repository should be archived. Defaults to false. NOTE Currently, the API does not support unarchiving.
+ Specifies if the repository should be archived. Defaults to 'false'. NOTE Currently, the API does not support unarchiving.
+ autoInit : bool, default is Undefined, optional
+ Set to true to produce an initial commit in the repository.
+ Set to 'true' to produce an initial commit in the repository.
+ defaultBranch : str, default is Undefined, optional
+ (Deprecated: Use github_branch_default resource instead) The name of the default branch of the repository. NOTE: This can only be set after a repository has already been created,
+ and after a correct reference has been created for the target branch inside the repository. This means a user will have to omit this parameter from the
+ initial repository creation and create the target branch inside of the repository prior to setting this attribute.
+ Can only be set after initial repository creation, and only if the target branch exists
+ deleteBranchOnMerge : bool, default is Undefined, optional
+ Automatically delete head branch after a pull request is merged. Defaults to false.
+ Automatically delete head branch after a pull request is merged. Defaults to 'false'.
+ description : str, default is Undefined, optional
+ A description of the repository.
+ A description of the repository.
+ etag : str, default is Undefined, optional
+ etag
+ fullName : str, default is Undefined, optional
+ A string of the form "orgname/reponame".
+ A string of the form 'orgname/reponame'.
+ gitCloneUrl : str, default is Undefined, optional
+ URL that can be provided to git clone to clone the repository anonymously via the git protocol.
+ URL that can be provided to 'git clone' to clone the repository anonymously via the git protocol.
+ gitignoreTemplate : str, default is Undefined, optional
+ Use the name of the template without the extension. For example, "Haskell".
+ Use the name of the template without the extension. For example, 'Haskell'.
+ hasDiscussions : bool, default is Undefined, optional
+ Set to true to enable GitHub Discussions on the repository. Defaults to false.
+ Set to 'true' to enable GitHub Discussions on the repository. Defaults to 'false'.
+ hasDownloads : bool, default is Undefined, optional
+ Set to true to enable the (deprecated) downloads features on the repository.
+ Set to 'true' to enable the (deprecated) downloads features on the repository.
+ hasIssues : bool, default is Undefined, optional
+ Set to true to enable the GitHub Issues features
+ on the repository.
+ Set to 'true' to enable the GitHub Issues features on the repository
+ hasProjects : bool, default is Undefined, optional
+ Set to true to enable the GitHub Projects features on the repository. Per the GitHub documentation when in an organization that has disabled repository projects it will default to false and will otherwise default to true. If you specify true when it has been disabled it will return an error.
+ Set to 'true' to enable the GitHub Projects features on the repository. Per the GitHub documentation when in an organization that has disabled repository projects it will default to 'false' and will otherwise default to 'true'. If you specify 'true' when it has been disabled it will return an error.
+ hasWiki : bool, default is Undefined, optional
+ Set to true to enable the GitHub Wiki features on
+ the repository.
+ Set to 'true' to enable the GitHub Wiki features on the repository.
+ homepageUrl : str, default is Undefined, optional
+ URL of a page describing the project.
+ URL of a page describing the project.
+ htmlUrl : str, default is Undefined, optional
+ URL to the repository on the web.
+ URL to the repository on the web.
+ httpCloneUrl : str, default is Undefined, optional
+ URL that can be provided to git clone to clone the repository via HTTPS.
+ URL that can be provided to 'git clone' to clone the repository via HTTPS.
+ id : str, default is Undefined, optional
+ id
+ ignoreVulnerabilityAlertsDuringRead : bool, default is Undefined, optional
+ Set to true to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read.
+ Set to true to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read.
+ isTemplate : bool, default is Undefined, optional
+ Set to true to tell GitHub that this is a template repository.
+ Set to 'true' to tell GitHub that this is a template repository.
+ licenseTemplate : str, default is Undefined, optional
+ Use the name of the template without the extension. For example, "mit" or "mpl-2.0".
+ Use the name of the template without the extension. For example, 'mit' or 'mpl-2.0'.
+ mergeCommitMessage : str, default is Undefined, optional
+ Can be PR_BODY, PR_TITLE, or BLANK for a default merge commit message. Applicable only if allow_merge_commit is true.
+ Can be 'PR_BODY', 'PR_TITLE', or 'BLANK' for a default merge commit message.
+ mergeCommitTitle : str, default is Undefined, optional
+ Can be PR_TITLE or MERGE_MESSAGE for a default merge commit title. Applicable only if allow_merge_commit is true.
+ Can be 'PR_TITLE' or 'MERGE_MESSAGE' for a default merge commit title.
+ name : str, default is Undefined, optional
+ The name of the repository.
+ The name of the repository.
+ nodeId : str, default is Undefined, optional
+ GraphQL global node id for use with v4 API
+ GraphQL global node id for use with v4 API.
+ pages : [RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderPagesItems0], default is Undefined, optional
+ The repository's GitHub Pages configuration. See GitHub Pages Configuration below for details.
+ The repository's GitHub Pages configuration
+ primaryLanguage : str, default is Undefined, optional
+ The primary language used in the repository.
+ private : bool, default is Undefined, optional
+ Set to true to create a private repository.
+ Repositories are created as public (e.g. open source) by default.
+ repoId : int, default is Undefined, optional
+ GitHub ID for the repository
+ GitHub ID for the repository.
+ securityAndAnalysis : [RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0], default is Undefined, optional
+ The repository's security and analysis configuration. See Security and Analysis Configuration below for details.
+ Security and analysis settings for the repository. To use this parameter you must have admin permissions for the repository or be an owner or security manager for the organization that owns the repository.
+ squashMergeCommitMessage : str, default is Undefined, optional
+ Can be PR_BODY, COMMIT_MESSAGES, or BLANK for a default squash merge commit message. Applicable only if allow_squash_merge is true.
+ Can be 'PR_BODY', 'COMMIT_MESSAGES', or 'BLANK' for a default squash merge commit message.
+ squashMergeCommitTitle : str, default is Undefined, optional
+ Can be PR_TITLE or COMMIT_OR_PR_TITLE for a default squash merge commit title. Applicable only if allow_squash_merge is true.
+ Can be 'PR_TITLE' or 'COMMIT_OR_PR_TITLE' for a default squash merge commit title.
+ sshCloneUrl : str, default is Undefined, optional
+ URL that can be provided to git clone to clone the repository via SSH.
+ URL that can be provided to 'git clone' to clone the repository via SSH.
+ svnUrl : str, default is Undefined, optional
+ URL that can be provided to svn checkout to check out the repository via GitHub's Subversion protocol emulation.
+ URL that can be provided to 'svn checkout' to check out the repository via GitHub's Subversion protocol emulation.
+ template : [RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderTemplateItems0], default is Undefined, optional
+ Use a template repository to create this resource. See Template Repositories below for details.
+ Use a template repository to create this resource.
+ topics : [str], default is Undefined, optional
+ The list of topics of the repository.
+ The list of topics of the repository.
+ visibility : str, default is Undefined, optional
+ Can be public or private. If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be internal. The visibility parameter overrides the private parameter.
+ Can be 'public' or 'private'. If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be 'internal'.
+ vulnerabilityAlerts : bool, default is Undefined, optional
+ Set to true to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default.) See GitHub Documentation for details. Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings.
+ Set to 'true' to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default). Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings.
+ webCommitSignoffRequired : bool, default is Undefined, optional
+ Require contributors to sign off on web-based commits. See more here. Defaults to false.
+ Require contributors to sign off on web-based commits. Defaults to 'false'.
+ """
+
+
+ allowAutoMerge?: bool
+
+ allowMergeCommit?: bool
+
+ allowRebaseMerge?: bool
+
+ allowSquashMerge?: bool
+
+ allowUpdateBranch?: bool
+
+ archiveOnDestroy?: bool
+
+ archived?: bool
+
+ autoInit?: bool
+
+ defaultBranch?: str
+
+ deleteBranchOnMerge?: bool
+
+ description?: str
+
+ etag?: str
+
+ fullName?: str
+
+ gitCloneUrl?: str
+
+ gitignoreTemplate?: str
+
+ hasDiscussions?: bool
+
+ hasDownloads?: bool
+
+ hasIssues?: bool
+
+ hasProjects?: bool
+
+ hasWiki?: bool
+
+ homepageUrl?: str
+
+ htmlUrl?: str
+
+ httpCloneUrl?: str
+
+ id?: str
+
+ ignoreVulnerabilityAlertsDuringRead?: bool
+
+ isTemplate?: bool
+
+ licenseTemplate?: str
+
+ mergeCommitMessage?: str
+
+ mergeCommitTitle?: str
+
+ name?: str
+
+ nodeId?: str
+
+ pages?: [RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderPagesItems0]
+
+ primaryLanguage?: str
+
+ private?: bool
+
+ repoId?: int
+
+ securityAndAnalysis?: [RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0]
+
+ squashMergeCommitMessage?: str
+
+ squashMergeCommitTitle?: str
+
+ sshCloneUrl?: str
+
+ svnUrl?: str
+
+ template?: [RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderTemplateItems0]
+
+ topics?: [str]
+
+ visibility?: str
+
+ vulnerabilityAlerts?: bool
+
+ webCommitSignoffRequired?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderPagesItems0:
+ r"""
+ repo github upbound io v1alpha1 repository status at provider pages items0
+
+ Attributes
+ ----------
+ buildType : str, default is Undefined, optional
+ The type of GitHub Pages site to build. Can be legacy or workflow. If you use legacy as build type you need to set the option source.
+ The type the page should be sourced.
+ cname : str, default is Undefined, optional
+ The custom domain for the repository. This can only be set after the repository has been created.
+ The custom domain for the repository. This can only be set after the repository has been created.
+ custom404 : bool, default is Undefined, optional
+ Whether the rendered GitHub Pages site has a custom 404 page.
+ Whether the rendered GitHub Pages site has a custom 404 page
+ htmlUrl : str, default is Undefined, optional
+ URL to the repository on the web.
+ URL to the repository on the web.
+ source : [RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderPagesItems0SourceItems0], default is Undefined, optional
+ The source branch and directory for the rendered Pages site. See GitHub Pages Source below for details.
+ The source branch and directory for the rendered Pages site.
+ status : str, default is Undefined, optional
+ Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
+ The GitHub Pages site's build status e.g. building or built.
+ url : str, default is Undefined, optional
+ url
+ """
+
+
+ buildType?: str
+
+ cname?: str
+
+ custom404?: bool
+
+ htmlUrl?: str
+
+ source?: [RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderPagesItems0SourceItems0]
+
+ status?: str
+
+ url?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderPagesItems0SourceItems0:
+ r"""
+ repo github upbound io v1alpha1 repository status at provider pages items0 source items0
+
+ Attributes
+ ----------
+ branch : str, default is Undefined, optional
+ The repository branch used to publish the site's source files. (i.e. main or gh-pages.
+ The repository branch used to publish the site's source files. (i.e. 'main' or 'gh-pages')
+ path : str, default is Undefined, optional
+ The repository directory from which the site publishes (Default: /).
+ The repository directory from which the site publishes (Default: '/')
+ """
+
+
+ branch?: str
+
+ path?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0:
+ r"""
+ repo github upbound io v1alpha1 repository status at provider security and analysis items0
+
+ Attributes
+ ----------
+ advancedSecurity : [RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0AdvancedSecurityItems0], default is Undefined, optional
+ The advanced security configuration for the repository. See Advanced Security Configuration below for details. If a repository's visibility is public, advanced security is always enabled and cannot be changed, so this setting cannot be supplied.
+ The advanced security configuration for the repository. If a repository's visibility is 'public', advanced security is always enabled and cannot be changed, so this setting cannot be supplied.
+ secretScanning : [RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0SecretScanningItems0], default is Undefined, optional
+ The secret scanning configuration for the repository. See Secret Scanning Configuration below for details.
+ The secret scanning configuration for the repository.
+ secretScanningPushProtection : [RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0SecretScanningPushProtectionItems0], default is Undefined, optional
+ The secret scanning push protection configuration for the repository. See Secret Scanning Push Protection Configuration below for details.
+ The secret scanning push protection configuration for the repository.
+ """
+
+
+ advancedSecurity?: [RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0AdvancedSecurityItems0]
+
+ secretScanning?: [RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0SecretScanningItems0]
+
+ secretScanningPushProtection?: [RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0SecretScanningPushProtectionItems0]
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0AdvancedSecurityItems0:
+ r"""
+ repo github upbound io v1alpha1 repository status at provider security and analysis items0 advanced security items0
+
+ Attributes
+ ----------
+ status : str, default is Undefined, optional
+ Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
+ Set to 'enabled' to enable advanced security features on the repository. Can be 'enabled' or 'disabled'.
+ """
+
+
+ status?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0SecretScanningItems0:
+ r"""
+ repo github upbound io v1alpha1 repository status at provider security and analysis items0 secret scanning items0
+
+ Attributes
+ ----------
+ status : str, default is Undefined, optional
+ Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
+ Set to 'enabled' to enable secret scanning on the repository. Can be 'enabled' or 'disabled'. If set to 'enabled', the repository's visibility must be 'public' or 'security_and_analysis[0].advanced_security[0].status' must also be set to 'enabled'.
+ """
+
+
+ status?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderSecurityAndAnalysisItems0SecretScanningPushProtectionItems0:
+ r"""
+ repo github upbound io v1alpha1 repository status at provider security and analysis items0 secret scanning push protection items0
+
+ Attributes
+ ----------
+ status : str, default is Undefined, optional
+ Set to enabled to enable secret scanning on the repository. Can be enabled or disabled. If set to enabled, the repository's visibility must be public or security_and_analysis[0].advanced_security[0].status must also be set to enabled.
+ Set to 'enabled' to enable secret scanning push protection on the repository. Can be 'enabled' or 'disabled'. If set to 'enabled', the repository's visibility must be 'public' or 'security_and_analysis[0].advanced_security[0].status' must also be set to 'enabled'.
+ """
+
+
+ status?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryStatusAtProviderTemplateItems0:
+ r"""
+ repo github upbound io v1alpha1 repository status at provider template items0
+
+ Attributes
+ ----------
+ includeAllBranches : bool, default is Undefined, optional
+ : Whether the new repository should include all the branches from the template repository (defaults to false, which includes only the default branch from the template).
+ Whether the new repository should include all the branches from the template repository (defaults to 'false', which includes only the default branch from the template).
+ owner : str, default is Undefined, optional
+ : The GitHub organization or user the template repository is owned by.
+ The GitHub organization or user the template repository is owned by.
+ repository : str, default is Undefined, optional
+ : The name of the template repository.
+ The name of the template repository.
+ """
+
+
+ includeAllBranches?: bool
+
+ owner?: str
+
+ repository?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_repository_autolink_reference.k b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_repository_autolink_reference.k
new file mode 100644
index 00000000..a79b5f38
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_repository_autolink_reference.k
@@ -0,0 +1,619 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema RepositoryAutolinkReference:
+ r"""
+ RepositoryAutolinkReference is the Schema for the RepositoryAutolinkReferences API. Creates and manages autolink references for a single repository
+
+ Attributes
+ ----------
+ apiVersion : str, default is "repo.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "RepositoryAutolinkReference", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpec, default is Undefined, required
+ spec
+ status : RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "repo.github.upbound.io/v1alpha1" = "repo.github.upbound.io/v1alpha1"
+
+ kind: "RepositoryAutolinkReference" = "RepositoryAutolinkReference"
+
+ metadata?: v1.ObjectMeta
+
+ spec: RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpec
+
+ status?: RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceStatus
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpec:
+ r"""
+ RepositoryAutolinkReferenceSpec defines the desired state of RepositoryAutolinkReference
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProvider
+
+ initProvider?: RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecWriteConnectionSecretToRef
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProvider:
+ r"""
+ repo github upbound io v1alpha1 repository autolink reference spec for provider
+
+ Attributes
+ ----------
+ isAlphanumeric : bool, default is Undefined, optional
+ Whether this autolink reference matches alphanumeric characters. If false, this autolink reference only matches numeric characters. Default is true.
+ Whether this autolink reference matches alphanumeric characters. If false, this autolink reference only matches numeric characters.
+ keyPrefix : str, default is Undefined, optional
+ This prefix appended by a number will generate a link any time it is found in an issue, pull request, or commit.
+ This prefix appended by a number will generate a link any time it is found in an issue, pull request, or commit
+ repository : str, default is Undefined, optional
+ The repository of the autolink reference.
+ The repository name
+ repositoryRef : RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ targetUrlTemplate : str, default is Undefined, optional
+ The template of the target URL used for the links; must be a valid URL and contain for the reference number
+ The template of the target URL used for the links; must be a valid URL and contain `` for the reference number
+ """
+
+
+ isAlphanumeric?: bool
+
+ keyPrefix?: str
+
+ repository?: str
+
+ repositoryRef?: RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositoryRef
+
+ repositorySelector?: RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositorySelector
+
+ targetUrlTemplate?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecForProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ isAlphanumeric : bool, default is Undefined, optional
+ Whether this autolink reference matches alphanumeric characters. If false, this autolink reference only matches numeric characters. Default is true.
+ Whether this autolink reference matches alphanumeric characters. If false, this autolink reference only matches numeric characters.
+ keyPrefix : str, default is Undefined, optional
+ This prefix appended by a number will generate a link any time it is found in an issue, pull request, or commit.
+ This prefix appended by a number will generate a link any time it is found in an issue, pull request, or commit
+ repository : str, default is Undefined, optional
+ The repository of the autolink reference.
+ The repository name
+ repositoryRef : RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ targetUrlTemplate : str, default is Undefined, optional
+ The template of the target URL used for the links; must be a valid URL and contain for the reference number
+ The template of the target URL used for the links; must be a valid URL and contain `` for the reference number
+ """
+
+
+ isAlphanumeric?: bool
+
+ keyPrefix?: str
+
+ repository?: str
+
+ repositoryRef?: RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositoryRef
+
+ repositorySelector?: RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositorySelector
+
+ targetUrlTemplate?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecInitProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecProviderConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceStatus:
+ r"""
+ RepositoryAutolinkReferenceStatus defines the observed state of RepositoryAutolinkReference.
+
+ Attributes
+ ----------
+ atProvider : RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceStatusAtProvider
+
+ conditions?: [RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceStatusAtProvider:
+ r"""
+ repo github upbound io v1alpha1 repository autolink reference status at provider
+
+ Attributes
+ ----------
+ etag : str, default is Undefined, optional
+ An etag representing the autolink reference object.
