Skip to main content

cloudaccess.appvia.io/v2beta1

Package v2beta1 contains API Schema definitions for the CloudAccess API group

Exported Resource Types

CloudAccessCheck

CloudAccessCheck represents an account/project/subscription in a cloud provider which Wayfinder has access to

FieldDescription

apiVersion
string

cloudaccess.appvia.io/v2beta1

kind
string

CloudAccessCheck
metadata
Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields of the metadata field.

spec
CloudAccessCheckSpec
cloud

string

Cloud defines which cloud provider this credential is for

identifier

string

Identifier is the unique identifier for this check in the cloud provider, i.e. AWS account ID, GCP project ID, Azure subscription, etc.

cloudIdentityReference
CloudIdentityReference

CloudIdentityReference is a reference to the credential for Wayfinder to identify itself to this cloud provider when using this configuration.

cloudIdentity
CloudAccessCheckCloudIdentity

CloudIdentity defines the proposed cloud identity credentials

roles
[]CloudAccessConfigRole

Roles is a list of roles to validate

status
CloudAccessCheckStatus
CommonStatus
CommonStatus

(Members of CommonStatus are embedded into this type.)

valid

bool

Valid indicates if the identity and all provided roles are valid

identity
CloudAccessCheckStatusIdentity

Identity is the status of the existing cloud identity or the provided credentials

roles
[]CloudAccessCheckStatusRole

Roles is the status of the roles defined on the spec

CloudAccessConfig

CloudAccessConfig represents an account/project/subscription in a cloud provider which Wayfinder has access to

FieldDescription

apiVersion
string

cloudaccess.appvia.io/v2beta1

kind
string

CloudAccessConfig
metadata
Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields of the metadata field.

spec
CloudAccessConfigSpec
name

string

Name is the unique logical name for this cloud access config

description

string

Description is an optional longer human-readable description of this cloud access config to help users understand which cloud access configuration to choose.

cloud

string

Cloud defines which cloud provider this account is for

identifier

string

Identifier is the unique identifier for this account with the cloud provider, i.e. AWS account ID, GCP project ID, Azure subscription, etc.

orgIdentifier

string

OrgIdentifier is an identifier for the cloud organization, i.e. AWS master account ID, Azure tenant, GCP organization ID, etc. May be required for certain functionality on some clouds.

defaultRegion

string

DefaultRegion is an optional default region to use for API access in this account when no region is specified for the operation. This is used to determine, for example, which region to use to talk to global services such as Route53 in AWS. E.g. eu-west-2, europe-west2, uksouth

stage

string

Stage defines the stage this cloud access config will be used for in the workspace. Optional for ‘admin’ cloud access configs, required for workspace cloud access configs.

identityCred
CloudIdentityReference

IdentityCred is a reference to the credential for Wayfinder to identify itself to this cloud provider when using this configuration. Will be populated by Wayfinder with the default identity cred for this cloud if unspecified on entry.

features

[]string

Features lists the ways in which it is intended for this cloud access config to be used. This will allow the relevant set of roles to be determined.

roles
[]CloudAccessConfigRole

Roles defines the possible ways in which Wayfinder can use this cloud, along with details of how Wayfinder should identify itself (or provider-specific roles that need to be assumed) to use this account in the specified way. The set of roles required for a cloud is defined by the enabled features.

status
CloudAccessConfigStatus
CommonStatus
CommonStatus

(Members of CommonStatus are embedded into this type.)

providerStatus
ProviderStatus

ProviderStatus can be populated with provider-specific status information, particularly relevant on accounts of type managed.

features
map[string]github.com/appvia/wayfinder/tmpcrdref/pkg/apis/cloudaccess/v2beta1.CloudFeatureStatus

Features describes the status of any features specified on this cloud access config.

roles
map[string]github.com/appvia/wayfinder/tmpcrdref/pkg/apis/cloudaccess/v2beta1.CloudAccessConfigRoleStatus

Roles provides the status of each underlying required role. The keys of the map are the role names.

CloudIdentity

CloudIdentity represents an identity that Wayfinder can use to access a cloud. This represents the initial identity Wayfinder uses - it will assume into various roles from this identity as dictated by the relevant CloudAccessConfig role.