+ id : str, default is Undefined, optional
+ id
+ isAlphanumeric : bool, default is Undefined, optional
+ Whether this autolink reference matches alphanumeric characters. If false, this autolink reference only matches numeric characters. Default is true.
+ Whether this autolink reference matches alphanumeric characters. If false, this autolink reference only matches numeric characters.
+ keyPrefix : str, default is Undefined, optional
+ This prefix appended by a number will generate a link any time it is found in an issue, pull request, or commit.
+ This prefix appended by a number will generate a link any time it is found in an issue, pull request, or commit
+ repository : str, default is Undefined, optional
+ The repository of the autolink reference.
+ The repository name
+ targetUrlTemplate : str, default is Undefined, optional
+ The template of the target URL used for the links; must be a valid URL and contain for the reference number
+ The template of the target URL used for the links; must be a valid URL and contain `` for the reference number
+ """
+
+
+ etag?: str
+
+ id?: str
+
+ isAlphanumeric?: bool
+
+ keyPrefix?: str
+
+ repository?: str
+
+ targetUrlTemplate?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryAutolinkReferenceStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_repository_collaborator.k b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_repository_collaborator.k
new file mode 100644
index 00000000..5a633765
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_repository_collaborator.k
@@ -0,0 +1,626 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema RepositoryCollaborator:
+ r"""
+ RepositoryCollaborator is the Schema for the RepositoryCollaborators API. Provides a GitHub repository collaborator resource.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "repo.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "RepositoryCollaborator", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpec, default is Undefined, required
+ spec
+ status : RepoGithubUpboundIoV1alpha1RepositoryCollaboratorStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "repo.github.upbound.io/v1alpha1" = "repo.github.upbound.io/v1alpha1"
+
+ kind: "RepositoryCollaborator" = "RepositoryCollaborator"
+
+ metadata?: v1.ObjectMeta
+
+ spec: RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpec
+
+ status?: RepoGithubUpboundIoV1alpha1RepositoryCollaboratorStatus
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpec:
+ r"""
+ RepositoryCollaboratorSpec defines the desired state of RepositoryCollaborator
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProvider
+
+ initProvider?: RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecWriteConnectionSecretToRef
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProvider:
+ r"""
+ repo github upbound io v1alpha1 repository collaborator spec for provider
+
+ Attributes
+ ----------
+ permission : str, default is Undefined, optional
+ The permission of the outside collaborator for the repository.
+ Must be one of pull, push, maintain, triage or admin or the name of an existing custom repository role within the organization for organization-owned repositories.
+ Must be push for personal repositories. Defaults to push.
+ The permission of the outside collaborator for the repository. Must be one of 'pull', 'push', 'maintain', 'triage' or 'admin' or the name of an existing custom repository role within the organization for organization-owned repositories. Must be 'push' for personal repositories. Defaults to 'push'.
+ permissionDiffSuppression : bool, default is Undefined, optional
+ Suppress plan diffs for triage and maintain. Defaults to false.
+ Suppress plan diffs for triage and maintain. Defaults to 'false'.
+ repository : str, default is Undefined, optional
+ The GitHub repository
+ The GitHub repository
+ repositoryRef : RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ username : str, default is Undefined, optional
+ The user to add to the repository as a collaborator.
+ The user to add to the repository as a collaborator.
+ """
+
+
+ permission?: str
+
+ permissionDiffSuppression?: bool
+
+ repository?: str
+
+ repositoryRef?: RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositoryRef
+
+ repositorySelector?: RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositorySelector
+
+ username?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecForProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ permission : str, default is Undefined, optional
+ The permission of the outside collaborator for the repository.
+ Must be one of pull, push, maintain, triage or admin or the name of an existing custom repository role within the organization for organization-owned repositories.
+ Must be push for personal repositories. Defaults to push.
+ The permission of the outside collaborator for the repository. Must be one of 'pull', 'push', 'maintain', 'triage' or 'admin' or the name of an existing custom repository role within the organization for organization-owned repositories. Must be 'push' for personal repositories. Defaults to 'push'.
+ permissionDiffSuppression : bool, default is Undefined, optional
+ Suppress plan diffs for triage and maintain. Defaults to false.
+ Suppress plan diffs for triage and maintain. Defaults to 'false'.
+ repository : str, default is Undefined, optional
+ The GitHub repository
+ The GitHub repository
+ repositoryRef : RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ username : str, default is Undefined, optional
+ The user to add to the repository as a collaborator.
+ The user to add to the repository as a collaborator.
+ """
+
+
+ permission?: str
+
+ permissionDiffSuppression?: bool
+
+ repository?: str
+
+ repositoryRef?: RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositoryRef
+
+ repositorySelector?: RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositorySelector
+
+ username?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecInitProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecProviderConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryCollaboratorSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryCollaboratorStatus:
+ r"""
+ RepositoryCollaboratorStatus defines the observed state of RepositoryCollaborator.
+
+ Attributes
+ ----------
+ atProvider : RepoGithubUpboundIoV1alpha1RepositoryCollaboratorStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: RepoGithubUpboundIoV1alpha1RepositoryCollaboratorStatusAtProvider
+
+ conditions?: [RepoGithubUpboundIoV1alpha1RepositoryCollaboratorStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryCollaboratorStatusAtProvider:
+ r"""
+ repo github upbound io v1alpha1 repository collaborator status at provider
+
+ Attributes
+ ----------
+ id : str, default is Undefined, optional
+ id
+ invitationId : str, default is Undefined, optional
+ ID of the invitation to be used in github_user_invitation_accepter
+ ID of the invitation to be used in 'github_user_invitation_accepter'
+ permission : str, default is Undefined, optional
+ The permission of the outside collaborator for the repository.
+ Must be one of pull, push, maintain, triage or admin or the name of an existing custom repository role within the organization for organization-owned repositories.
+ Must be push for personal repositories. Defaults to push.
+ The permission of the outside collaborator for the repository. Must be one of 'pull', 'push', 'maintain', 'triage' or 'admin' or the name of an existing custom repository role within the organization for organization-owned repositories. Must be 'push' for personal repositories. Defaults to 'push'.
+ permissionDiffSuppression : bool, default is Undefined, optional
+ Suppress plan diffs for triage and maintain. Defaults to false.
+ Suppress plan diffs for triage and maintain. Defaults to 'false'.
+ repository : str, default is Undefined, optional
+ The GitHub repository
+ The GitHub repository
+ username : str, default is Undefined, optional
+ The user to add to the repository as a collaborator.
+ The user to add to the repository as a collaborator.
+ """
+
+
+ id?: str
+
+ invitationId?: str
+
+ permission?: str
+
+ permissionDiffSuppression?: bool
+
+ repository?: str
+
+ username?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryCollaboratorStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_repository_file.k b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_repository_file.k
new file mode 100644
index 00000000..e77ec971
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_repository_file.k
@@ -0,0 +1,938 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema RepositoryFile:
+ r"""
+ RepositoryFile is the Schema for the RepositoryFiles API. Creates and manages files within a GitHub repository
+
+ Attributes
+ ----------
+ apiVersion : str, default is "repo.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "RepositoryFile", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : RepoGithubUpboundIoV1alpha1RepositoryFileSpec, default is Undefined, required
+ spec
+ status : RepoGithubUpboundIoV1alpha1RepositoryFileStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "repo.github.upbound.io/v1alpha1" = "repo.github.upbound.io/v1alpha1"
+
+ kind: "RepositoryFile" = "RepositoryFile"
+
+ metadata?: v1.ObjectMeta
+
+ spec: RepoGithubUpboundIoV1alpha1RepositoryFileSpec
+
+ status?: RepoGithubUpboundIoV1alpha1RepositoryFileStatus
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpec:
+ r"""
+ RepositoryFileSpec defines the desired state of RepositoryFile
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : RepoGithubUpboundIoV1alpha1RepositoryFileSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : RepoGithubUpboundIoV1alpha1RepositoryFileSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProvider
+
+ initProvider?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecWriteConnectionSecretToRef
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProvider:
+ r"""
+ repo github upbound io v1alpha1 repository file spec for provider
+
+ Attributes
+ ----------
+ autocreateBranch : bool, default is Undefined, optional
+ Git branch (defaults to the repository's default branch).
+ The branch must already exist, it will not be created if it does not already exist.
+ Automatically create the branch if it could not be found. Subsequent reads if the branch is deleted will occur from 'autocreate_branch_source_branch'
+ autocreateBranchSourceBranch : str, default is Undefined, optional
+ Git branch (defaults to the repository's default branch).
+ The branch must already exist, it will not be created if it does not already exist.
+ The branch name to start from, if 'autocreate_branch' is set. Defaults to 'main'.
+ autocreateBranchSourceSha : str, default is Undefined, optional
+ The SHA blob of the file.
+ The commit hash to start from, if 'autocreate_branch' is set. Defaults to the tip of 'autocreate_branch_source_branch'. If provided, 'autocreate_branch_source_branch' is ignored.
+ branch : str, default is Undefined, optional
+ Git branch (defaults to the repository's default branch).
+ The branch must already exist, it will not be created if it does not already exist.
+ The branch name, defaults to the repository's default branch
+ branchRef : RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchRef, default is Undefined, optional
+ branch ref
+ branchSelector : RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchSelector, default is Undefined, optional
+ branch selector
+ commitAuthor : str, default is Undefined, optional
+ Committer author name to use. NOTE: GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App. This maybe useful when a branch protection rule requires signed commits.
+ The commit author name, defaults to the authenticated user's name. GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App.
+ commitEmail : str, default is Undefined, optional
+ Committer email address to use. NOTE: GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App. This may be useful when a branch protection rule requires signed commits.
+ The commit author email address, defaults to the authenticated user's email address. GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App.
+ commitMessage : str, default is Undefined, optional
+ The commit message when creating, updating or deleting the managed file.
+ The commit message when creating, updating or deleting the file
+ content : str, default is Undefined, optional
+ The file content.
+ The file's content
+ file : str, default is Undefined, optional
+ The path of the file to manage.
+ The file path to manage
+ overwriteOnCreate : bool, default is Undefined, optional
+ Enable overwriting existing files. If set to true it will overwrite an existing file with the same name. If set to false it will fail if there is an existing file with the same name.
+ Enable overwriting existing files, defaults to "false"
+ repository : str, default is Undefined, optional
+ The repository to create the file in.
+ The repository name
+ repositoryRef : RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ """
+
+
+ autocreateBranch?: bool
+
+ autocreateBranchSourceBranch?: str
+
+ autocreateBranchSourceSha?: str
+
+ branch?: str
+
+ branchRef?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchRef
+
+ branchSelector?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchSelector
+
+ commitAuthor?: str
+
+ commitEmail?: str
+
+ commitMessage?: str
+
+ content?: str
+
+ file?: str
+
+ overwriteOnCreate?: bool
+
+ repository?: str
+
+ repositoryRef?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositoryRef
+
+ repositorySelector?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositorySelector
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchRef:
+ r"""
+ Reference to a Branch in repo to populate branch.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchSelector:
+ r"""
+ Selector for a Branch in repo to populate branch.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchSelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderBranchSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecForProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ autocreateBranch : bool, default is Undefined, optional
+ Git branch (defaults to the repository's default branch).
+ The branch must already exist, it will not be created if it does not already exist.
+ Automatically create the branch if it could not be found. Subsequent reads if the branch is deleted will occur from 'autocreate_branch_source_branch'
+ autocreateBranchSourceBranch : str, default is Undefined, optional
+ Git branch (defaults to the repository's default branch).
+ The branch must already exist, it will not be created if it does not already exist.
+ The branch name to start from, if 'autocreate_branch' is set. Defaults to 'main'.
+ autocreateBranchSourceSha : str, default is Undefined, optional
+ The SHA blob of the file.
+ The commit hash to start from, if 'autocreate_branch' is set. Defaults to the tip of 'autocreate_branch_source_branch'. If provided, 'autocreate_branch_source_branch' is ignored.
+ branch : str, default is Undefined, optional
+ Git branch (defaults to the repository's default branch).
+ The branch must already exist, it will not be created if it does not already exist.
+ The branch name, defaults to the repository's default branch
+ branchRef : RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchRef, default is Undefined, optional
+ branch ref
+ branchSelector : RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchSelector, default is Undefined, optional
+ branch selector
+ commitAuthor : str, default is Undefined, optional
+ Committer author name to use. NOTE: GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App. This maybe useful when a branch protection rule requires signed commits.
+ The commit author name, defaults to the authenticated user's name. GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App.
+ commitEmail : str, default is Undefined, optional
+ Committer email address to use. NOTE: GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App. This may be useful when a branch protection rule requires signed commits.
+ The commit author email address, defaults to the authenticated user's email address. GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App.
+ commitMessage : str, default is Undefined, optional
+ The commit message when creating, updating or deleting the managed file.
+ The commit message when creating, updating or deleting the file
+ content : str, default is Undefined, optional
+ The file content.
+ The file's content
+ file : str, default is Undefined, optional
+ The path of the file to manage.
+ The file path to manage
+ overwriteOnCreate : bool, default is Undefined, optional
+ Enable overwriting existing files. If set to true it will overwrite an existing file with the same name. If set to false it will fail if there is an existing file with the same name.
+ Enable overwriting existing files, defaults to "false"
+ repository : str, default is Undefined, optional
+ The repository to create the file in.
+ The repository name
+ repositoryRef : RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ """
+
+
+ autocreateBranch?: bool
+
+ autocreateBranchSourceBranch?: str
+
+ autocreateBranchSourceSha?: str
+
+ branch?: str
+
+ branchRef?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchRef
+
+ branchSelector?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchSelector
+
+ commitAuthor?: str
+
+ commitEmail?: str
+
+ commitMessage?: str
+
+ content?: str
+
+ file?: str
+
+ overwriteOnCreate?: bool
+
+ repository?: str
+
+ repositoryRef?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositoryRef
+
+ repositorySelector?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositorySelector
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchRef:
+ r"""
+ Reference to a Branch in repo to populate branch.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchSelector:
+ r"""
+ Selector for a Branch in repo to populate branch.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchSelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderBranchSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecInitProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryFileSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecProviderConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileStatus:
+ r"""
+ RepositoryFileStatus defines the observed state of RepositoryFile.
+
+ Attributes
+ ----------
+ atProvider : RepoGithubUpboundIoV1alpha1RepositoryFileStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [RepoGithubUpboundIoV1alpha1RepositoryFileStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: RepoGithubUpboundIoV1alpha1RepositoryFileStatusAtProvider
+
+ conditions?: [RepoGithubUpboundIoV1alpha1RepositoryFileStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileStatusAtProvider:
+ r"""
+ repo github upbound io v1alpha1 repository file status at provider
+
+ Attributes
+ ----------
+ autocreateBranch : bool, default is Undefined, optional
+ Git branch (defaults to the repository's default branch).
+ The branch must already exist, it will not be created if it does not already exist.
+ Automatically create the branch if it could not be found. Subsequent reads if the branch is deleted will occur from 'autocreate_branch_source_branch'
+ autocreateBranchSourceBranch : str, default is Undefined, optional
+ Git branch (defaults to the repository's default branch).
+ The branch must already exist, it will not be created if it does not already exist.
+ The branch name to start from, if 'autocreate_branch' is set. Defaults to 'main'.
+ autocreateBranchSourceSha : str, default is Undefined, optional
+ The SHA blob of the file.
+ The commit hash to start from, if 'autocreate_branch' is set. Defaults to the tip of 'autocreate_branch_source_branch'. If provided, 'autocreate_branch_source_branch' is ignored.
+ branch : str, default is Undefined, optional
+ Git branch (defaults to the repository's default branch).
+ The branch must already exist, it will not be created if it does not already exist.
+ The branch name, defaults to the repository's default branch
+ commitAuthor : str, default is Undefined, optional
+ Committer author name to use. NOTE: GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App. This maybe useful when a branch protection rule requires signed commits.
+ The commit author name, defaults to the authenticated user's name. GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App.
+ commitEmail : str, default is Undefined, optional
+ Committer email address to use. NOTE: GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App. This may be useful when a branch protection rule requires signed commits.
+ The commit author email address, defaults to the authenticated user's email address. GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App.
+ commitMessage : str, default is Undefined, optional
+ The commit message when creating, updating or deleting the managed file.
+ The commit message when creating, updating or deleting the file
+ commitSha : str, default is Undefined, optional
+ The SHA of the commit that modified the file.
+ The SHA of the commit that modified the file
+ content : str, default is Undefined, optional
+ The file content.
+ The file's content
+ file : str, default is Undefined, optional
+ The path of the file to manage.
+ The file path to manage
+ id : str, default is Undefined, optional
+ id
+ overwriteOnCreate : bool, default is Undefined, optional
+ Enable overwriting existing files. If set to true it will overwrite an existing file with the same name. If set to false it will fail if there is an existing file with the same name.
+ Enable overwriting existing files, defaults to "false"
+ ref : str, default is Undefined, optional
+ The name of the commit/branch/tag.
+ The name of the commit/branch/tag
+ repository : str, default is Undefined, optional
+ The repository to create the file in.
+ The repository name
+ sha : str, default is Undefined, optional
+ The SHA blob of the file.
+ The blob SHA of the file
+ """
+
+
+ autocreateBranch?: bool
+
+ autocreateBranchSourceBranch?: str
+
+ autocreateBranchSourceSha?: str
+
+ branch?: str
+
+ commitAuthor?: str
+
+ commitEmail?: str
+
+ commitMessage?: str
+
+ commitSha?: str
+
+ content?: str
+
+ file?: str
+
+ id?: str
+
+ overwriteOnCreate?: bool
+
+ ref?: str
+
+ repository?: str
+
+ sha?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryFileStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_repository_ruleset.k b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_repository_ruleset.k
new file mode 100644
index 00000000..c08d191e
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_repository_ruleset.k
@@ -0,0 +1,1826 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema RepositoryRuleset:
+ r"""
+ RepositoryRuleset is the Schema for the RepositoryRulesets API. Creates a GitHub repository ruleset.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "repo.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "RepositoryRuleset", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : RepoGithubUpboundIoV1alpha1RepositoryRulesetSpec, default is Undefined, required
+ spec
+ status : RepoGithubUpboundIoV1alpha1RepositoryRulesetStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "repo.github.upbound.io/v1alpha1" = "repo.github.upbound.io/v1alpha1"
+
+ kind: "RepositoryRuleset" = "RepositoryRuleset"
+
+ metadata?: v1.ObjectMeta
+
+ spec: RepoGithubUpboundIoV1alpha1RepositoryRulesetSpec
+
+ status?: RepoGithubUpboundIoV1alpha1RepositoryRulesetStatus
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpec:
+ r"""
+ RepositoryRulesetSpec defines the desired state of RepositoryRuleset
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProvider
+
+ initProvider?: RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecWriteConnectionSecretToRef
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProvider:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec for provider
+
+ Attributes
+ ----------
+ bypassActors : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderBypassActorsItems0], default is Undefined, optional
+ (Block List) The actors that can bypass the rules in this ruleset. (see below for nested schema)
+ The actors that can bypass the rules in this ruleset.
+ conditions : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderConditionsItems0], default is Undefined, optional
+ (Block List, Max: 1) Parameters for a repository ruleset ref name condition. (see below for nested schema)
+ Parameters for a repository ruleset ref name condition.
+ enforcement : str, default is Undefined, optional
+ (String) Possible values for Enforcement are disabled, active, evaluate. Note: evaluate is currently only supported for owners of type organization.
+ Possible values for Enforcement are `disabled`, `active`, `evaluate`. Note: `evaluate` is currently only supported for owners of type `organization`.
+ name : str, default is Undefined, optional
+ (String) The name of the ruleset.
+ The name of the ruleset.
+ repository : str, default is Undefined, optional
+ (String) Name of the repository to apply rulset to.
+ Name of the repository to apply rulset to.
+ repositoryRef : RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ rules : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0], default is Undefined, optional
+ (Block List, Min: 1, Max: 1) Rules within the ruleset. (see below for nested schema)
+ Rules within the ruleset.
+ target : str, default is Undefined, optional
+ (String) Possible values are branch and tag.
+ Possible values are `branch` and `tag`.
+ """
+
+
+ bypassActors?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderBypassActorsItems0]
+
+ conditions?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderConditionsItems0]
+
+ enforcement?: str
+
+ name?: str
+
+ repository?: str
+
+ repositoryRef?: RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositoryRef
+
+ repositorySelector?: RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositorySelector
+
+ rules?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0]
+
+ target?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderBypassActorsItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec for provider bypass actors items0
+
+ Attributes
+ ----------
+ actorId : int, default is Undefined, optional
+ (Number) The ID of the actor that can bypass a ruleset.
+ The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`.
+ actorType : str, default is Undefined, optional
+ (String) The type of actor that can bypass a ruleset. Can be one of: RepositoryRole, Team, Integration, OrganizationAdmin.
+ The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.
+ bypassMode : str, default is Undefined, optional
+ (String) When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: always, pull_request.
+ When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.
+ """
+
+
+ actorId?: int
+
+ actorType?: str
+
+ bypassMode?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderConditionsItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec for provider conditions items0
+
+ Attributes
+ ----------
+ refName : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderConditionsItems0RefNameItems0], default is Undefined, optional
+ (Block List, Min: 1, Max: 1) (see below for nested schema)
+ """
+
+
+ refName?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderConditionsItems0RefNameItems0]
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderConditionsItems0RefNameItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec for provider conditions items0 ref name items0
+
+ Attributes
+ ----------
+ exclude : [str], default is Undefined, optional
+ (List of String) Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.
+ Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.
+ include : [str], default is Undefined, optional
+ (List of String) Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts ~DEFAULT_BRANCH to include the default branch or ~ALL to include all branches.
+ Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.
+ """
+
+
+ exclude?: [str]
+
+ include?: [str]
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec for provider rules items0
+
+ Attributes
+ ----------
+ branchNamePattern : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0BranchNamePatternItems0], default is Undefined, optional
+ (Block List, Max: 1) Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with tag_name_pattern as it only applied to rulesets with target branch. (see below for nested schema)
+ Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `tag_name_pattern` as it only applies to rulesets with target `branch`.
+ commitAuthorEmailPattern : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0CommitAuthorEmailPatternItems0], default is Undefined, optional
+ (Block List, Max: 1) Parameters to be used for the commit_author_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
+ Parameters to be used for the commit_author_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.
+ commitMessagePattern : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0CommitMessagePatternItems0], default is Undefined, optional
+ (Block List, Max: 1) Parameters to be used for the commit_message_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
+ Parameters to be used for the commit_message_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.
+ committerEmailPattern : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0CommitterEmailPatternItems0], default is Undefined, optional
+ (Block List, Max: 1) Parameters to be used for the committer_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
+ Parameters to be used for the committer_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.
+ creation : bool, default is Undefined, optional
+ (Boolean) Only allow users with bypass permission to create matching refs.
+ Only allow users with bypass permission to create matching refs.
+ deletion : bool, default is Undefined, optional
+ (Boolean) Only allow users with bypass permissions to delete matching refs.
+ Only allow users with bypass permissions to delete matching refs.
+ nonFastForward : bool, default is Undefined, optional
+ (Boolean) Prevent users with push access from force pushing to branches.
+ Prevent users with push access from force pushing to branches.
+ pullRequest : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0PullRequestItems0], default is Undefined, optional
+ (Block List, Max: 1) Require all commits be made to a non-target branch and submitted via a pull request before they can be merged. (see below for nested schema)
+ Require all commits be made to a non-target branch and submitted via a pull request before they can be merged.
+ requiredDeployments : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0RequiredDeploymentsItems0], default is Undefined, optional
+ (Block List, Max: 1) Choose which environments must be successfully deployed to before branches can be merged into a branch that matches this rule. (see below for nested schema)
+ Choose which environments must be successfully deployed to before branches can be merged into a branch that matches this rule.
+ requiredLinearHistory : bool, default is Undefined, optional
+ (Boolean) Prevent merge commits from being pushed to matching branches.
+ Prevent merge commits from being pushed to matching branches.
+ requiredSignatures : bool, default is Undefined, optional
+ (Boolean) Commits pushed to matching branches must have verified signatures.
+ Commits pushed to matching branches must have verified signatures.
+ requiredStatusChecks : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0], default is Undefined, optional
+ (Block List, Max: 1) Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed. (see below for nested schema)
+ Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed.
+ tagNamePattern : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0TagNamePatternItems0], default is Undefined, optional
+ (Block List, Max: 1) Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with branch_name_pattern as it only applied to rulesets with target tag. (see below for nested schema)
+ Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `branch_name_pattern` as it only applies to rulesets with target `tag`.
+ update : bool, default is Undefined, optional
+ (Boolean) Only allow users with bypass permission to update matching refs.
+ Only allow users with bypass permission to update matching refs.
+ updateAllowsFetchAndMerge : bool, default is Undefined, optional
+ (Boolean) Branch can pull changes from its upstream repository. This is only applicable to forked repositories. Requires update to be set to true. Note: behaviour is affected by a known bug on the GitHub side which may cause issues when using this parameter.
+ Branch can pull changes from its upstream repository. This is only applicable to forked repositories. Requires `update` to be set to `true`.
+ """
+
+
+ branchNamePattern?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0BranchNamePatternItems0]
+
+ commitAuthorEmailPattern?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0CommitAuthorEmailPatternItems0]
+
+ commitMessagePattern?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0CommitMessagePatternItems0]
+
+ committerEmailPattern?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0CommitterEmailPatternItems0]
+
+ creation?: bool
+
+ deletion?: bool
+
+ nonFastForward?: bool
+
+ pullRequest?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0PullRequestItems0]
+
+ requiredDeployments?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0RequiredDeploymentsItems0]
+
+ requiredLinearHistory?: bool
+
+ requiredSignatures?: bool
+
+ requiredStatusChecks?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0]
+
+ tagNamePattern?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0TagNamePatternItems0]
+
+ update?: bool
+
+ updateAllowsFetchAndMerge?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0BranchNamePatternItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec for provider rules items0 branch name pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ (String) The pattern to match with.
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0CommitAuthorEmailPatternItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec for provider rules items0 commit author email pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ (String) The pattern to match with.
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0CommitMessagePatternItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec for provider rules items0 commit message pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ (String) The pattern to match with.
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0CommitterEmailPatternItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec for provider rules items0 committer email pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ (String) The pattern to match with.
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0PullRequestItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec for provider rules items0 pull request items0
+
+ Attributes
+ ----------
+ dismissStaleReviewsOnPush : bool, default is Undefined, optional
+ (Boolean) New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to false.
+ New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to `false`.
+ requireCodeOwnerReview : bool, default is Undefined, optional
+ (Boolean) Require an approving review in pull requests that modify files that have a designated code owner. Defaults to false.
+ Require an approving review in pull requests that modify files that have a designated code owner. Defaults to `false`.
+ requireLastPushApproval : bool, default is Undefined, optional
+ (Boolean) Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to false.
+ Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to `false`.
+ requiredApprovingReviewCount : int, default is Undefined, optional
+ (Number) The number of approving reviews that are required before a pull request can be merged. Defaults to 0.
+ The number of approving reviews that are required before a pull request can be merged. Defaults to `0`.
+ requiredReviewThreadResolution : bool, default is Undefined, optional
+ (Boolean) All conversations on code must be resolved before a pull request can be merged. Defaults to false.
+ All conversations on code must be resolved before a pull request can be merged. Defaults to `false`.
+ """
+
+
+ dismissStaleReviewsOnPush?: bool
+
+ requireCodeOwnerReview?: bool
+
+ requireLastPushApproval?: bool
+
+ requiredApprovingReviewCount?: int
+
+ requiredReviewThreadResolution?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0RequiredDeploymentsItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec for provider rules items0 required deployments items0
+
+ Attributes
+ ----------
+ requiredDeploymentEnvironments : [str], default is Undefined, optional
+ (List of String) The environments that must be successfully deployed to before branches can be merged.
+ The environments that must be successfully deployed to before branches can be merged.
+ """
+
+
+ requiredDeploymentEnvironments?: [str]
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec for provider rules items0 required status checks items0
+
+ Attributes
+ ----------
+ requiredCheck : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0], default is Undefined, optional
+ (Block Set, Min: 1) Status checks that are required. Several can be defined. (see below for nested schema)
+ Status checks that are required. Several can be defined.
+ strictRequiredStatusChecksPolicy : bool, default is Undefined, optional
+ (Boolean) Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to false.
+ Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to `false`.
+ """
+
+
+ requiredCheck?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0]
+
+ strictRequiredStatusChecksPolicy?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec for provider rules items0 required status checks items0 required check items0
+
+ Attributes
+ ----------
+ context : str, default is Undefined, optional
+ (String) The status check context name that must be present on the commit.
+ The status check context name that must be present on the commit.
+ integrationId : int, default is Undefined, optional
+ (Number) The optional integration ID that this status check must originate from.
+ The optional integration ID that this status check must originate from.
+ """
+
+
+ context?: str
+
+ integrationId?: int
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecForProviderRulesItems0TagNamePatternItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec for provider rules items0 tag name pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ (String) The pattern to match with.
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ bypassActors : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderBypassActorsItems0], default is Undefined, optional
+ (Block List) The actors that can bypass the rules in this ruleset. (see below for nested schema)
+ The actors that can bypass the rules in this ruleset.
+ conditions : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderConditionsItems0], default is Undefined, optional
+ (Block List, Max: 1) Parameters for a repository ruleset ref name condition. (see below for nested schema)
+ Parameters for a repository ruleset ref name condition.
+ enforcement : str, default is Undefined, optional
+ (String) Possible values for Enforcement are disabled, active, evaluate. Note: evaluate is currently only supported for owners of type organization.
+ Possible values for Enforcement are `disabled`, `active`, `evaluate`. Note: `evaluate` is currently only supported for owners of type `organization`.
+ name : str, default is Undefined, optional
+ (String) The name of the ruleset.
+ The name of the ruleset.
+ repository : str, default is Undefined, optional
+ (String) Name of the repository to apply rulset to.
+ Name of the repository to apply rulset to.
+ repositoryRef : RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ rules : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0], default is Undefined, optional
+ (Block List, Min: 1, Max: 1) Rules within the ruleset. (see below for nested schema)
+ Rules within the ruleset.
+ target : str, default is Undefined, optional
+ (String) Possible values are branch and tag.
+ Possible values are `branch` and `tag`.
+ """
+
+
+ bypassActors?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderBypassActorsItems0]
+
+ conditions?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderConditionsItems0]
+
+ enforcement?: str
+
+ name?: str
+
+ repository?: str
+
+ repositoryRef?: RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositoryRef
+
+ repositorySelector?: RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositorySelector
+
+ rules?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0]
+
+ target?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderBypassActorsItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec init provider bypass actors items0
+
+ Attributes
+ ----------
+ actorId : int, default is Undefined, optional
+ (Number) The ID of the actor that can bypass a ruleset.
+ The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`.
+ actorType : str, default is Undefined, optional
+ (String) The type of actor that can bypass a ruleset. Can be one of: RepositoryRole, Team, Integration, OrganizationAdmin.
+ The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.
+ bypassMode : str, default is Undefined, optional
+ (String) When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: always, pull_request.
+ When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.
+ """
+
+
+ actorId?: int
+
+ actorType?: str
+
+ bypassMode?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderConditionsItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec init provider conditions items0
+
+ Attributes
+ ----------
+ refName : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderConditionsItems0RefNameItems0], default is Undefined, optional
+ (Block List, Min: 1, Max: 1) (see below for nested schema)
+ """
+
+
+ refName?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderConditionsItems0RefNameItems0]
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderConditionsItems0RefNameItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec init provider conditions items0 ref name items0
+
+ Attributes
+ ----------
+ exclude : [str], default is Undefined, optional
+ (List of String) Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.
+ Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.
+ include : [str], default is Undefined, optional
+ (List of String) Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts ~DEFAULT_BRANCH to include the default branch or ~ALL to include all branches.
+ Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.
+ """
+
+
+ exclude?: [str]
+
+ include?: [str]
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec init provider rules items0
+
+ Attributes
+ ----------
+ branchNamePattern : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0BranchNamePatternItems0], default is Undefined, optional
+ (Block List, Max: 1) Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with tag_name_pattern as it only applied to rulesets with target branch. (see below for nested schema)
+ Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `tag_name_pattern` as it only applies to rulesets with target `branch`.
+ commitAuthorEmailPattern : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0CommitAuthorEmailPatternItems0], default is Undefined, optional
+ (Block List, Max: 1) Parameters to be used for the commit_author_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
+ Parameters to be used for the commit_author_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.
+ commitMessagePattern : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0CommitMessagePatternItems0], default is Undefined, optional
+ (Block List, Max: 1) Parameters to be used for the commit_message_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
+ Parameters to be used for the commit_message_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.
+ committerEmailPattern : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0CommitterEmailPatternItems0], default is Undefined, optional
+ (Block List, Max: 1) Parameters to be used for the committer_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
+ Parameters to be used for the committer_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.
+ creation : bool, default is Undefined, optional
+ (Boolean) Only allow users with bypass permission to create matching refs.
+ Only allow users with bypass permission to create matching refs.
+ deletion : bool, default is Undefined, optional
+ (Boolean) Only allow users with bypass permissions to delete matching refs.
+ Only allow users with bypass permissions to delete matching refs.
+ nonFastForward : bool, default is Undefined, optional
+ (Boolean) Prevent users with push access from force pushing to branches.
+ Prevent users with push access from force pushing to branches.
+ pullRequest : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0PullRequestItems0], default is Undefined, optional
+ (Block List, Max: 1) Require all commits be made to a non-target branch and submitted via a pull request before they can be merged. (see below for nested schema)
+ Require all commits be made to a non-target branch and submitted via a pull request before they can be merged.
+ requiredDeployments : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0RequiredDeploymentsItems0], default is Undefined, optional
+ (Block List, Max: 1) Choose which environments must be successfully deployed to before branches can be merged into a branch that matches this rule. (see below for nested schema)
+ Choose which environments must be successfully deployed to before branches can be merged into a branch that matches this rule.
+ requiredLinearHistory : bool, default is Undefined, optional
+ (Boolean) Prevent merge commits from being pushed to matching branches.
+ Prevent merge commits from being pushed to matching branches.
+ requiredSignatures : bool, default is Undefined, optional
+ (Boolean) Commits pushed to matching branches must have verified signatures.
+ Commits pushed to matching branches must have verified signatures.
+ requiredStatusChecks : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0], default is Undefined, optional
+ (Block List, Max: 1) Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed. (see below for nested schema)
+ Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed.
+ tagNamePattern : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0TagNamePatternItems0], default is Undefined, optional
+ (Block List, Max: 1) Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with branch_name_pattern as it only applied to rulesets with target tag. (see below for nested schema)
+ Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `branch_name_pattern` as it only applies to rulesets with target `tag`.
+ update : bool, default is Undefined, optional
+ (Boolean) Only allow users with bypass permission to update matching refs.
+ Only allow users with bypass permission to update matching refs.
+ updateAllowsFetchAndMerge : bool, default is Undefined, optional
+ (Boolean) Branch can pull changes from its upstream repository. This is only applicable to forked repositories. Requires update to be set to true. Note: behaviour is affected by a known bug on the GitHub side which may cause issues when using this parameter.
+ Branch can pull changes from its upstream repository. This is only applicable to forked repositories. Requires `update` to be set to `true`.
+ """
+
+
+ branchNamePattern?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0BranchNamePatternItems0]
+
+ commitAuthorEmailPattern?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0CommitAuthorEmailPatternItems0]
+
+ commitMessagePattern?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0CommitMessagePatternItems0]
+
+ committerEmailPattern?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0CommitterEmailPatternItems0]
+
+ creation?: bool
+
+ deletion?: bool
+
+ nonFastForward?: bool
+
+ pullRequest?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0PullRequestItems0]
+
+ requiredDeployments?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0RequiredDeploymentsItems0]
+
+ requiredLinearHistory?: bool
+
+ requiredSignatures?: bool
+
+ requiredStatusChecks?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0]
+
+ tagNamePattern?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0TagNamePatternItems0]
+
+ update?: bool
+
+ updateAllowsFetchAndMerge?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0BranchNamePatternItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec init provider rules items0 branch name pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ (String) The pattern to match with.
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0CommitAuthorEmailPatternItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec init provider rules items0 commit author email pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ (String) The pattern to match with.
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0CommitMessagePatternItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec init provider rules items0 commit message pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ (String) The pattern to match with.
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0CommitterEmailPatternItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec init provider rules items0 committer email pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ (String) The pattern to match with.
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0PullRequestItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec init provider rules items0 pull request items0
+
+ Attributes
+ ----------
+ dismissStaleReviewsOnPush : bool, default is Undefined, optional
+ (Boolean) New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to false.
+ New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to `false`.