FieldDescription

apiVersion
string

cloudaccess.appvia.io/v2beta1

kind
string

CloudIdentity
metadata
Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields of the metadata field.

spec
CloudIdentitySpec
name

string

Name is a human-understandable name for this credential

cloud

string

Cloud defines which cloud provider this credential is for

implicitIdentity

bool

ImplicitIdentity specifies that any credentials are provided by the run time process environment and NOT a secret reference. Typically this means that workload identity is to be used.

implicitIdentityID

string

ImplicitIdentityID specifies any ID that the run time process environment needs to authenticate to a specific identity where more than one can be assigned to a process

credentialsInputData

map[string]string

CredentialsInputData can be used to populate the secret when creating/updating a credential. This will never be populated when the credential is returned from the API. If specified, this must include the correct set of keys for credentials for the cloud provider that CloudAccount references.

secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to the Kubernetes secret containing the actual key data for this credential. If the secret does not exist but CredentialsInputData is populated, this secret will be created. This can also be a reference to an existing secret managed outside Wayfinder. Where CredentialsInputData is specified but this is left blank, Wayfinder will assign this value.

credentialsUpdated
Kubernetes meta/v1.Time

CredentialsUpdated should be set to the current time when an underlying secret is updated. This will be automatically set to the current time if CredentialsInputData is set. If you manually change the secret outside Wayfinder, update this field to trigger re-verification of this credential.

status
CloudIdentityStatus
CommonStatus
CommonStatus

(Members of CommonStatus are embedded into this type.)

AzureIdentityStatus
AzureIdentityStatus

(Members of AzureIdentityStatus are embedded into this type.)

verified

bool

Verified checks that the credentials are ok and valid

identity

string

Identity is the unique reference to the cloud principle e.g. aws role, gcp service-account etc.

WorkloadIdentity

WorkloadIdentity represents an identity for a kubernetes workload in a specific cloud provider / cloud account

FieldDescription

apiVersion
string

cloudaccess.appvia.io/v2beta1

kind
string

WorkloadIdentity
metadata
Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields of the metadata field.

spec
WorkloadIdentitySpec
cloud

string

Cloud defines which cloud provider this workload identity is for

cloudAccessConfigRef
CloudAccessConfigReference

CloudAccessConfigRef defines which cloud access configuration to use to build this workload identity in

cluster
Ownership

Cluster is a reference to the cluster which this workload identity will be used in.

clusterServiceAccount
ClusterServiceAccount

ClusterServiceAccount is the name and namespace of the service account which will use this identity in the target cluster. Required on AWS and GCP, optional (and unused) on Azure at this time.

providerDetails
WorkloadIdentityProviderDetails

ProviderDetails provides additional fields which can be used for cloud-provider specific data needed to provision a workload identity

role
WorkloadIdentityRole

Role must be the name of a valid workload identity role known to Wayfinder Can optionally be None to indicate that no specific permissions are defined with the identity

identityOnly

bool

IdentityOnly will create an identity associated with a cluster with no specific permissions Must specify Role=None if this is true. In AWS: - An IAM role is created and associated with a specific Kubernetes service account - no inline or attached policies are managed (post creation of the IAM role) - It is a “user” responsibility to attach policies to the IAM role In Azure: - The user defined managed identity is created - No role definitions or role assignments are created - It is a “user” responsibility to create relevant role assignments

roleParameters

map[string]string

RoleParameters are any parameters required for the specified role

cloudResourceName

string

CloudResourceName specifies the name of the workload identity in the cloudaccount Can be left blank so that the name is derived from the cluster name + resource name

status
WorkloadIdentityStatus
CommonStatus
CommonStatus

(Members of CommonStatus are embedded into this type.)

identity

string

Identity contains a cloud-provider specific reference to the identity created for this resource, e.g. an AWS ARN or GCP service account email

Internal Resource Types

AWSAccountStatus

(Appears on: ProviderStatus)

AWSAccountStatus provides status specific to AWS accounts

FieldDescription
serviceCatalogProvisioningID

string

ServiceCatalogProvisioningID is the Control Tower Account Factory Service Catalog provisioning record ID. If set, creation is being tracked. Relevant only to managed AWS accounts

AWSWorkloadIdentityParameters

(Appears on: WorkloadIdentityProviderDetails)

AWSWorkloadIdentityParameters is the parameters for an AWS workload identity

FieldDescription
iamPolicies

[]string

(Optional)

IAMPolicies defines a list of (additional) IAM policies to bind to the workload identity role It is assumed that these will exist in the target AWS account for the cluster, therefore use either built-in AWS-managed policies or make sure that your process for managing policies in your accounts will always ensure these policies exist in any account this package may be deployed into. For AWS-managed policies, specify the full ARN (e.g. arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess) For self-managed policies, specify the ARN without an account ID (e.g. arn:aws:iam:::policy/myorg-policy-s3-write)

customIAMPolicy
k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON

CustomIAMPolicy defines an additional dedicated IAM policy to create and bind to this workload identity.

AzureIdentityStatus

(Appears on: CloudIdentityStatus)

FieldDescription
azureTenantID

string

AzureTenantID is the Tenant ID when known For an implicit identity, this will be detected from the environment in which Wayfinder is running.

AzureWorkloadIdentityParameters

(Appears on: WorkloadIdentityProviderDetails)

AzureWorkloadIdentityParameters is the parameters for an Azure workload identity

FieldDescription
podSelector

string

PodSelector specifies the unique string that will be set on the Identity This allows AAD Pod Identity to find the pods that are associated with it.

CloudAccessCheckCloudIdentity

(Appears on: CloudAccessCheckSpec)

FieldDescription
implicitIdentity

bool

ImplicitIdentity specifies that any credentials are provided by the run time process environment and NOT a secret reference. Typically this means that workload identity is to be used.

implicitIdentityID

string

ImplicitIdentityID specifies any ID that the run time process environment needs to authenticate to a specific identity where more than one can be assigned to a process

secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to the Kubernetes secret containing the actual key data for this credential. If the secret does not exist but CredentialsInputData is populated, this secret will be created. This can also be a reference to an existing secret managed outside Wayfinder. Where CredentialsInputData is specified but this is left blank, Wayfinder will assign this value.

credentialsInputData

map[string]string

CredentialsInputData can be used to populate the secret when creating/updating a credential. This will never be populated when the credential is returned from the API. If specified, this must include the correct set of keys for credentials for the cloud provider that CloudAccount references.

CloudAccessCheckSpec

(Appears on: CloudAccessCheck)

FieldDescription
cloud

string

Cloud defines which cloud provider this credential is for

identifier

string

Identifier is the unique identifier for this check in the cloud provider, i.e. AWS account ID, GCP project ID, Azure subscription, etc.

cloudIdentityReference
CloudIdentityReference

CloudIdentityReference is a reference to the credential for Wayfinder to identify itself to this cloud provider when using this configuration.

cloudIdentity
CloudAccessCheckCloudIdentity

CloudIdentity defines the proposed cloud identity credentials

roles
[]CloudAccessConfigRole

Roles is a list of roles to validate

CloudAccessCheckStatus

(Appears on: CloudAccessCheck)

FieldDescription
CommonStatus
CommonStatus

(Members of CommonStatus are embedded into this type.)

valid

bool

Valid indicates if the identity and all provided roles are valid

identity
CloudAccessCheckStatusIdentity

Identity is the status of the existing cloud identity or the provided credentials

roles
[]CloudAccessCheckStatusRole

Roles is the status of the roles defined on the spec

CloudAccessCheckStatusIdentity

(Appears on: CloudAccessCheckStatus)

FieldDescription
valid

bool

Valid indicates if the supplied identity is valid

message

string

Message defined a human-readable description of any problem using the identity

CloudAccessCheckStatusRole

(Appears on: CloudAccessCheckStatus)

FieldDescription
role

string

Role is the Wayfinder cloud role that this access configuration can be used for

assumeProviderRole

string

AssumeProviderRole contains a reference to the identifier that should be assumed by Wayfinder when using this account for this role, i.e. AWS ARN, GCP Service Account, Azure Role, etc.