+ requireCodeOwnerReview : bool, default is Undefined, optional
+ (Boolean) Require an approving review in pull requests that modify files that have a designated code owner. Defaults to false.
+ Require an approving review in pull requests that modify files that have a designated code owner. Defaults to `false`.
+ requireLastPushApproval : bool, default is Undefined, optional
+ (Boolean) Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to false.
+ Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to `false`.
+ requiredApprovingReviewCount : int, default is Undefined, optional
+ (Number) The number of approving reviews that are required before a pull request can be merged. Defaults to 0.
+ The number of approving reviews that are required before a pull request can be merged. Defaults to `0`.
+ requiredReviewThreadResolution : bool, default is Undefined, optional
+ (Boolean) All conversations on code must be resolved before a pull request can be merged. Defaults to false.
+ All conversations on code must be resolved before a pull request can be merged. Defaults to `false`.
+ """
+
+
+ dismissStaleReviewsOnPush?: bool
+
+ requireCodeOwnerReview?: bool
+
+ requireLastPushApproval?: bool
+
+ requiredApprovingReviewCount?: int
+
+ requiredReviewThreadResolution?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0RequiredDeploymentsItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec init provider rules items0 required deployments items0
+
+ Attributes
+ ----------
+ requiredDeploymentEnvironments : [str], default is Undefined, optional
+ (List of String) The environments that must be successfully deployed to before branches can be merged.
+ The environments that must be successfully deployed to before branches can be merged.
+ """
+
+
+ requiredDeploymentEnvironments?: [str]
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec init provider rules items0 required status checks items0
+
+ Attributes
+ ----------
+ requiredCheck : [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0], default is Undefined, optional
+ (Block Set, Min: 1) Status checks that are required. Several can be defined. (see below for nested schema)
+ Status checks that are required. Several can be defined.
+ strictRequiredStatusChecksPolicy : bool, default is Undefined, optional
+ (Boolean) Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to false.
+ Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to `false`.
+ """
+
+
+ requiredCheck?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0]
+
+ strictRequiredStatusChecksPolicy?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec init provider rules items0 required status checks items0 required check items0
+
+ Attributes
+ ----------
+ context : str, default is Undefined, optional
+ (String) The status check context name that must be present on the commit.
+ The status check context name that must be present on the commit.
+ integrationId : int, default is Undefined, optional
+ (Number) The optional integration ID that this status check must originate from.
+ The optional integration ID that this status check must originate from.
+ """
+
+
+ context?: str
+
+ integrationId?: int
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecInitProviderRulesItems0TagNamePatternItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset spec init provider rules items0 tag name pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ (String) The pattern to match with.
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecProviderConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetStatus:
+ r"""
+ RepositoryRulesetStatus defines the observed state of RepositoryRuleset.
+
+ Attributes
+ ----------
+ atProvider : RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProvider
+
+ conditions?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProvider:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset status at provider
+
+ Attributes
+ ----------
+ bypassActors : [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderBypassActorsItems0], default is Undefined, optional
+ (Block List) The actors that can bypass the rules in this ruleset. (see below for nested schema)
+ The actors that can bypass the rules in this ruleset.
+ conditions : [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderConditionsItems0], default is Undefined, optional
+ (Block List, Max: 1) Parameters for a repository ruleset ref name condition. (see below for nested schema)
+ Parameters for a repository ruleset ref name condition.
+ enforcement : str, default is Undefined, optional
+ (String) Possible values for Enforcement are disabled, active, evaluate. Note: evaluate is currently only supported for owners of type organization.
+ Possible values for Enforcement are `disabled`, `active`, `evaluate`. Note: `evaluate` is currently only supported for owners of type `organization`.
+ etag : str, default is Undefined, optional
+ (String)
+ id : str, default is Undefined, optional
+ id
+ name : str, default is Undefined, optional
+ (String) The name of the ruleset.
+ The name of the ruleset.
+ nodeId : str, default is Undefined, optional
+ (String) GraphQL global node id for use with v4 API.
+ GraphQL global node id for use with v4 API.
+ repository : str, default is Undefined, optional
+ (String) Name of the repository to apply rulset to.
+ Name of the repository to apply rulset to.
+ rules : [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0], default is Undefined, optional
+ (Block List, Min: 1, Max: 1) Rules within the ruleset. (see below for nested schema)
+ Rules within the ruleset.
+ rulesetId : int, default is Undefined, optional
+ (Number) GitHub ID for the ruleset.
+ GitHub ID for the ruleset.
+ target : str, default is Undefined, optional
+ (String) Possible values are branch and tag.
+ Possible values are `branch` and `tag`.
+ """
+
+
+ bypassActors?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderBypassActorsItems0]
+
+ conditions?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderConditionsItems0]
+
+ enforcement?: str
+
+ etag?: str
+
+ id?: str
+
+ name?: str
+
+ nodeId?: str
+
+ repository?: str
+
+ rules?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0]
+
+ rulesetId?: int
+
+ target?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderBypassActorsItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset status at provider bypass actors items0
+
+ Attributes
+ ----------
+ actorId : int, default is Undefined, optional
+ (Number) The ID of the actor that can bypass a ruleset.
+ The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`.
+ actorType : str, default is Undefined, optional
+ (String) The type of actor that can bypass a ruleset. Can be one of: RepositoryRole, Team, Integration, OrganizationAdmin.
+ The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.
+ bypassMode : str, default is Undefined, optional
+ (String) When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: always, pull_request.
+ When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.
+ """
+
+
+ actorId?: int
+
+ actorType?: str
+
+ bypassMode?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderConditionsItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset status at provider conditions items0
+
+ Attributes
+ ----------
+ refName : [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderConditionsItems0RefNameItems0], default is Undefined, optional
+ (Block List, Min: 1, Max: 1) (see below for nested schema)
+ """
+
+
+ refName?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderConditionsItems0RefNameItems0]
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderConditionsItems0RefNameItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset status at provider conditions items0 ref name items0
+
+ Attributes
+ ----------
+ exclude : [str], default is Undefined, optional
+ (List of String) Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.
+ Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.
+ include : [str], default is Undefined, optional
+ (List of String) Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts ~DEFAULT_BRANCH to include the default branch or ~ALL to include all branches.
+ Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.
+ """
+
+
+ exclude?: [str]
+
+ include?: [str]
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset status at provider rules items0
+
+ Attributes
+ ----------
+ branchNamePattern : [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0BranchNamePatternItems0], default is Undefined, optional
+ (Block List, Max: 1) Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with tag_name_pattern as it only applied to rulesets with target branch. (see below for nested schema)
+ Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `tag_name_pattern` as it only applies to rulesets with target `branch`.
+ commitAuthorEmailPattern : [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0CommitAuthorEmailPatternItems0], default is Undefined, optional
+ (Block List, Max: 1) Parameters to be used for the commit_author_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
+ Parameters to be used for the commit_author_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.
+ commitMessagePattern : [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0CommitMessagePatternItems0], default is Undefined, optional
+ (Block List, Max: 1) Parameters to be used for the commit_message_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
+ Parameters to be used for the commit_message_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.
+ committerEmailPattern : [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0CommitterEmailPatternItems0], default is Undefined, optional
+ (Block List, Max: 1) Parameters to be used for the committer_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see below for nested schema)
+ Parameters to be used for the committer_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations.
+ creation : bool, default is Undefined, optional
+ (Boolean) Only allow users with bypass permission to create matching refs.
+ Only allow users with bypass permission to create matching refs.
+ deletion : bool, default is Undefined, optional
+ (Boolean) Only allow users with bypass permissions to delete matching refs.
+ Only allow users with bypass permissions to delete matching refs.
+ nonFastForward : bool, default is Undefined, optional
+ (Boolean) Prevent users with push access from force pushing to branches.
+ Prevent users with push access from force pushing to branches.
+ pullRequest : [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0PullRequestItems0], default is Undefined, optional
+ (Block List, Max: 1) Require all commits be made to a non-target branch and submitted via a pull request before they can be merged. (see below for nested schema)
+ Require all commits be made to a non-target branch and submitted via a pull request before they can be merged.
+ requiredDeployments : [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0RequiredDeploymentsItems0], default is Undefined, optional
+ (Block List, Max: 1) Choose which environments must be successfully deployed to before branches can be merged into a branch that matches this rule. (see below for nested schema)
+ Choose which environments must be successfully deployed to before branches can be merged into a branch that matches this rule.
+ requiredLinearHistory : bool, default is Undefined, optional
+ (Boolean) Prevent merge commits from being pushed to matching branches.
+ Prevent merge commits from being pushed to matching branches.
+ requiredSignatures : bool, default is Undefined, optional
+ (Boolean) Commits pushed to matching branches must have verified signatures.
+ Commits pushed to matching branches must have verified signatures.
+ requiredStatusChecks : [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0], default is Undefined, optional
+ (Block List, Max: 1) Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed. (see below for nested schema)
+ Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed.
+ tagNamePattern : [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0TagNamePatternItems0], default is Undefined, optional
+ (Block List, Max: 1) Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with branch_name_pattern as it only applied to rulesets with target tag. (see below for nested schema)
+ Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `branch_name_pattern` as it only applies to rulesets with target `tag`.
+ update : bool, default is Undefined, optional
+ (Boolean) Only allow users with bypass permission to update matching refs.
+ Only allow users with bypass permission to update matching refs.
+ updateAllowsFetchAndMerge : bool, default is Undefined, optional
+ (Boolean) Branch can pull changes from its upstream repository. This is only applicable to forked repositories. Requires update to be set to true. Note: behaviour is affected by a known bug on the GitHub side which may cause issues when using this parameter.
+ Branch can pull changes from its upstream repository. This is only applicable to forked repositories. Requires `update` to be set to `true`.
+ """
+
+
+ branchNamePattern?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0BranchNamePatternItems0]
+
+ commitAuthorEmailPattern?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0CommitAuthorEmailPatternItems0]
+
+ commitMessagePattern?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0CommitMessagePatternItems0]
+
+ committerEmailPattern?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0CommitterEmailPatternItems0]
+
+ creation?: bool
+
+ deletion?: bool
+
+ nonFastForward?: bool
+
+ pullRequest?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0PullRequestItems0]
+
+ requiredDeployments?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0RequiredDeploymentsItems0]
+
+ requiredLinearHistory?: bool
+
+ requiredSignatures?: bool
+
+ requiredStatusChecks?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0]
+
+ tagNamePattern?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0TagNamePatternItems0]
+
+ update?: bool
+
+ updateAllowsFetchAndMerge?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0BranchNamePatternItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset status at provider rules items0 branch name pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ (String) The pattern to match with.
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0CommitAuthorEmailPatternItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset status at provider rules items0 commit author email pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ (String) The pattern to match with.
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0CommitMessagePatternItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset status at provider rules items0 commit message pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ (String) The pattern to match with.
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0CommitterEmailPatternItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset status at provider rules items0 committer email pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ (String) The pattern to match with.
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0PullRequestItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset status at provider rules items0 pull request items0
+
+ Attributes
+ ----------
+ dismissStaleReviewsOnPush : bool, default is Undefined, optional
+ (Boolean) New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to false.
+ New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to `false`.
+ requireCodeOwnerReview : bool, default is Undefined, optional
+ (Boolean) Require an approving review in pull requests that modify files that have a designated code owner. Defaults to false.
+ Require an approving review in pull requests that modify files that have a designated code owner. Defaults to `false`.
+ requireLastPushApproval : bool, default is Undefined, optional
+ (Boolean) Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to false.
+ Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to `false`.
+ requiredApprovingReviewCount : int, default is Undefined, optional
+ (Number) The number of approving reviews that are required before a pull request can be merged. Defaults to 0.
+ The number of approving reviews that are required before a pull request can be merged. Defaults to `0`.
+ requiredReviewThreadResolution : bool, default is Undefined, optional
+ (Boolean) All conversations on code must be resolved before a pull request can be merged. Defaults to false.
+ All conversations on code must be resolved before a pull request can be merged. Defaults to `false`.
+ """
+
+
+ dismissStaleReviewsOnPush?: bool
+
+ requireCodeOwnerReview?: bool
+
+ requireLastPushApproval?: bool
+
+ requiredApprovingReviewCount?: int
+
+ requiredReviewThreadResolution?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0RequiredDeploymentsItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset status at provider rules items0 required deployments items0
+
+ Attributes
+ ----------
+ requiredDeploymentEnvironments : [str], default is Undefined, optional
+ (List of String) The environments that must be successfully deployed to before branches can be merged.
+ The environments that must be successfully deployed to before branches can be merged.
+ """
+
+
+ requiredDeploymentEnvironments?: [str]
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset status at provider rules items0 required status checks items0
+
+ Attributes
+ ----------
+ requiredCheck : [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0], default is Undefined, optional
+ (Block Set, Min: 1) Status checks that are required. Several can be defined. (see below for nested schema)
+ Status checks that are required. Several can be defined.
+ strictRequiredStatusChecksPolicy : bool, default is Undefined, optional
+ (Boolean) Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to false.
+ Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to `false`.
+ """
+
+
+ requiredCheck?: [RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0]
+
+ strictRequiredStatusChecksPolicy?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0RequiredStatusChecksItems0RequiredCheckItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset status at provider rules items0 required status checks items0 required check items0
+
+ Attributes
+ ----------
+ context : str, default is Undefined, optional
+ (String) The status check context name that must be present on the commit.
+ The status check context name that must be present on the commit.
+ integrationId : int, default is Undefined, optional
+ (Number) The optional integration ID that this status check must originate from.
+ The optional integration ID that this status check must originate from.
+ """
+
+
+ context?: str
+
+ integrationId?: int
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusAtProviderRulesItems0TagNamePatternItems0:
+ r"""
+ repo github upbound io v1alpha1 repository ruleset status at provider rules items0 tag name pattern items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, optional
+ (String) How this rule will appear to users.
+ How this rule will appear to users.
+ negate : bool, default is Undefined, optional
+ (Boolean) If true, the rule will fail if the pattern matches.
+ If true, the rule will fail if the pattern matches.
+ operator : str, default is Undefined, optional
+ (String) The operator to use for matching. Can be one of: starts_with, ends_with, contains, regex.
+ The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`.
+ pattern : str, default is Undefined, optional
+ (String) The pattern to match with.
+ The pattern to match with.
+ """
+
+
+ name?: str
+
+ negate?: bool
+
+ operator?: str
+
+ pattern?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryRulesetStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_repository_webhook.k b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_repository_webhook.k
new file mode 100644
index 00000000..7f6c4a48
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_repository_webhook.k
@@ -0,0 +1,792 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema RepositoryWebhook:
+ r"""
+ RepositoryWebhook is the Schema for the RepositoryWebhooks API. Creates and manages repository webhooks within GitHub organizations or personal accounts
+
+ Attributes
+ ----------
+ apiVersion : str, default is "repo.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "RepositoryWebhook", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : RepoGithubUpboundIoV1alpha1RepositoryWebhookSpec, default is Undefined, required
+ spec
+ status : RepoGithubUpboundIoV1alpha1RepositoryWebhookStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "repo.github.upbound.io/v1alpha1" = "repo.github.upbound.io/v1alpha1"
+
+ kind: "RepositoryWebhook" = "RepositoryWebhook"
+
+ metadata?: v1.ObjectMeta
+
+ spec: RepoGithubUpboundIoV1alpha1RepositoryWebhookSpec
+
+ status?: RepoGithubUpboundIoV1alpha1RepositoryWebhookStatus
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpec:
+ r"""
+ RepositoryWebhookSpec defines the desired state of RepositoryWebhook
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProvider
+
+ initProvider?: RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecWriteConnectionSecretToRef
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProvider:
+ r"""
+ repo github upbound io v1alpha1 repository webhook spec for provider
+
+ Attributes
+ ----------
+ active : bool, default is Undefined, optional
+ Indicate if the webhook should receive events. Defaults to true.
+ Indicate if the webhook should receive events. Defaults to 'true'.
+ configuration : [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderConfigurationItems0], default is Undefined, optional
+ Configuration block for the webhook. Detailed below.
+ Configuration for the webhook.
+ events : [str], default is Undefined, optional
+ A list of events which should trigger the webhook. See a list of available events.
+ A list of events which should trigger the webhook
+ repository : str, default is Undefined, optional
+ The repository of the webhook.
+ The repository of the webhook.
+ repositoryRef : RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ """
+
+
+ active?: bool
+
+ configuration?: [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderConfigurationItems0]
+
+ events?: [str]
+
+ repository?: str
+
+ repositoryRef?: RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositoryRef
+
+ repositorySelector?: RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositorySelector
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderConfigurationItems0:
+ r"""
+ repo github upbound io v1alpha1 repository webhook spec for provider configuration items0
+
+ Attributes
+ ----------
+ contentType : str, default is Undefined, optional
+ The content type for the payload. Valid values are either form or json.
+ The content type for the payload. Valid values are either 'form' or 'json'.
+ insecureSsl : bool, default is Undefined, optional
+ Insecure SSL boolean toggle. Defaults to false.
+ Insecure SSL boolean toggle. Defaults to 'false'.
+ secretSecretRef : RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderConfigurationItems0SecretSecretRef, default is Undefined, optional
+ secret secret ref
+ urlSecretRef : RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderConfigurationItems0URLSecretRef, default is Undefined, optional
+ url secret ref
+ """
+
+
+ contentType?: str
+
+ insecureSsl?: bool
+
+ secretSecretRef?: RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderConfigurationItems0SecretSecretRef
+
+ urlSecretRef?: RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderConfigurationItems0URLSecretRef
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderConfigurationItems0SecretSecretRef:
+ r"""
+ The shared secret for the webhook. See API documentation.
+ The shared secret for the webhook
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key to select.
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ key: str
+
+ name: str
+
+ namespace: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderConfigurationItems0URLSecretRef:
+ r"""
+ The URL of the webhook.
+ The URL of the webhook.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key to select.
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ key: str
+
+ name: str
+
+ namespace: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositoryRef:
+ r"""
+ Reference to a Repository to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositorySelector:
+ r"""
+ Selector for a Repository to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecForProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ active : bool, default is Undefined, optional
+ Indicate if the webhook should receive events. Defaults to true.
+ Indicate if the webhook should receive events. Defaults to 'true'.
+ configuration : [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderConfigurationItems0], default is Undefined, optional
+ Configuration block for the webhook. Detailed below.
+ Configuration for the webhook.
+ events : [str], default is Undefined, optional
+ A list of events which should trigger the webhook. See a list of available events.
+ A list of events which should trigger the webhook
+ repository : str, default is Undefined, optional
+ The repository of the webhook.