canAccess

bool

CanAccess indicates whether or not the role is accessible

permissionsCorrect

bool

PermissionsCorrect indicates if the permissions are correct

missingPermissions

[]string

MissingPermissions indicates if the role has missing permissions

valid

bool

Valid defines whether the role is valid

message

string

Message defined a human-readable description of any problem using the identity

CloudAccessConfigReference

(Appears on: WorkloadIdentitySpec)

FieldDescription
namespace

string

name

string

CloudAccessConfigRole

(Appears on: CloudAccessCheckSpec, CloudAccessConfigSpec)

FieldDescription
role

string

Role is the Wayfinder cloud role that this access configuration can be used for

cloudResourceName

string

CloudResourceName is deprecated and no longer required Deprecated: the cloud resource name is already specified as part of the assumeProviderRole

assumeProviderRole

string

AssumeProviderRole contains a reference to the identifier that should be assumed by Wayfinder when using this account for this role, i.e. AWS ARN, GCP Service Account, Azure Role, etc.

deployedResourceHash

string

DeployedResourceHash is a checksum calculated from the role definition when created - This is set by the cli when creating the cloud resources for the role - It is used by the controller to indicate if the role setup needs to be repeated

CloudAccessConfigRoleStatus

(Appears on: CloudAccessConfigStatus)

CloudAccessConfigRoleStatus is the status of a role on a cloud access config

FieldDescription
status
RoleStatus
message

string

CloudAccessConfigSpec

(Appears on: CloudAccessConfig)

CloudAccessConfigSpec defines the specification of an account known to wayfinder

FieldDescription
name

string

Name is the unique logical name for this cloud access config

description

string

Description is an optional longer human-readable description of this cloud access config to help users understand which cloud access configuration to choose.

cloud

string

Cloud defines which cloud provider this account is for

identifier

string

Identifier is the unique identifier for this account with the cloud provider, i.e. AWS account ID, GCP project ID, Azure subscription, etc.

orgIdentifier

string

OrgIdentifier is an identifier for the cloud organization, i.e. AWS master account ID, Azure tenant, GCP organization ID, etc. May be required for certain functionality on some clouds.

defaultRegion

string

DefaultRegion is an optional default region to use for API access in this account when no region is specified for the operation. This is used to determine, for example, which region to use to talk to global services such as Route53 in AWS. E.g. eu-west-2, europe-west2, uksouth

stage

string

Stage defines the stage this cloud access config will be used for in the workspace. Optional for ‘admin’ cloud access configs, required for workspace cloud access configs.

identityCred
CloudIdentityReference

IdentityCred is a reference to the credential for Wayfinder to identify itself to this cloud provider when using this configuration. Will be populated by Wayfinder with the default identity cred for this cloud if unspecified on entry.

features

[]string

Features lists the ways in which it is intended for this cloud access config to be used. This will allow the relevant set of roles to be determined.

roles
[]CloudAccessConfigRole

Roles defines the possible ways in which Wayfinder can use this cloud, along with details of how Wayfinder should identify itself (or provider-specific roles that need to be assumed) to use this account in the specified way. The set of roles required for a cloud is defined by the enabled features.

CloudAccessConfigStatus

(Appears on: CloudAccessConfig)

CloudAccessConfigStatus defines the status of a cloud access configuration

FieldDescription
CommonStatus
CommonStatus

(Members of CommonStatus are embedded into this type.)

providerStatus
ProviderStatus

ProviderStatus can be populated with provider-specific status information, particularly relevant on accounts of type managed.

features
map[string]github.com/appvia/wayfinder/tmpcrdref/pkg/apis/cloudaccess/v2beta1.CloudFeatureStatus

Features describes the status of any features specified on this cloud access config.

roles
map[string]github.com/appvia/wayfinder/tmpcrdref/pkg/apis/cloudaccess/v2beta1.CloudAccessConfigRoleStatus

Roles provides the status of each underlying required role. The keys of the map are the role names.

CloudAccountOrOrg

CloudAccountOrOrg allows the role management functionality to operate for both cloud orgs and cloud access configs without worry

CloudFeatureStatus

(Appears on: CloudAccessConfigStatus)

CloudFeatureStatus describes the status of a cloud access feature

FieldDescription
ready

bool

Ready indicates whether this feature is ready to use.

setupRequired

bool

SetupRequired indicates this feature needs wf setup cloudaccessconfig to sort it out (i.e. one or more roles is missing, requires a provider role specifying, or requires updating). This will be false if a role is correct and specified but somehow not valid.

requiredRoles

[]string

RequiredRoles indicates the list of roles that this cloud access config needs working in order for this feature to work. Each role identified here will have an entry in status.Roles to understand the status of these underlying roles.