+ The repository of the webhook.
+ repositoryRef : RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ """
+
+
+ active?: bool
+
+ configuration?: [RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderConfigurationItems0]
+
+ events?: [str]
+
+ repository?: str
+
+ repositoryRef?: RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositoryRef
+
+ repositorySelector?: RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositorySelector
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderConfigurationItems0:
+ r"""
+ repo github upbound io v1alpha1 repository webhook spec init provider configuration items0
+
+ Attributes
+ ----------
+ contentType : str, default is Undefined, optional
+ The content type for the payload. Valid values are either form or json.
+ The content type for the payload. Valid values are either 'form' or 'json'.
+ insecureSsl : bool, default is Undefined, optional
+ Insecure SSL boolean toggle. Defaults to false.
+ Insecure SSL boolean toggle. Defaults to 'false'.
+ secretSecretRef : RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderConfigurationItems0SecretSecretRef, default is Undefined, optional
+ secret secret ref
+ urlSecretRef : RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderConfigurationItems0URLSecretRef, default is Undefined, required
+ url secret ref
+ """
+
+
+ contentType?: str
+
+ insecureSsl?: bool
+
+ secretSecretRef?: RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderConfigurationItems0SecretSecretRef
+
+ urlSecretRef: RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderConfigurationItems0URLSecretRef
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderConfigurationItems0SecretSecretRef:
+ r"""
+ The shared secret for the webhook. See API documentation.
+ The shared secret for the webhook
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key to select.
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ key: str
+
+ name: str
+
+ namespace: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderConfigurationItems0URLSecretRef:
+ r"""
+ The URL of the webhook.
+ The URL of the webhook.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key to select.
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ key: str
+
+ name: str
+
+ namespace: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositoryRef:
+ r"""
+ Reference to a Repository to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositorySelector:
+ r"""
+ Selector for a Repository to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecInitProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecProviderConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookStatus:
+ r"""
+ RepositoryWebhookStatus defines the observed state of RepositoryWebhook.
+
+ Attributes
+ ----------
+ atProvider : RepoGithubUpboundIoV1alpha1RepositoryWebhookStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [RepoGithubUpboundIoV1alpha1RepositoryWebhookStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: RepoGithubUpboundIoV1alpha1RepositoryWebhookStatusAtProvider
+
+ conditions?: [RepoGithubUpboundIoV1alpha1RepositoryWebhookStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookStatusAtProvider:
+ r"""
+ repo github upbound io v1alpha1 repository webhook status at provider
+
+ Attributes
+ ----------
+ active : bool, default is Undefined, optional
+ Indicate if the webhook should receive events. Defaults to true.
+ Indicate if the webhook should receive events. Defaults to 'true'.
+ configuration : [RepoGithubUpboundIoV1alpha1RepositoryWebhookStatusAtProviderConfigurationItems0], default is Undefined, optional
+ Configuration block for the webhook. Detailed below.
+ Configuration for the webhook.
+ etag : str, default is Undefined, optional
+ etag
+ events : [str], default is Undefined, optional
+ A list of events which should trigger the webhook. See a list of available events.
+ A list of events which should trigger the webhook
+ id : str, default is Undefined, optional
+ id
+ repository : str, default is Undefined, optional
+ The repository of the webhook.
+ The repository of the webhook.
+ url : str, default is Undefined, optional
+ URL of the webhook. This is a sensitive attribute because it may include basic auth credentials.
+ Configuration block for the webhook
+ """
+
+
+ active?: bool
+
+ configuration?: [RepoGithubUpboundIoV1alpha1RepositoryWebhookStatusAtProviderConfigurationItems0]
+
+ etag?: str
+
+ events?: [str]
+
+ id?: str
+
+ repository?: str
+
+ url?: str
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookStatusAtProviderConfigurationItems0:
+ r"""
+ repo github upbound io v1alpha1 repository webhook status at provider configuration items0
+
+ Attributes
+ ----------
+ contentType : str, default is Undefined, optional
+ The content type for the payload. Valid values are either form or json.
+ The content type for the payload. Valid values are either 'form' or 'json'.
+ insecureSsl : bool, default is Undefined, optional
+ Insecure SSL boolean toggle. Defaults to false.
+ Insecure SSL boolean toggle. Defaults to 'false'.
+ """
+
+
+ contentType?: str
+
+ insecureSsl?: bool
+
+
+schema RepoGithubUpboundIoV1alpha1RepositoryWebhookStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_tag_protection.k b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_tag_protection.k
new file mode 100644
index 00000000..53dda142
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/repo_github_upbound_io_v1alpha1_tag_protection.k
@@ -0,0 +1,590 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema TagProtection:
+ r"""
+ TagProtection is the Schema for the TagProtections API. Creates and manages repository tag protection within GitHub organizations or personal accounts
+
+ Attributes
+ ----------
+ apiVersion : str, default is "repo.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "TagProtection", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : RepoGithubUpboundIoV1alpha1TagProtectionSpec, default is Undefined, required
+ spec
+ status : RepoGithubUpboundIoV1alpha1TagProtectionStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "repo.github.upbound.io/v1alpha1" = "repo.github.upbound.io/v1alpha1"
+
+ kind: "TagProtection" = "TagProtection"
+
+ metadata?: v1.ObjectMeta
+
+ spec: RepoGithubUpboundIoV1alpha1TagProtectionSpec
+
+ status?: RepoGithubUpboundIoV1alpha1TagProtectionStatus
+
+
+schema RepoGithubUpboundIoV1alpha1TagProtectionSpec:
+ r"""
+ TagProtectionSpec defines the desired state of TagProtection
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : RepoGithubUpboundIoV1alpha1TagProtectionSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : RepoGithubUpboundIoV1alpha1TagProtectionSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : RepoGithubUpboundIoV1alpha1TagProtectionSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: RepoGithubUpboundIoV1alpha1TagProtectionSpecForProvider
+
+ initProvider?: RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: RepoGithubUpboundIoV1alpha1TagProtectionSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: RepoGithubUpboundIoV1alpha1TagProtectionSpecWriteConnectionSecretToRef
+
+
+schema RepoGithubUpboundIoV1alpha1TagProtectionSpecForProvider:
+ r"""
+ repo github upbound io v1alpha1 tag protection spec for provider
+
+ Attributes
+ ----------
+ pattern : str, default is Undefined, optional
+ The pattern of the tag to protect.
+ The pattern of the tag to protect.
+ repository : str, default is Undefined, optional
+ Name of the repository to add the tag protection to.
+ Name of the repository to add the tag protection to.
+ repositoryRef : RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ """
+
+
+ pattern?: str
+
+ repository?: str
+
+ repositoryRef?: RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositoryRef
+
+ repositorySelector?: RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositorySelector
+
+
+schema RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1TagProtectionSpecForProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ pattern : str, default is Undefined, optional
+ The pattern of the tag to protect.
+ The pattern of the tag to protect.
+ repository : str, default is Undefined, optional
+ Name of the repository to add the tag protection to.
+ Name of the repository to add the tag protection to.
+ repositoryRef : RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ """
+
+
+ pattern?: str
+
+ repository?: str
+
+ repositoryRef?: RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositoryRef
+
+ repositorySelector?: RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositorySelector
+
+
+schema RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositoryRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositorySelectorPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1TagProtectionSpecInitProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1TagProtectionSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1TagProtectionSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1TagProtectionSpecProviderConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1TagProtectionSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema RepoGithubUpboundIoV1alpha1TagProtectionSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema RepoGithubUpboundIoV1alpha1TagProtectionSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema RepoGithubUpboundIoV1alpha1TagProtectionStatus:
+ r"""
+ TagProtectionStatus defines the observed state of TagProtection.
+
+ Attributes
+ ----------
+ atProvider : RepoGithubUpboundIoV1alpha1TagProtectionStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [RepoGithubUpboundIoV1alpha1TagProtectionStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: RepoGithubUpboundIoV1alpha1TagProtectionStatusAtProvider
+
+ conditions?: [RepoGithubUpboundIoV1alpha1TagProtectionStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema RepoGithubUpboundIoV1alpha1TagProtectionStatusAtProvider:
+ r"""
+ repo github upbound io v1alpha1 tag protection status at provider
+
+ Attributes
+ ----------
+ id : str, default is Undefined, optional
+ The ID of the tag protection.
+ pattern : str, default is Undefined, optional
+ The pattern of the tag to protect.
+ The pattern of the tag to protect.
+ repository : str, default is Undefined, optional
+ Name of the repository to add the tag protection to.
+ Name of the repository to add the tag protection to.
+ tagProtectionId : int, default is Undefined, optional
+ The ID of the tag protection.
+ The ID of the tag protection.
+ """
+
+
+ id?: str
+
+ pattern?: str
+
+ repository?: str
+
+ tagProtectionId?: int
+
+
+schema RepoGithubUpboundIoV1alpha1TagProtectionStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/team_github_upbound_io_v1alpha1_emu_group_mapping.k b/crossplane-provider-upjet-github/v1alpha1/team_github_upbound_io_v1alpha1_emu_group_mapping.k
new file mode 100644
index 00000000..a583b53f
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/team_github_upbound_io_v1alpha1_emu_group_mapping.k
@@ -0,0 +1,589 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema EmuGroupMapping:
+ r"""
+ EmuGroupMapping is the Schema for the EmuGroupMappings API. Manages mappings between external groups for enterprise managed users.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "team.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "EmuGroupMapping", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : TeamGithubUpboundIoV1alpha1EmuGroupMappingSpec, default is Undefined, required
+ spec
+ status : TeamGithubUpboundIoV1alpha1EmuGroupMappingStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "team.github.upbound.io/v1alpha1" = "team.github.upbound.io/v1alpha1"
+
+ kind: "EmuGroupMapping" = "EmuGroupMapping"
+
+ metadata?: v1.ObjectMeta
+
+ spec: TeamGithubUpboundIoV1alpha1EmuGroupMappingSpec
+
+ status?: TeamGithubUpboundIoV1alpha1EmuGroupMappingStatus
+
+
+schema TeamGithubUpboundIoV1alpha1EmuGroupMappingSpec:
+ r"""
+ EmuGroupMappingSpec defines the desired state of EmuGroupMapping
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProvider
+
+ initProvider?: TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecWriteConnectionSecretToRef
+
+
+schema TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProvider:
+ r"""
+ team github upbound io v1alpha1 emu group mapping spec for provider
+
+ Attributes
+ ----------
+ groupId : int, default is Undefined, optional
+ Integer corresponding to the external group ID to be linked
+ Integer corresponding to the external group ID to be linked.
+ teamSlug : str, default is Undefined, optional
+ Slug of the GitHub team
+ Slug of the GitHub team.
+ teamSlugRef : TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugRef, default is Undefined, optional
+ team slug ref
+ teamSlugSelector : TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugSelector, default is Undefined, optional
+ team slug selector
+ """
+
+
+ groupId?: int
+
+ teamSlug?: str
+
+ teamSlugRef?: TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugRef
+
+ teamSlugSelector?: TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugSelector
+
+
+schema TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugRef:
+ r"""
+ Reference to a Team in team to populate teamSlug.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugSelector:
+ r"""
+ Selector for a Team in team to populate teamSlug.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugSelectorPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecForProviderTeamSlugSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ groupId : int, default is Undefined, optional
+ Integer corresponding to the external group ID to be linked
+ Integer corresponding to the external group ID to be linked.
+ teamSlug : str, default is Undefined, optional
+ Slug of the GitHub team
+ Slug of the GitHub team.
+ teamSlugRef : TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugRef, default is Undefined, optional
+ team slug ref
+ teamSlugSelector : TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugSelector, default is Undefined, optional
+ team slug selector
+ """
+
+
+ groupId?: int
+
+ teamSlug?: str
+
+ teamSlugRef?: TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugRef
+
+ teamSlugSelector?: TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugSelector
+
+
+schema TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugRef:
+ r"""
+ Reference to a Team in team to populate teamSlug.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugSelector:
+ r"""
+ Selector for a Team in team to populate teamSlug.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugSelectorPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecInitProviderTeamSlugSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecProviderConfigRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema TeamGithubUpboundIoV1alpha1EmuGroupMappingSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema TeamGithubUpboundIoV1alpha1EmuGroupMappingStatus:
+ r"""
+ EmuGroupMappingStatus defines the observed state of EmuGroupMapping.
+
+ Attributes
+ ----------
+ atProvider : TeamGithubUpboundIoV1alpha1EmuGroupMappingStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [TeamGithubUpboundIoV1alpha1EmuGroupMappingStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: TeamGithubUpboundIoV1alpha1EmuGroupMappingStatusAtProvider
+
+ conditions?: [TeamGithubUpboundIoV1alpha1EmuGroupMappingStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema TeamGithubUpboundIoV1alpha1EmuGroupMappingStatusAtProvider:
+ r"""
+ team github upbound io v1alpha1 emu group mapping status at provider
+
+ Attributes
+ ----------
+ etag : str, default is Undefined, optional
+ etag
+ groupId : int, default is Undefined, optional
+ Integer corresponding to the external group ID to be linked
+ Integer corresponding to the external group ID to be linked.
+ id : str, default is Undefined, optional
+ id
+ teamSlug : str, default is Undefined, optional
+ Slug of the GitHub team
+ Slug of the GitHub team.
+ """
+
+
+ etag?: str
+
+ groupId?: int
+
+ id?: str
+
+ teamSlug?: str
+
+
+schema TeamGithubUpboundIoV1alpha1EmuGroupMappingStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/team_github_upbound_io_v1alpha1_members.k b/crossplane-provider-upjet-github/v1alpha1/team_github_upbound_io_v1alpha1_members.k
new file mode 100644
index 00000000..f723c792
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/team_github_upbound_io_v1alpha1_members.k
@@ -0,0 +1,648 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema Members:
+ r"""
+ Members is the Schema for the Memberss API. Provides an authoritative GitHub team members resource.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "team.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "Members", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : TeamGithubUpboundIoV1alpha1MembersSpec, default is Undefined, required
+ spec
+ status : TeamGithubUpboundIoV1alpha1MembersStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "team.github.upbound.io/v1alpha1" = "team.github.upbound.io/v1alpha1"
+
+ kind: "Members" = "Members"
+
+ metadata?: v1.ObjectMeta
+
+ spec: TeamGithubUpboundIoV1alpha1MembersSpec
+
+ status?: TeamGithubUpboundIoV1alpha1MembersStatus
+
+
+schema TeamGithubUpboundIoV1alpha1MembersSpec:
+ r"""
+ MembersSpec defines the desired state of Members
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : TeamGithubUpboundIoV1alpha1MembersSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : TeamGithubUpboundIoV1alpha1MembersSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : TeamGithubUpboundIoV1alpha1MembersSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : TeamGithubUpboundIoV1alpha1MembersSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: TeamGithubUpboundIoV1alpha1MembersSpecForProvider
+
+ initProvider?: TeamGithubUpboundIoV1alpha1MembersSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: TeamGithubUpboundIoV1alpha1MembersSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: TeamGithubUpboundIoV1alpha1MembersSpecWriteConnectionSecretToRef
+
+
+schema TeamGithubUpboundIoV1alpha1MembersSpecForProvider:
+ r"""
+ team github upbound io v1alpha1 members spec for provider
+
+ Attributes
+ ----------
+ members : [TeamGithubUpboundIoV1alpha1MembersSpecForProviderMembersItems0], default is Undefined, optional
+ List of team members. See Members below for details.
+ List of team members.
+ teamId : str, default is Undefined, optional
+ The team id or the team slug
+ The GitHub team id or slug
+ teamIdRef : TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDRef, default is Undefined, optional
+ team Id ref
+ teamIdSelector : TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDSelector, default is Undefined, optional
+ team Id selector
+ """
+
+
+ members?: [TeamGithubUpboundIoV1alpha1MembersSpecForProviderMembersItems0]
+
+ teamId?: str
+
+ teamIdRef?: TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDRef
+
+ teamIdSelector?: TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDSelector
+
+
+schema TeamGithubUpboundIoV1alpha1MembersSpecForProviderMembersItems0:
+ r"""
+ team github upbound io v1alpha1 members spec for provider members items0
+
+ Attributes
+ ----------
+ role : str, default is Undefined, optional
+ The role of the user within the team.
+ Must be one of member or maintainer. Defaults to member.
+ The role of the user within the team. Must be one of 'member' or 'maintainer'.
+ username : str, default is Undefined, optional
+ The user to add to the team.
+ The user to add to the team.
+ """
+
+
+ role?: str
+
+ username?: str
+
+
+schema TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDRef:
+ r"""
+ Reference to a Team in team to populate teamId.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDSelector:
+ r"""
+ Selector for a Team in team to populate teamId.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDSelectorPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1MembersSpecForProviderTeamIDSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1MembersSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ members : [TeamGithubUpboundIoV1alpha1MembersSpecInitProviderMembersItems0], default is Undefined, optional
+ List of team members. See Members below for details.
+ List of team members.
+ teamId : str, default is Undefined, optional
+ The team id or the team slug
+ The GitHub team id or slug
+ teamIdRef : TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDRef, default is Undefined, optional
+ team Id ref
+ teamIdSelector : TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDSelector, default is Undefined, optional
+ team Id selector
+ """
+
+
+ members?: [TeamGithubUpboundIoV1alpha1MembersSpecInitProviderMembersItems0]
+
+ teamId?: str
+
+ teamIdRef?: TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDRef
+
+ teamIdSelector?: TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDSelector
+
+
+schema TeamGithubUpboundIoV1alpha1MembersSpecInitProviderMembersItems0:
+ r"""
+ team github upbound io v1alpha1 members spec init provider members items0
+
+ Attributes
+ ----------
+ role : str, default is Undefined, optional
+ The role of the user within the team.
+ Must be one of member or maintainer. Defaults to member.
+ The role of the user within the team. Must be one of 'member' or 'maintainer'.
+ username : str, default is Undefined, optional
+ The user to add to the team.
+ The user to add to the team.
+ """
+
+
+ role?: str
+
+ username?: str
+
+
+schema TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDRef:
+ r"""
+ Reference to a Team in team to populate teamId.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDSelector:
+ r"""
+ Selector for a Team in team to populate teamId.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDSelectorPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1MembersSpecInitProviderTeamIDSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1MembersSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1MembersSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1MembersSpecProviderConfigRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1MembersSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1MembersSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema TeamGithubUpboundIoV1alpha1MembersSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema TeamGithubUpboundIoV1alpha1MembersStatus:
+ r"""
+ MembersStatus defines the observed state of Members.