CloudIdentityReference

(Appears on: CloudAccessCheckSpec, CloudAccessConfigSpec)

CloudIdentityReference is a reference specifically to a cloud identity

FieldDescription
namespace

string

Namespace for the identity, specify empty for implicit credentials

name

string

Name for the credential, specify empty for implicit credentials

CloudIdentitySpec

(Appears on: CloudIdentity)

CloudIdentitySpec defines the metadata about the identity When required it will have a reference to kubernetes secret containing the credentials

FieldDescription
name

string

Name is a human-understandable name for this credential

cloud

string

Cloud defines which cloud provider this credential is for

implicitIdentity

bool

ImplicitIdentity specifies that any credentials are provided by the run time process environment and NOT a secret reference. Typically this means that workload identity is to be used.

implicitIdentityID

string

ImplicitIdentityID specifies any ID that the run time process environment needs to authenticate to a specific identity where more than one can be assigned to a process

credentialsInputData

map[string]string

CredentialsInputData can be used to populate the secret when creating/updating a credential. This will never be populated when the credential is returned from the API. If specified, this must include the correct set of keys for credentials for the cloud provider that CloudAccount references.

secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to the Kubernetes secret containing the actual key data for this credential. If the secret does not exist but CredentialsInputData is populated, this secret will be created. This can also be a reference to an existing secret managed outside Wayfinder. Where CredentialsInputData is specified but this is left blank, Wayfinder will assign this value.

credentialsUpdated
Kubernetes meta/v1.Time

CredentialsUpdated should be set to the current time when an underlying secret is updated. This will be automatically set to the current time if CredentialsInputData is set. If you manually change the secret outside Wayfinder, update this field to trigger re-verification of this credential.

CloudIdentityStatus

(Appears on: CloudIdentity)

CloudIdentityStatus represents the status of a cloud identity for account access

FieldDescription
CommonStatus
CommonStatus

(Members of CommonStatus are embedded into this type.)

AzureIdentityStatus
AzureIdentityStatus

(Members of AzureIdentityStatus are embedded into this type.)

verified

bool

Verified checks that the credentials are ok and valid

identity

string

Identity is the unique reference to the cloud principle e.g. aws role, gcp service-account etc.

ClusterServiceAccount

(Appears on: WorkloadIdentitySpec)

ClusterServiceAccount represents the identity inside the cluster that will use the workload identity

FieldDescription
namespace

string

name

string

GCPWorkloadIdentityParameters

(Appears on: WorkloadIdentityProviderDetails)

GCPWorkloadIdentityParameters is the parameters for a GCP workload identity

ProviderAccountType

(string alias) (Appears on: ProviderStatus)

ProviderAccountType represents the concrete type of account that a CloudAccessConfiguration represents

ValueDescription
"AWSAccount"

ProviderAccountTypeAWSAccount is an AWS account for running workloads

"AzureSubscription"

ProviderAccountTypeAzureSubscription is an Azure subscription for running workloads

"GCPProject"

ProviderAccountTypeGCPProject is a GCP project for running workloads

ProviderStatus

(Appears on: CloudAccessConfigStatus)

ProviderStatus provides status fields specific to a cloud provider

FieldDescription
type
ProviderAccountType
awsAccount
AWSAccountStatus		(Optional)

AWSAccount holds status specific to AWS accounts.