+
+ Attributes
+ ----------
+ atProvider : TeamGithubUpboundIoV1alpha1MembersStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [TeamGithubUpboundIoV1alpha1MembersStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: TeamGithubUpboundIoV1alpha1MembersStatusAtProvider
+
+ conditions?: [TeamGithubUpboundIoV1alpha1MembersStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema TeamGithubUpboundIoV1alpha1MembersStatusAtProvider:
+ r"""
+ team github upbound io v1alpha1 members status at provider
+
+ Attributes
+ ----------
+ id : str, default is Undefined, optional
+ id
+ members : [TeamGithubUpboundIoV1alpha1MembersStatusAtProviderMembersItems0], default is Undefined, optional
+ List of team members. See Members below for details.
+ List of team members.
+ teamId : str, default is Undefined, optional
+ The team id or the team slug
+ The GitHub team id or slug
+ """
+
+
+ id?: str
+
+ members?: [TeamGithubUpboundIoV1alpha1MembersStatusAtProviderMembersItems0]
+
+ teamId?: str
+
+
+schema TeamGithubUpboundIoV1alpha1MembersStatusAtProviderMembersItems0:
+ r"""
+ team github upbound io v1alpha1 members status at provider members items0
+
+ Attributes
+ ----------
+ role : str, default is Undefined, optional
+ The role of the user within the team.
+ Must be one of member or maintainer. Defaults to member.
+ The role of the user within the team. Must be one of 'member' or 'maintainer'.
+ username : str, default is Undefined, optional
+ The user to add to the team.
+ The user to add to the team.
+ """
+
+
+ role?: str
+
+ username?: str
+
+
+schema TeamGithubUpboundIoV1alpha1MembersStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/team_github_upbound_io_v1alpha1_team.k b/crossplane-provider-upjet-github/v1alpha1/team_github_upbound_io_v1alpha1_team.k
new file mode 100644
index 00000000..e805558a
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/team_github_upbound_io_v1alpha1_team.k
@@ -0,0 +1,510 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema Team:
+ r"""
+ Team is the Schema for the Teams API. Provides a GitHub team resource.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "team.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "Team", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : TeamGithubUpboundIoV1alpha1TeamSpec, default is Undefined, required
+ spec
+ status : TeamGithubUpboundIoV1alpha1TeamStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "team.github.upbound.io/v1alpha1" = "team.github.upbound.io/v1alpha1"
+
+ kind: "Team" = "Team"
+
+ metadata?: v1.ObjectMeta
+
+ spec: TeamGithubUpboundIoV1alpha1TeamSpec
+
+ status?: TeamGithubUpboundIoV1alpha1TeamStatus
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSpec:
+ r"""
+ TeamSpec defines the desired state of Team
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : TeamGithubUpboundIoV1alpha1TeamSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : TeamGithubUpboundIoV1alpha1TeamSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : TeamGithubUpboundIoV1alpha1TeamSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : TeamGithubUpboundIoV1alpha1TeamSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: TeamGithubUpboundIoV1alpha1TeamSpecForProvider
+
+ initProvider?: TeamGithubUpboundIoV1alpha1TeamSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: TeamGithubUpboundIoV1alpha1TeamSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: TeamGithubUpboundIoV1alpha1TeamSpecWriteConnectionSecretToRef
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSpecForProvider:
+ r"""
+ team github upbound io v1alpha1 team spec for provider
+
+ Attributes
+ ----------
+ createDefaultMaintainer : bool, default is Undefined, optional
+ Adds a default maintainer to the team. Defaults to false and adds the creating user to the team when true.
+ Adds a default maintainer to the team. Adds the creating user to the team when 'true'.
+ description : str, default is Undefined, optional
+ A description of the team.
+ A description of the team.
+ ldapDn : str, default is Undefined, optional
+ The LDAP Distinguished Name of the group where membership will be synchronized. Only available in GitHub Enterprise Server.
+ The LDAP Distinguished Name of the group where membership will be synchronized. Only available in GitHub Enterprise Server.
+ name : str, default is Undefined, optional
+ The name of the team.
+ The name of the team.
+ parentTeamId : str, default is Undefined, optional
+ The ID or slug of the parent team, if this is a nested team.
+ The ID or slug of the parent team, if this is a nested team.
+ parentTeamReadId : str, default is Undefined, optional
+ The ID of the created team.
+ The id of the parent team read in Github.
+ parentTeamReadSlug : str, default is Undefined, optional
+ The slug of the created team, which may or may not differ from name,
+ depending on whether name contains "URL-unsafe" characters.
+ Useful when referencing the team in github_branch_protection.
+ The id of the parent team read in Github.
+ privacy : str, default is Undefined, optional
+ The level of privacy for the team. Must be one of secret or closed.
+ Defaults to secret.
+ The level of privacy for the team. Must be one of 'secret' or 'closed'.
+ """
+
+
+ createDefaultMaintainer?: bool
+
+ description?: str
+
+ ldapDn?: str
+
+ name?: str
+
+ parentTeamId?: str
+
+ parentTeamReadId?: str
+
+ parentTeamReadSlug?: str
+
+ privacy?: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ createDefaultMaintainer : bool, default is Undefined, optional
+ Adds a default maintainer to the team. Defaults to false and adds the creating user to the team when true.
+ Adds a default maintainer to the team. Adds the creating user to the team when 'true'.
+ description : str, default is Undefined, optional
+ A description of the team.
+ A description of the team.
+ ldapDn : str, default is Undefined, optional
+ The LDAP Distinguished Name of the group where membership will be synchronized. Only available in GitHub Enterprise Server.
+ The LDAP Distinguished Name of the group where membership will be synchronized. Only available in GitHub Enterprise Server.
+ name : str, default is Undefined, optional
+ The name of the team.
+ The name of the team.
+ parentTeamId : str, default is Undefined, optional
+ The ID or slug of the parent team, if this is a nested team.
+ The ID or slug of the parent team, if this is a nested team.
+ parentTeamReadId : str, default is Undefined, optional
+ The ID of the created team.
+ The id of the parent team read in Github.
+ parentTeamReadSlug : str, default is Undefined, optional
+ The slug of the created team, which may or may not differ from name,
+ depending on whether name contains "URL-unsafe" characters.
+ Useful when referencing the team in github_branch_protection.
+ The id of the parent team read in Github.
+ privacy : str, default is Undefined, optional
+ The level of privacy for the team. Must be one of secret or closed.
+ Defaults to secret.
+ The level of privacy for the team. Must be one of 'secret' or 'closed'.
+ """
+
+
+ createDefaultMaintainer?: bool
+
+ description?: str
+
+ ldapDn?: str
+
+ name?: str
+
+ parentTeamId?: str
+
+ parentTeamReadId?: str
+
+ parentTeamReadSlug?: str
+
+ privacy?: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1TeamSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamSpecProviderConfigRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamStatus:
+ r"""
+ TeamStatus defines the observed state of Team.
+
+ Attributes
+ ----------
+ atProvider : TeamGithubUpboundIoV1alpha1TeamStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [TeamGithubUpboundIoV1alpha1TeamStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: TeamGithubUpboundIoV1alpha1TeamStatusAtProvider
+
+ conditions?: [TeamGithubUpboundIoV1alpha1TeamStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema TeamGithubUpboundIoV1alpha1TeamStatusAtProvider:
+ r"""
+ team github upbound io v1alpha1 team status at provider
+
+ Attributes
+ ----------
+ createDefaultMaintainer : bool, default is Undefined, optional
+ Adds a default maintainer to the team. Defaults to false and adds the creating user to the team when true.
+ Adds a default maintainer to the team. Adds the creating user to the team when 'true'.
+ description : str, default is Undefined, optional
+ A description of the team.
+ A description of the team.
+ etag : str, default is Undefined, optional
+ etag
+ id : str, default is Undefined, optional
+ The ID of the created team.
+ ldapDn : str, default is Undefined, optional
+ The LDAP Distinguished Name of the group where membership will be synchronized. Only available in GitHub Enterprise Server.
+ The LDAP Distinguished Name of the group where membership will be synchronized. Only available in GitHub Enterprise Server.
+ membersCount : int, default is Undefined, optional
+ members count
+ name : str, default is Undefined, optional
+ The name of the team.
+ The name of the team.
+ nodeId : str, default is Undefined, optional
+ The Node ID of the created team.
+ The Node ID of the created team.
+ parentTeamId : str, default is Undefined, optional
+ The ID or slug of the parent team, if this is a nested team.
+ The ID or slug of the parent team, if this is a nested team.
+ parentTeamReadId : str, default is Undefined, optional
+ The ID of the created team.
+ The id of the parent team read in Github.
+ parentTeamReadSlug : str, default is Undefined, optional
+ The slug of the created team, which may or may not differ from name,
+ depending on whether name contains "URL-unsafe" characters.
+ Useful when referencing the team in github_branch_protection.
+ The id of the parent team read in Github.
+ privacy : str, default is Undefined, optional
+ The level of privacy for the team. Must be one of secret or closed.
+ Defaults to secret.
+ The level of privacy for the team. Must be one of 'secret' or 'closed'.
+ slug : str, default is Undefined, optional
+ The slug of the created team, which may or may not differ from name,
+ depending on whether name contains "URL-unsafe" characters.
+ Useful when referencing the team in github_branch_protection.
+ The slug of the created team.
+ """
+
+
+ createDefaultMaintainer?: bool
+
+ description?: str
+
+ etag?: str
+
+ id?: str
+
+ ldapDn?: str
+
+ membersCount?: int
+
+ name?: str
+
+ nodeId?: str
+
+ parentTeamId?: str
+
+ parentTeamReadId?: str
+
+ parentTeamReadSlug?: str
+
+ privacy?: str
+
+ slug?: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/team_github_upbound_io_v1alpha1_team_membership.k b/crossplane-provider-upjet-github/v1alpha1/team_github_upbound_io_v1alpha1_team_membership.k
new file mode 100644
index 00000000..ef9d0508
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/team_github_upbound_io_v1alpha1_team_membership.k
@@ -0,0 +1,607 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema TeamMembership:
+ r"""
+ TeamMembership is the Schema for the TeamMemberships API. Provides a GitHub team membership resource.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "team.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "TeamMembership", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : TeamGithubUpboundIoV1alpha1TeamMembershipSpec, default is Undefined, required
+ spec
+ status : TeamGithubUpboundIoV1alpha1TeamMembershipStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "team.github.upbound.io/v1alpha1" = "team.github.upbound.io/v1alpha1"
+
+ kind: "TeamMembership" = "TeamMembership"
+
+ metadata?: v1.ObjectMeta
+
+ spec: TeamGithubUpboundIoV1alpha1TeamMembershipSpec
+
+ status?: TeamGithubUpboundIoV1alpha1TeamMembershipStatus
+
+
+schema TeamGithubUpboundIoV1alpha1TeamMembershipSpec:
+ r"""
+ TeamMembershipSpec defines the desired state of TeamMembership
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : TeamGithubUpboundIoV1alpha1TeamMembershipSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : TeamGithubUpboundIoV1alpha1TeamMembershipSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProvider
+
+ initProvider?: TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: TeamGithubUpboundIoV1alpha1TeamMembershipSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: TeamGithubUpboundIoV1alpha1TeamMembershipSpecWriteConnectionSecretToRef
+
+
+schema TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProvider:
+ r"""
+ team github upbound io v1alpha1 team membership spec for provider
+
+ Attributes
+ ----------
+ role : str, default is Undefined, optional
+ The role of the user within the team.
+ Must be one of member or maintainer. Defaults to member.
+ The role of the user within the team. Must be one of 'member' or 'maintainer'.
+ teamId : str, default is Undefined, optional
+ The GitHub team id or the GitHub team slug
+ The GitHub team id or the GitHub team slug.
+ teamIdRef : TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDRef, default is Undefined, optional
+ team Id ref
+ teamIdSelector : TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDSelector, default is Undefined, optional
+ team Id selector
+ username : str, default is Undefined, optional
+ The user to add to the team.
+ The user to add to the team.
+ """
+
+
+ role?: str
+
+ teamId?: str
+
+ teamIdRef?: TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDRef
+
+ teamIdSelector?: TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDSelector
+
+ username?: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDRef:
+ r"""
+ Reference to a Team in team to populate teamId.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDSelector:
+ r"""
+ Selector for a Team in team to populate teamId.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDSelectorPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamMembershipSpecForProviderTeamIDSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ role : str, default is Undefined, optional
+ The role of the user within the team.
+ Must be one of member or maintainer. Defaults to member.
+ The role of the user within the team. Must be one of 'member' or 'maintainer'.
+ teamId : str, default is Undefined, optional
+ The GitHub team id or the GitHub team slug
+ The GitHub team id or the GitHub team slug.
+ teamIdRef : TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDRef, default is Undefined, optional
+ team Id ref
+ teamIdSelector : TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDSelector, default is Undefined, optional
+ team Id selector
+ username : str, default is Undefined, optional
+ The user to add to the team.
+ The user to add to the team.
+ """
+
+
+ role?: str
+
+ teamId?: str
+
+ teamIdRef?: TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDRef
+
+ teamIdSelector?: TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDSelector
+
+ username?: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDRef:
+ r"""
+ Reference to a Team in team to populate teamId.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDSelector:
+ r"""
+ Selector for a Team in team to populate teamId.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDSelectorPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamMembershipSpecInitProviderTeamIDSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamMembershipSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1TeamMembershipSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamMembershipSpecProviderConfigRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamMembershipSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamMembershipSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamMembershipSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamMembershipStatus:
+ r"""
+ TeamMembershipStatus defines the observed state of TeamMembership.
+
+ Attributes
+ ----------
+ atProvider : TeamGithubUpboundIoV1alpha1TeamMembershipStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [TeamGithubUpboundIoV1alpha1TeamMembershipStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: TeamGithubUpboundIoV1alpha1TeamMembershipStatusAtProvider
+
+ conditions?: [TeamGithubUpboundIoV1alpha1TeamMembershipStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema TeamGithubUpboundIoV1alpha1TeamMembershipStatusAtProvider:
+ r"""
+ team github upbound io v1alpha1 team membership status at provider
+
+ Attributes
+ ----------
+ etag : str, default is Undefined, optional
+ etag
+ id : str, default is Undefined, optional
+ id
+ role : str, default is Undefined, optional
+ The role of the user within the team.
+ Must be one of member or maintainer. Defaults to member.
+ The role of the user within the team. Must be one of 'member' or 'maintainer'.
+ teamId : str, default is Undefined, optional
+ The GitHub team id or the GitHub team slug
+ The GitHub team id or the GitHub team slug.
+ username : str, default is Undefined, optional
+ The user to add to the team.
+ The user to add to the team.
+ """
+
+
+ etag?: str
+
+ id?: str
+
+ role?: str
+
+ teamId?: str
+
+ username?: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamMembershipStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/team_github_upbound_io_v1alpha1_team_repository.k b/crossplane-provider-upjet-github/v1alpha1/team_github_upbound_io_v1alpha1_team_repository.k
new file mode 100644
index 00000000..b8ffa8ea
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/team_github_upbound_io_v1alpha1_team_repository.k
@@ -0,0 +1,801 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema TeamRepository:
+ r"""
+ TeamRepository is the Schema for the TeamRepositorys API. Manages the associations between teams and repositories.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "team.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "TeamRepository", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : TeamGithubUpboundIoV1alpha1TeamRepositorySpec, default is Undefined, required
+ spec
+ status : TeamGithubUpboundIoV1alpha1TeamRepositoryStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "team.github.upbound.io/v1alpha1" = "team.github.upbound.io/v1alpha1"
+
+ kind: "TeamRepository" = "TeamRepository"
+
+ metadata?: v1.ObjectMeta
+
+ spec: TeamGithubUpboundIoV1alpha1TeamRepositorySpec
+
+ status?: TeamGithubUpboundIoV1alpha1TeamRepositoryStatus
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpec:
+ r"""
+ TeamRepositorySpec defines the desired state of TeamRepository
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProvider, default is Undefined, required
+ for provider
+ initProvider : TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : TeamGithubUpboundIoV1alpha1TeamRepositorySpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : TeamGithubUpboundIoV1alpha1TeamRepositorySpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProvider
+
+ initProvider?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecProviderConfigRef
+
+ publishConnectionDetailsTo?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecWriteConnectionSecretToRef
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProvider:
+ r"""
+ team github upbound io v1alpha1 team repository spec for provider
+
+ Attributes
+ ----------
+ permission : str, default is Undefined, optional
+ The permissions of team members regarding the repository.
+ Must be one of pull, triage, push, maintain, admin or the name of an existing custom repository role within the organisation. Defaults to pull.
+ The permissions of team members regarding the repository. Must be one of 'pull', 'triage', 'push', 'maintain', 'admin' or the name of an existing custom repository role within the organisation.
+ repository : str, default is Undefined, optional
+ The repository to add to the team.
+ The repository to add to the team.
+ repositoryRef : TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ teamId : str, default is Undefined, optional
+ The GitHub team id or the GitHub team slug
+ ID or slug of team
+ teamIdRef : TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDRef, default is Undefined, optional
+ team Id ref
+ teamIdSelector : TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDSelector, default is Undefined, optional
+ team Id selector
+ """
+
+
+ permission?: str
+
+ repository?: str
+
+ repositoryRef?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositoryRef
+
+ repositorySelector?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositorySelector
+
+ teamId?: str
+
+ teamIdRef?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDRef
+
+ teamIdSelector?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDSelector
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositoryRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositorySelectorPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDRef:
+ r"""
+ Reference to a Team in team to populate teamId.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDSelector:
+ r"""
+ Selector for a Team in team to populate teamId.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDSelectorPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecForProviderTeamIDSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ permission : str, default is Undefined, optional
+ The permissions of team members regarding the repository.
+ Must be one of pull, triage, push, maintain, admin or the name of an existing custom repository role within the organisation. Defaults to pull.
+ The permissions of team members regarding the repository. Must be one of 'pull', 'triage', 'push', 'maintain', 'admin' or the name of an existing custom repository role within the organisation.
+ repository : str, default is Undefined, optional
+ The repository to add to the team.
+ The repository to add to the team.
+ repositoryRef : TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositoryRef, default is Undefined, optional
+ repository ref
+ repositorySelector : TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositorySelector, default is Undefined, optional
+ repository selector
+ teamId : str, default is Undefined, optional
+ The GitHub team id or the GitHub team slug
+ ID or slug of team
+ teamIdRef : TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDRef, default is Undefined, optional
+ team Id ref
+ teamIdSelector : TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDSelector, default is Undefined, optional
+ team Id selector
+ """
+
+
+ permission?: str
+
+ repository?: str
+
+ repositoryRef?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositoryRef
+
+ repositorySelector?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositorySelector
+
+ teamId?: str
+
+ teamIdRef?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDRef
+
+ teamIdSelector?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDSelector
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositoryRef:
+ r"""
+ Reference to a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositoryRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositoryRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositoryRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositorySelector:
+ r"""
+ Selector for a Repository in repo to populate repository.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositorySelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositorySelectorPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderRepositorySelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDRef:
+ r"""
+ Reference to a Team in team to populate teamId.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDSelector:
+ r"""
+ Selector for a Team in team to populate teamId.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDSelectorPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecInitProviderTeamIDSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1TeamRepositorySpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecProviderConfigRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsToConfigRef
+
+ metadata?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositorySpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositoryStatus:
+ r"""
+ TeamRepositoryStatus defines the observed state of TeamRepository.
+
+ Attributes
+ ----------
+ atProvider : TeamGithubUpboundIoV1alpha1TeamRepositoryStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [TeamGithubUpboundIoV1alpha1TeamRepositoryStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: TeamGithubUpboundIoV1alpha1TeamRepositoryStatusAtProvider
+
+ conditions?: [TeamGithubUpboundIoV1alpha1TeamRepositoryStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositoryStatusAtProvider:
+ r"""
+ team github upbound io v1alpha1 team repository status at provider
+
+ Attributes
+ ----------
+ etag : str, default is Undefined, optional
+ etag
+ id : str, default is Undefined, optional
+ id
+ permission : str, default is Undefined, optional
+ The permissions of team members regarding the repository.
+ Must be one of pull, triage, push, maintain, admin or the name of an existing custom repository role within the organisation. Defaults to pull.
+ The permissions of team members regarding the repository. Must be one of 'pull', 'triage', 'push', 'maintain', 'admin' or the name of an existing custom repository role within the organisation.
+ repository : str, default is Undefined, optional
+ The repository to add to the team.
+ The repository to add to the team.
+ teamId : str, default is Undefined, optional
+ The GitHub team id or the GitHub team slug
+ ID or slug of team
+ """
+
+
+ etag?: str
+
+ id?: str
+
+ permission?: str
+
+ repository?: str
+
+ teamId?: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamRepositoryStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/team_github_upbound_io_v1alpha1_team_settings.k b/crossplane-provider-upjet-github/v1alpha1/team_github_upbound_io_v1alpha1_team_settings.k
new file mode 100644
index 00000000..127f7641
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/team_github_upbound_io_v1alpha1_team_settings.k
@@ -0,0 +1,668 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema TeamSettings:
+ r"""
+ TeamSettings is the Schema for the TeamSettingss API. Manages the team settings (in particular the request review delegation settings)
+
+ Attributes
+ ----------
+ apiVersion : str, default is "team.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "TeamSettings", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : TeamGithubUpboundIoV1alpha1TeamSettingsSpec, default is Undefined, required
+ spec
+ status : TeamGithubUpboundIoV1alpha1TeamSettingsStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "team.github.upbound.io/v1alpha1" = "team.github.upbound.io/v1alpha1"
+
+ kind: "TeamSettings" = "TeamSettings"
+
+ metadata?: v1.ObjectMeta
+
+ spec: TeamGithubUpboundIoV1alpha1TeamSettingsSpec
+
+ status?: TeamGithubUpboundIoV1alpha1TeamSettingsStatus
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsSpec:
+ r"""
+ TeamSettingsSpec defines the desired state of TeamSettings
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : TeamGithubUpboundIoV1alpha1TeamSettingsSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : TeamGithubUpboundIoV1alpha1TeamSettingsSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProvider
+
+ initProvider?: TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: TeamGithubUpboundIoV1alpha1TeamSettingsSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: TeamGithubUpboundIoV1alpha1TeamSettingsSpecWriteConnectionSecretToRef
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProvider:
+ r"""
+ team github upbound io v1alpha1 team settings spec for provider
+
+ Attributes
+ ----------
+ reviewRequestDelegation : [TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderReviewRequestDelegationItems0], default is Undefined, optional
+ The settings for delegating code reviews to individuals on behalf of the team. If this block is present, even without any fields, then review request delegation will be enabled for the team. See GitHub Review Request Delegation below for details. See GitHub's documentation for more configuration details.
+ The settings for delegating code reviews to individuals on behalf of the team. If this block is present, even without any fields, then review request delegation will be enabled for the team.
+ teamId : str, default is Undefined, optional
+ The GitHub team id or the GitHub team slug
+ The GitHub team id or the GitHub team slug.
+ teamIdRef : TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDRef, default is Undefined, optional
+ team Id ref
+ teamIdSelector : TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDSelector, default is Undefined, optional
+ team Id selector
+ """
+
+
+ reviewRequestDelegation?: [TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderReviewRequestDelegationItems0]
+
+ teamId?: str
+
+ teamIdRef?: TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDRef
+
+ teamIdSelector?: TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDSelector
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderReviewRequestDelegationItems0:
+ r"""
+ team github upbound io v1alpha1 team settings spec for provider review request delegation items0
+
+ Attributes
+ ----------
+ algorithm : str, default is Undefined, optional
+ The algorithm to use when assigning pull requests to team members. Supported values are ROUND_ROBIN and LOAD_BALANCE. Default value is ROUND_ROBIN
+ The algorithm to use when assigning pull requests to team members. Supported values are 'ROUND_ROBIN' and 'LOAD_BALANCE'.
+ memberCount : int, default is Undefined, optional
+ The number of team members to assign to a pull request
+ The number of team members to assign to a pull request.
+ notify : bool, default is Undefined, optional
+ whether to notify the entire team when at least one member is also assigned to the pull request
+ whether to notify the entire team when at least one member is also assigned to the pull request.
+ """
+
+
+ algorithm?: str
+
+ memberCount?: int
+
+ notify?: bool
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDRef:
+ r"""
+ Reference to a Team in team to populate teamId.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDSelector:
+ r"""
+ Selector for a Team in team to populate teamId.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDSelectorPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsSpecForProviderTeamIDSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ reviewRequestDelegation : [TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderReviewRequestDelegationItems0], default is Undefined, optional
+ The settings for delegating code reviews to individuals on behalf of the team. If this block is present, even without any fields, then review request delegation will be enabled for the team. See GitHub Review Request Delegation below for details. See GitHub's documentation for more configuration details.
+ The settings for delegating code reviews to individuals on behalf of the team. If this block is present, even without any fields, then review request delegation will be enabled for the team.
+ teamId : str, default is Undefined, optional
+ The GitHub team id or the GitHub team slug
+ The GitHub team id or the GitHub team slug.
+ teamIdRef : TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDRef, default is Undefined, optional
+ team Id ref
+ teamIdSelector : TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDSelector, default is Undefined, optional
+ team Id selector
+ """
+
+
+ reviewRequestDelegation?: [TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderReviewRequestDelegationItems0]
+
+ teamId?: str
+
+ teamIdRef?: TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDRef
+
+ teamIdSelector?: TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDSelector
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderReviewRequestDelegationItems0:
+ r"""
+ team github upbound io v1alpha1 team settings spec init provider review request delegation items0
+
+ Attributes
+ ----------
+ algorithm : str, default is Undefined, optional
+ The algorithm to use when assigning pull requests to team members. Supported values are ROUND_ROBIN and LOAD_BALANCE. Default value is ROUND_ROBIN
+ The algorithm to use when assigning pull requests to team members. Supported values are 'ROUND_ROBIN' and 'LOAD_BALANCE'.
+ memberCount : int, default is Undefined, optional
+ The number of team members to assign to a pull request
+ The number of team members to assign to a pull request.
+ notify : bool, default is Undefined, optional
+ whether to notify the entire team when at least one member is also assigned to the pull request
+ whether to notify the entire team when at least one member is also assigned to the pull request.
+ """
+
+
+ algorithm?: str
+
+ memberCount?: int
+
+ notify?: bool
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDRef:
+ r"""
+ Reference to a Team in team to populate teamId.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDSelector:
+ r"""
+ Selector for a Team in team to populate teamId.
+
+ Attributes
+ ----------
+ matchControllerRef : bool, default is Undefined, optional
+ MatchControllerRef ensures an object with the same controller reference
+ as the selecting object is selected.
+ matchLabels : {str:str}, default is Undefined, optional
+ MatchLabels ensures an object with matching labels is selected.
+ policy : TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDSelectorPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ matchControllerRef?: bool
+
+ matchLabels?: {str:str}
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDSelectorPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsSpecInitProviderTeamIDSelectorPolicy:
+ r"""
+ Policies for selection.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1TeamSettingsSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamSettingsSpecProviderConfigRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsStatus:
+ r"""
+ TeamSettingsStatus defines the observed state of TeamSettings.
+
+ Attributes
+ ----------
+ atProvider : TeamGithubUpboundIoV1alpha1TeamSettingsStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [TeamGithubUpboundIoV1alpha1TeamSettingsStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: TeamGithubUpboundIoV1alpha1TeamSettingsStatusAtProvider
+
+ conditions?: [TeamGithubUpboundIoV1alpha1TeamSettingsStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsStatusAtProvider:
+ r"""
+ team github upbound io v1alpha1 team settings status at provider
+
+ Attributes
+ ----------
+ id : str, default is Undefined, optional
+ id
+ reviewRequestDelegation : [TeamGithubUpboundIoV1alpha1TeamSettingsStatusAtProviderReviewRequestDelegationItems0], default is Undefined, optional
+ The settings for delegating code reviews to individuals on behalf of the team. If this block is present, even without any fields, then review request delegation will be enabled for the team. See GitHub Review Request Delegation below for details. See GitHub's documentation for more configuration details.
+ The settings for delegating code reviews to individuals on behalf of the team. If this block is present, even without any fields, then review request delegation will be enabled for the team.
+ teamId : str, default is Undefined, optional
+ The GitHub team id or the GitHub team slug
+ The GitHub team id or the GitHub team slug.
+ teamSlug : str, default is Undefined, optional
+ The slug of the Team within the Organization.
+ teamUid : str, default is Undefined, optional
+ The unique ID of the Team on GitHub. Corresponds to the ID of the 'github_team_settings' resource.
+ """
+
+
+ id?: str
+
+ reviewRequestDelegation?: [TeamGithubUpboundIoV1alpha1TeamSettingsStatusAtProviderReviewRequestDelegationItems0]
+
+ teamId?: str
+
+ teamSlug?: str
+
+ teamUid?: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsStatusAtProviderReviewRequestDelegationItems0:
+ r"""
+ team github upbound io v1alpha1 team settings status at provider review request delegation items0
+
+ Attributes
+ ----------
+ algorithm : str, default is Undefined, optional
+ The algorithm to use when assigning pull requests to team members. Supported values are ROUND_ROBIN and LOAD_BALANCE. Default value is ROUND_ROBIN
+ The algorithm to use when assigning pull requests to team members. Supported values are 'ROUND_ROBIN' and 'LOAD_BALANCE'.
+ memberCount : int, default is Undefined, optional
+ The number of team members to assign to a pull request
+ The number of team members to assign to a pull request.
+ notify : bool, default is Undefined, optional
+ whether to notify the entire team when at least one member is also assigned to the pull request
+ whether to notify the entire team when at least one member is also assigned to the pull request.
+ """
+
+
+ algorithm?: str
+
+ memberCount?: int
+
+ notify?: bool
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSettingsStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/team_github_upbound_io_v1alpha1_team_sync_group_mapping.k b/crossplane-provider-upjet-github/v1alpha1/team_github_upbound_io_v1alpha1_team_sync_group_mapping.k
new file mode 100644
index 00000000..30d312af
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/team_github_upbound_io_v1alpha1_team_sync_group_mapping.k
@@ -0,0 +1,470 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema TeamSyncGroupMapping:
+ r"""
+ TeamSyncGroupMapping is the Schema for the TeamSyncGroupMappings API. Creates and manages the connections between a team and its IdP group(s).
+
+ Attributes
+ ----------
+ apiVersion : str, default is "team.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "TeamSyncGroupMapping", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpec, default is Undefined, required
+ spec
+ status : TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "team.github.upbound.io/v1alpha1" = "team.github.upbound.io/v1alpha1"
+
+ kind: "TeamSyncGroupMapping" = "TeamSyncGroupMapping"
+
+ metadata?: v1.ObjectMeta
+
+ spec: TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpec
+
+ status?: TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatus
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpec:
+ r"""
+ TeamSyncGroupMappingSpec defines the desired state of TeamSyncGroupMapping
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecForProvider
+
+ initProvider?: TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecWriteConnectionSecretToRef
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecForProvider:
+ r"""
+ team github upbound io v1alpha1 team sync group mapping spec for provider
+
+ Attributes
+ ----------
+ group : [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecForProviderGroupItems0], default is Undefined, optional
+ An Array of GitHub Identity Provider Groups (or empty []). Each group block consists of the fields documented below.
+ An Array of GitHub Identity Provider Groups (or empty []).
+ teamSlug : str, default is Undefined, optional
+ Slug of the team
+ Slug of the team.
+ """
+
+
+ group?: [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecForProviderGroupItems0]
+
+ teamSlug?: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecForProviderGroupItems0:
+ r"""
+ team github upbound io v1alpha1 team sync group mapping spec for provider group items0
+
+ Attributes
+ ----------
+ groupDescription : str, default is Undefined, optional
+ The description of the IdP group.
+ The description of the IdP group.
+ groupId : str, default is Undefined, optional
+ The ID of the IdP group.
+ The ID of the IdP group.
+ groupName : str, default is Undefined, optional
+ The name of the IdP group.
+ The name of the IdP group.
+ """
+
+
+ groupDescription?: str
+
+ groupId?: str
+
+ groupName?: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ group : [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecInitProviderGroupItems0], default is Undefined, optional
+ An Array of GitHub Identity Provider Groups (or empty []). Each group block consists of the fields documented below.
+ An Array of GitHub Identity Provider Groups (or empty []).
+ teamSlug : str, default is Undefined, optional
+ Slug of the team
+ Slug of the team.
+ """
+
+
+ group?: [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecInitProviderGroupItems0]
+
+ teamSlug?: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecInitProviderGroupItems0:
+ r"""
+ team github upbound io v1alpha1 team sync group mapping spec init provider group items0
+
+ Attributes
+ ----------
+ groupDescription : str, default is Undefined, optional
+ The description of the IdP group.
+ The description of the IdP group.
+ groupId : str, default is Undefined, optional
+ The ID of the IdP group.
+ The ID of the IdP group.
+ groupName : str, default is Undefined, optional
+ The name of the IdP group.
+ The name of the IdP group.
+ """
+
+
+ groupDescription?: str
+
+ groupId?: str
+
+ groupName?: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecProviderConfigRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatus:
+ r"""
+ TeamSyncGroupMappingStatus defines the observed state of TeamSyncGroupMapping.
+
+ Attributes
+ ----------
+ atProvider : TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatusAtProvider
+
+ conditions?: [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatusAtProvider:
+ r"""
+ team github upbound io v1alpha1 team sync group mapping status at provider
+
+ Attributes
+ ----------
+ etag : str, default is Undefined, optional
+ etag
+ group : [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatusAtProviderGroupItems0], default is Undefined, optional
+ An Array of GitHub Identity Provider Groups (or empty []). Each group block consists of the fields documented below.
+ An Array of GitHub Identity Provider Groups (or empty []).
+ id : str, default is Undefined, optional
+ id
+ teamSlug : str, default is Undefined, optional
+ Slug of the team
+ Slug of the team.
+ """
+
+
+ etag?: str
+
+ group?: [TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatusAtProviderGroupItems0]
+
+ id?: str
+
+ teamSlug?: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatusAtProviderGroupItems0:
+ r"""
+ team github upbound io v1alpha1 team sync group mapping status at provider group items0
+
+ Attributes
+ ----------
+ groupDescription : str, default is Undefined, optional
+ The description of the IdP group.
+ The description of the IdP group.
+ groupId : str, default is Undefined, optional
+ The ID of the IdP group.
+ The ID of the IdP group.
+ groupName : str, default is Undefined, optional
+ The name of the IdP group.
+ The name of the IdP group.
+ """
+
+
+ groupDescription?: str
+
+ groupId?: str
+
+ groupName?: str
+
+
+schema TeamGithubUpboundIoV1alpha1TeamSyncGroupMappingStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1alpha1/user_github_upbound_io_v1alpha1_membership.k b/crossplane-provider-upjet-github/v1alpha1/user_github_upbound_io_v1alpha1_membership.k
new file mode 100644
index 00000000..e6879337
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1alpha1/user_github_upbound_io_v1alpha1_membership.k
@@ -0,0 +1,425 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema Membership:
+ r"""
+ Membership is the Schema for the Memberships API. Provides a GitHub membership resource.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "user.github.upbound.io/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "Membership", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : UserGithubUpboundIoV1alpha1MembershipSpec, default is Undefined, required
+ spec
+ status : UserGithubUpboundIoV1alpha1MembershipStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "user.github.upbound.io/v1alpha1" = "user.github.upbound.io/v1alpha1"
+
+ kind: "Membership" = "Membership"
+
+ metadata?: v1.ObjectMeta
+
+ spec: UserGithubUpboundIoV1alpha1MembershipSpec
+
+ status?: UserGithubUpboundIoV1alpha1MembershipStatus
+
+
+schema UserGithubUpboundIoV1alpha1MembershipSpec:
+ r"""
+ MembershipSpec defines the desired state of Membership
+
+ Attributes
+ ----------
+ deletionPolicy : str, default is "Delete", optional
+ DeletionPolicy specifies what will happen to the underlying external
+ when this managed resource is deleted - either "Delete" or "Orphan" the
+ external resource.
+ This field is planned to be deprecated in favor of the ManagementPolicies
+ field in a future release. Currently, both could be set independently and
+ non-default values would be honored if the feature flag is enabled.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ forProvider : UserGithubUpboundIoV1alpha1MembershipSpecForProvider, default is Undefined, required
+ for provider
+ initProvider : UserGithubUpboundIoV1alpha1MembershipSpecInitProvider, default is Undefined, optional
+ init provider
+ managementPolicies : [str], default is ["*"], optional
+ THIS IS A BETA FIELD. It is on by default but can be opted out
+ through a Crossplane feature flag.