RoleStatus

(string alias) (Appears on: CloudAccessConfigRoleStatus)

RoleStatus is a possible status of a role on a cloud access configuration

ValueDescription
"Invalid"

RoleInvalid indicates that a specified role is not usable, for example it cannot be accessed from the identity associated with this cloud access config or does not exist

"Missing"

RoleMissing indicates that a required role for a specified feature is not set for this cloud configuration

"Pending"

RolePending indicates that the role has not yet been checked

"RequiresProviderRole"

RoleRequiresProviderRole indicates that a specified role requires an AssumeProviderRole but none has been provided

"RequiresUpdate"

RoleRequiresUpdate indicates that the permissions required for the role are not correct in the cloud provider so this role needs to be updated

"Valid"

RoleValid indicates this cloud role is ready to use

WorkloadIdentityProviderDetails

(Appears on: WorkloadIdentitySpec)

WorkloadIdentityProviderDetails provides parameters that are specific to a particular type of workload identity

FieldDescription
type
WorkloadIdentityType
aws
AWSWorkloadIdentityParameters		(Optional)

AWS holds parameters specific to AWS workload identities. Present only if type is AWS.

gcp
GCPWorkloadIdentityParameters		(Optional)

GCP holds parameters specific to GCP workload identity. Present only if type is GCP.

azure
AzureWorkloadIdentityParameters		(Optional)

Azure holds parameters specific to Azure workload identity. Present only if type is Azure.

WorkloadIdentityRole

(string alias) (Appears on: WorkloadIdentitySpec)

ValueDescription
"CertManager"

WorkloadIdentityRoleExternalDNS defines the required permissions for CertManager to function in a given cloud

"ClusterAutoscaler"

WorkloadIdentityRoleClusterAutoscaler defines the required permissions for the cluster autoscaler to function in a given cloud (only needed on AWS)

"ExternalDNS"

WorkloadIdentityRoleExternalDNS defines the required permissions for ExternalDNS to function in a given cloud

"None"

WorkloadIdentityRoleNone defines the “minimal” cloud permissions - For AWS the identity IS a role which we will add simply sts:GetCallerIdentity - For Azure no permissions are required

"TerraformExecutor"

WorkloadIdentityRoleTerraformExecutor defines the required permissions for the Terranetes controller to create and manage cloud resources

WorkloadIdentitySpec

(Appears on: WorkloadIdentity)

WorkloadIdentitySpec defines the specification of a workload identity which should be provisioned

FieldDescription
cloud

string

Cloud defines which cloud provider this workload identity is for

cloudAccessConfigRef
CloudAccessConfigReference

CloudAccessConfigRef defines which cloud access configuration to use to build this workload identity in

cluster
Ownership

Cluster is a reference to the cluster which this workload identity will be used in.

clusterServiceAccount
ClusterServiceAccount

ClusterServiceAccount is the name and namespace of the service account which will use this identity in the target cluster. Required on AWS and GCP, optional (and unused) on Azure at this time.

providerDetails
WorkloadIdentityProviderDetails

ProviderDetails provides additional fields which can be used for cloud-provider specific data needed to provision a workload identity

role
WorkloadIdentityRole

Role must be the name of a valid workload identity role known to Wayfinder Can optionally be None to indicate that no specific permissions are defined with the identity

identityOnly

bool

IdentityOnly will create an identity associated with a cluster with no specific permissions Must specify Role=None if this is true. In AWS: - An IAM role is created and associated with a specific Kubernetes service account - no inline or attached policies are managed (post creation of the IAM role) - It is a “user” responsibility to attach policies to the IAM role In Azure: - The user defined managed identity is created - No role definitions or role assignments are created - It is a “user” responsibility to create relevant role assignments

roleParameters

map[string]string

RoleParameters are any parameters required for the specified role

cloudResourceName

string

CloudResourceName specifies the name of the workload identity in the cloudaccount Can be left blank so that the name is derived from the cluster name + resource name

WorkloadIdentityStatus

(Appears on: WorkloadIdentity)

WorkloadIdentityStatus defines the status of a cloud account

FieldDescription
CommonStatus
CommonStatus

(Members of CommonStatus are embedded into this type.)

identity

string

Identity contains a cloud-provider specific reference to the identity created for this resource, e.g. an AWS ARN or GCP service account email

WorkloadIdentityType

(string alias) (Appears on: WorkloadIdentityProviderDetails)

WorkloadIdentityType represents the concrete type of a workload identity to provide

ValueDescription
"AWS"

WorkloadIdentityTypeAWS is for AWS managed workload identity

"Azure"

WorkloadIdentityTypeAzure is for Azure managed workload identity

"GCP"

WorkloadIdentityTypeGCP is for GCP managed workload identity

Last updated