+ ManagementPolicies specify the array of actions Crossplane is allowed to
+ take on the managed and external resources.
+ This field is planned to replace the DeletionPolicy field in a future
+ release. Currently, both could be set independently and non-default
+ values would be honored if the feature flag is enabled. If both are
+ custom, the DeletionPolicy field will be ignored.
+ See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+ and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+ providerConfigRef : UserGithubUpboundIoV1alpha1MembershipSpecProviderConfigRef, default is Undefined, optional
+ provider config ref
+ publishConnectionDetailsTo : UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsTo, default is Undefined, optional
+ publish connection details to
+ writeConnectionSecretToRef : UserGithubUpboundIoV1alpha1MembershipSpecWriteConnectionSecretToRef, default is Undefined, optional
+ write connection secret to ref
+ """
+
+
+ deletionPolicy?: "Orphan" | "Delete" = "Delete"
+
+ forProvider: UserGithubUpboundIoV1alpha1MembershipSpecForProvider
+
+ initProvider?: UserGithubUpboundIoV1alpha1MembershipSpecInitProvider
+
+ managementPolicies?: [str] = ["*"]
+
+ providerConfigRef?: UserGithubUpboundIoV1alpha1MembershipSpecProviderConfigRef
+
+ publishConnectionDetailsTo?: UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsTo
+
+ writeConnectionSecretToRef?: UserGithubUpboundIoV1alpha1MembershipSpecWriteConnectionSecretToRef
+
+
+schema UserGithubUpboundIoV1alpha1MembershipSpecForProvider:
+ r"""
+ user github upbound io v1alpha1 membership spec for provider
+
+ Attributes
+ ----------
+ downgradeOnDestroy : bool, default is Undefined, optional
+ Defaults to false. If set to true,
+ when this resource is destroyed, the member will not be removed
+ from the organization. Instead, the member's role will be
+ downgraded to 'member'.
+ Instead of removing the member from the org, you can choose to downgrade their membership to 'member' when this resource is destroyed. This is useful when wanting to downgrade admins while keeping them in the organization
+ role : str, default is Undefined, optional
+ The role of the user within the organization.
+ Must be one of member or admin. Defaults to member.
+ admin role represents the owner role available via GitHub UI.
+ The role of the user within the organization. Must be one of 'member' or 'admin'.
+ username : str, default is Undefined, optional
+ The user to add to the organization.
+ The user to add to the organization.
+ """
+
+
+ downgradeOnDestroy?: bool
+
+ role?: str
+
+ username?: str
+
+
+schema UserGithubUpboundIoV1alpha1MembershipSpecInitProvider:
+ r"""
+ THIS IS A BETA FIELD. It will be honored
+ unless the Management Policies feature flag is disabled.
+ InitProvider holds the same fields as ForProvider, with the exception
+ of Identifier and other resource reference fields. The fields that are
+ in InitProvider are merged into ForProvider when the resource is created.
+ The same fields are also added to the terraform ignore_changes hook, to
+ avoid updating them after creation. This is useful for fields that are
+ required on creation, but we do not desire to update them after creation,
+ for example because of an external controller is managing them, like an
+ autoscaler.
+
+ Attributes
+ ----------
+ downgradeOnDestroy : bool, default is Undefined, optional
+ Defaults to false. If set to true,
+ when this resource is destroyed, the member will not be removed
+ from the organization. Instead, the member's role will be
+ downgraded to 'member'.
+ Instead of removing the member from the org, you can choose to downgrade their membership to 'member' when this resource is destroyed. This is useful when wanting to downgrade admins while keeping them in the organization
+ role : str, default is Undefined, optional
+ The role of the user within the organization.
+ Must be one of member or admin. Defaults to member.
+ admin role represents the owner role available via GitHub UI.
+ The role of the user within the organization. Must be one of 'member' or 'admin'.
+ username : str, default is Undefined, optional
+ The user to add to the organization.
+ The user to add to the organization.
+ """
+
+
+ downgradeOnDestroy?: bool
+
+ role?: str
+
+ username?: str
+
+
+schema UserGithubUpboundIoV1alpha1MembershipSpecProviderConfigRef:
+ r"""
+ ProviderConfigReference specifies how the provider that will be used to
+ create, observe, update, and delete this managed resource should be
+ configured.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : UserGithubUpboundIoV1alpha1MembershipSpecProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: UserGithubUpboundIoV1alpha1MembershipSpecProviderConfigRefPolicy
+
+
+schema UserGithubUpboundIoV1alpha1MembershipSpecProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsTo:
+ r"""
+ PublishConnectionDetailsTo specifies the connection secret config which
+ contains a name, metadata and a reference to secret store config to
+ which any connection details for this managed resource should be written.
+ Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+
+ Attributes
+ ----------
+ configRef : UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsToConfigRef, default is Undefined, optional
+ config ref
+ metadata : UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsToMetadata, default is Undefined, optional
+ metadata
+ name : str, default is Undefined, required
+ Name is the name of the connection secret.
+ """
+
+
+ configRef?: UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsToConfigRef
+
+ metadata?: UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsToMetadata
+
+ name: str
+
+
+schema UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsToConfigRef:
+ r"""
+ SecretStoreConfigRef specifies which secret store config should be used
+ for this ConnectionSecret.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsToConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsToConfigRefPolicy
+
+
+schema UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsToConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema UserGithubUpboundIoV1alpha1MembershipSpecPublishConnectionDetailsToMetadata:
+ r"""
+ Metadata is the metadata for connection secret.
+
+ Attributes
+ ----------
+ annotations : {str:str}, default is Undefined, optional
+ Annotations are the annotations to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.annotations".
+ - It is up to Secret Store implementation for others store types.
+ labels : {str:str}, default is Undefined, optional
+ Labels are the labels/tags to be added to connection secret.
+ - For Kubernetes secrets, this will be used as "metadata.labels".
+ - It is up to Secret Store implementation for others store types.
+ $type : str, default is Undefined, optional
+ Type is the SecretType for the connection secret.
+ - Only valid for Kubernetes Secret Stores.
+ """
+
+
+ annotations?: {str:str}
+
+ labels?: {str:str}
+
+ $type?: str
+
+
+schema UserGithubUpboundIoV1alpha1MembershipSpecWriteConnectionSecretToRef:
+ r"""
+ WriteConnectionSecretToReference specifies the namespace and name of a
+ Secret to which any connection details for this managed resource should
+ be written. Connection details frequently include the endpoint, username,
+ and password required to connect to the managed resource.
+ This field is planned to be replaced in a future release in favor of
+ PublishConnectionDetailsTo. Currently, both could be set independently
+ and connection details would be published to both without affecting
+ each other.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ name: str
+
+ namespace: str
+
+
+schema UserGithubUpboundIoV1alpha1MembershipStatus:
+ r"""
+ MembershipStatus defines the observed state of Membership.
+
+ Attributes
+ ----------
+ atProvider : UserGithubUpboundIoV1alpha1MembershipStatusAtProvider, default is Undefined, optional
+ at provider
+ conditions : [UserGithubUpboundIoV1alpha1MembershipStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration is the latest metadata.generation
+ which resulted in either a ready state, or stalled due to error
+ it can not recover from without human intervention.
+ """
+
+
+ atProvider?: UserGithubUpboundIoV1alpha1MembershipStatusAtProvider
+
+ conditions?: [UserGithubUpboundIoV1alpha1MembershipStatusConditionsItems0]
+
+ observedGeneration?: int
+
+
+schema UserGithubUpboundIoV1alpha1MembershipStatusAtProvider:
+ r"""
+ user github upbound io v1alpha1 membership status at provider
+
+ Attributes
+ ----------
+ downgradeOnDestroy : bool, default is Undefined, optional
+ Defaults to false. If set to true,
+ when this resource is destroyed, the member will not be removed
+ from the organization. Instead, the member's role will be
+ downgraded to 'member'.
+ Instead of removing the member from the org, you can choose to downgrade their membership to 'member' when this resource is destroyed. This is useful when wanting to downgrade admins while keeping them in the organization
+ etag : str, default is Undefined, optional
+ etag
+ id : str, default is Undefined, optional
+ id
+ role : str, default is Undefined, optional
+ The role of the user within the organization.
+ Must be one of member or admin. Defaults to member.
+ admin role represents the owner role available via GitHub UI.
+ The role of the user within the organization. Must be one of 'member' or 'admin'.
+ username : str, default is Undefined, optional
+ The user to add to the organization.
+ The user to add to the organization.
+ """
+
+
+ downgradeOnDestroy?: bool
+
+ etag?: str
+
+ id?: str
+
+ role?: str
+
+ username?: str
+
+
+schema UserGithubUpboundIoV1alpha1MembershipStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1beta1/github_upbound_io_v1beta1_provider_config.k b/crossplane-provider-upjet-github/v1beta1/github_upbound_io_v1beta1_provider_config.k
new file mode 100644
index 00000000..f8316398
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1beta1/github_upbound_io_v1beta1_provider_config.k
@@ -0,0 +1,187 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema ProviderConfig:
+ r"""
+ ProviderConfig configures how the provider will connect to Github.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "github.upbound.io/v1beta1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "ProviderConfig", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : GithubUpboundIoV1beta1ProviderConfigSpec, default is Undefined, required
+ spec
+ status : GithubUpboundIoV1beta1ProviderConfigStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "github.upbound.io/v1beta1" = "github.upbound.io/v1beta1"
+
+ kind: "ProviderConfig" = "ProviderConfig"
+
+ metadata?: v1.ObjectMeta
+
+ spec: GithubUpboundIoV1beta1ProviderConfigSpec
+
+ status?: GithubUpboundIoV1beta1ProviderConfigStatus
+
+
+schema GithubUpboundIoV1beta1ProviderConfigSpec:
+ r"""
+ A ProviderConfigSpec defines the desired state of a ProviderConfig.
+
+ Attributes
+ ----------
+ credentials : GithubUpboundIoV1beta1ProviderConfigSpecCredentials, default is Undefined, required
+ credentials
+ """
+
+
+ credentials: GithubUpboundIoV1beta1ProviderConfigSpecCredentials
+
+
+schema GithubUpboundIoV1beta1ProviderConfigSpecCredentials:
+ r"""
+ Credentials required to authenticate to this provider.
+
+ Attributes
+ ----------
+ env : GithubUpboundIoV1beta1ProviderConfigSpecCredentialsEnv, default is Undefined, optional
+ env
+ fs : GithubUpboundIoV1beta1ProviderConfigSpecCredentialsFs, default is Undefined, optional
+ fs
+ secretRef : GithubUpboundIoV1beta1ProviderConfigSpecCredentialsSecretRef, default is Undefined, optional
+ secret ref
+ source : str, default is Undefined, required
+ Source of the provider credentials.
+ """
+
+
+ env?: GithubUpboundIoV1beta1ProviderConfigSpecCredentialsEnv
+
+ fs?: GithubUpboundIoV1beta1ProviderConfigSpecCredentialsFs
+
+ secretRef?: GithubUpboundIoV1beta1ProviderConfigSpecCredentialsSecretRef
+
+ source: "None" | "Secret" | "InjectedIdentity" | "Environment" | "Filesystem"
+
+
+schema GithubUpboundIoV1beta1ProviderConfigSpecCredentialsEnv:
+ r"""
+ Env is a reference to an environment variable that contains credentials
+ that must be used to connect to the provider.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name is the name of an environment variable.
+ """
+
+
+ name: str
+
+
+schema GithubUpboundIoV1beta1ProviderConfigSpecCredentialsFs:
+ r"""
+ Fs is a reference to a filesystem location that contains credentials that
+ must be used to connect to the provider.
+
+ Attributes
+ ----------
+ path : str, default is Undefined, required
+ Path is a filesystem path.
+ """
+
+
+ path: str
+
+
+schema GithubUpboundIoV1beta1ProviderConfigSpecCredentialsSecretRef:
+ r"""
+ A SecretRef is a reference to a secret key that contains the credentials
+ that must be used to connect to the provider.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key to select.
+ name : str, default is Undefined, required
+ Name of the secret.
+ namespace : str, default is Undefined, required
+ Namespace of the secret.
+ """
+
+
+ key: str
+
+ name: str
+
+ namespace: str
+
+
+schema GithubUpboundIoV1beta1ProviderConfigStatus:
+ r"""
+ A ProviderConfigStatus reflects the observed state of a ProviderConfig.
+
+ Attributes
+ ----------
+ conditions : [GithubUpboundIoV1beta1ProviderConfigStatusConditionsItems0], default is Undefined, optional
+ Conditions of the resource.
+ users : int, default is Undefined, optional
+ Users of this provider configuration.
+ """
+
+
+ conditions?: [GithubUpboundIoV1beta1ProviderConfigStatusConditionsItems0]
+
+ users?: int
+
+
+schema GithubUpboundIoV1beta1ProviderConfigStatusConditionsItems0:
+ r"""
+ A Condition that may apply to a resource.
+
+ Attributes
+ ----------
+ lastTransitionTime : str, default is Undefined, required
+ LastTransitionTime is the last time this condition transitioned from one
+ status to another.
+ message : str, default is Undefined, optional
+ A Message containing details about this condition's last transition from
+ one status to another, if any.
+ observedGeneration : int, default is Undefined, optional
+ ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ reason : str, default is Undefined, required
+ A Reason for this condition's last transition from one status to another.
+ status : str, default is Undefined, required
+ Status of this condition; is it currently True, False, or Unknown?
+ $type : str, default is Undefined, required
+ Type of this condition. At most one of each condition type may apply to
+ a resource at any point in time.
+ """
+
+
+ lastTransitionTime: str
+
+ message?: str
+
+ observedGeneration?: int
+
+ reason: str
+
+ status: str
+
+ $type: str
+
+
diff --git a/crossplane-provider-upjet-github/v1beta1/github_upbound_io_v1beta1_provider_config_usage.k b/crossplane-provider-upjet-github/v1beta1/github_upbound_io_v1beta1_provider_config_usage.k
new file mode 100644
index 00000000..9b8d347a
--- /dev/null
+++ b/crossplane-provider-upjet-github/v1beta1/github_upbound_io_v1beta1_provider_config_usage.k
@@ -0,0 +1,105 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema ProviderConfigUsage:
+ r"""
+ A ProviderConfigUsage indicates that a resource is using a ProviderConfig.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "github.upbound.io/v1beta1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "ProviderConfigUsage", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ providerConfigRef : GithubUpboundIoV1beta1ProviderConfigUsageProviderConfigRef, default is Undefined, required
+ provider config ref
+ resourceRef : GithubUpboundIoV1beta1ProviderConfigUsageResourceRef, default is Undefined, required
+ resource ref
+ """
+
+
+ apiVersion: "github.upbound.io/v1beta1" = "github.upbound.io/v1beta1"
+
+ kind: "ProviderConfigUsage" = "ProviderConfigUsage"
+
+ metadata?: v1.ObjectMeta
+
+ providerConfigRef: GithubUpboundIoV1beta1ProviderConfigUsageProviderConfigRef
+
+ resourceRef: GithubUpboundIoV1beta1ProviderConfigUsageResourceRef
+
+
+schema GithubUpboundIoV1beta1ProviderConfigUsageProviderConfigRef:
+ r"""
+ ProviderConfigReference to the provider config being used.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ policy : GithubUpboundIoV1beta1ProviderConfigUsageProviderConfigRefPolicy, default is Undefined, optional
+ policy
+ """
+
+
+ name: str
+
+ policy?: GithubUpboundIoV1beta1ProviderConfigUsageProviderConfigRefPolicy
+
+
+schema GithubUpboundIoV1beta1ProviderConfigUsageProviderConfigRefPolicy:
+ r"""
+ Policies for referencing.
+
+ Attributes
+ ----------
+ resolution : str, default is "Required", optional
+ Resolution specifies whether resolution of this reference is required.
+ The default is 'Required', which means the reconcile will fail if the
+ reference cannot be resolved. 'Optional' means this reference will be
+ a no-op if it cannot be resolved.
+ resolve : str, default is Undefined, optional
+ Resolve specifies when this reference should be resolved. The default
+ is 'IfNotPresent', which will attempt to resolve the reference only when
+ the corresponding field is not present. Use 'Always' to resolve the
+ reference on every reconcile.
+ """
+
+
+ resolution?: "Required" | "Optional" = "Required"
+
+ resolve?: "Always" | "IfNotPresent"
+
+
+schema GithubUpboundIoV1beta1ProviderConfigUsageResourceRef:
+ r"""
+ ResourceReference to the managed resource using the provider config.
+
+ Attributes
+ ----------
+ apiVersion : str, default is Undefined, required
+ APIVersion of the referenced object.
+ kind : str, default is Undefined, required
+ Kind of the referenced object.
+ name : str, default is Undefined, required
+ Name of the referenced object.
+ uid : str, default is Undefined, optional
+ UID of the referenced object.
+ """
+
+
+ apiVersion: str
+
+ kind: str
+
+ name: str
+
+ uid?: str
+
+
diff --git a/scripts/crd_to_kcl.sh b/scripts/crd_to_kcl.sh
index c205fbd0..9e2615cc 100755
--- a/scripts/crd_to_kcl.sh
+++ b/scripts/crd_to_kcl.sh
@@ -1,38 +1,5 @@
#!/usr/bin/env bash
-if [ "$#" -lt 1 ] || [ "$#" -gt 2 ]; then
- echo "Usage: $0 "
- exit 1
-fi
-
-REPO_URL="$1"
-VER="$2"
-
-REPO_URL_SUFFIX=$(echo $REPO_URL | sed -n 's|.*github.com/||p')
-OWNER=$(echo $REPO_URL_SUFFIX | cut -d '/' -f 1)
-REPO=$(echo $REPO_URL_SUFFIX | cut -d '/' -f 2)
-[ -z "$VER" ] && REPOVER="$REPO" || REPOVER="$REPO@$VER"
-
-export KCL_FAST_EVAL=1
-
-if [ -z "$OWNER" ] || [ -z "$REPO" ]; then
- echo "Invalid GitHub repository URL."
- exit 1
-fi
-
-# Init the kcl module
-if [ -z "$VER" ]; then
- kcl mod init $REPO
-else
- kcl mod init $REPO --version $VER
-fi
-
-cd $REPO
-
-# Get the Kubernetes CRD files
-wget "https://doc.crds.dev/raw/github.com/$OWNER/$REPOVER"
-mkdir -p crds
-mv $REPOVER crds/$REPO.yaml
# Import Kubernetes CRD to KCL files
kcl import -m crd -s ./crds/**