Skip to content

Commit

Permalink
Merge pull request k0rdent#297 from eromanova/access-management
Browse files Browse the repository at this point in the history
Access management CRDs and reconciler
  • Loading branch information
Kshatrix authored Sep 12, 2024
2 parents 81413c4 + 47ae3a9 commit 4736854
Show file tree
Hide file tree
Showing 10 changed files with 1,061 additions and 4 deletions.
86 changes: 86 additions & 0 deletions api/v1alpha1/templatechain_types.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
// Copyright 2024
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package v1alpha1

import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

// +kubebuilder:object:root=true
// +kubebuilder:resource:scope=Cluster

// ClusterTemplateChain is the Schema for the cluster template chain API
type ClusterTemplateChain struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

Spec TemplateChainSpec `json:"spec,omitempty"`
}

// +kubebuilder:object:root=true

// ClusterTemplateChainList contains a list of ClusterTemplateChain
type ClusterTemplateChainList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ClusterTemplateChain `json:"items"`
}

// +kubebuilder:object:root=true
// +kubebuilder:resource:scope=Cluster

// ServiceTemplateChain is the Schema for the service template chain API
type ServiceTemplateChain struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

Spec TemplateChainSpec `json:"spec,omitempty"`
}

// +kubebuilder:object:root=true

// ServiceTemplateChainList contains a list of ServiceTemplateChain
type ServiceTemplateChainList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ServiceTemplateChain `json:"items"`
}

// TemplateChainSpec defines the observed state of TemplateChain
type TemplateChainSpec struct {
// SupportedTemplates is the list of supported Templates definitions and all available upgrade sequences for it.
// +optional
SupportedTemplates []SupportedTemplate `json:"supportedTemplates,omitempty"`
}

// SupportedTemplate is the supported Template definition and all available upgrade sequences for it
type SupportedTemplate struct {
// Name is the name of the Template.
Name string `json:"name"`
// AvailableUpgrades is the list of available upgrades for the specified Template.
// +optional
AvailableUpgrades []AvailableUpgrade `json:"availableUpgrades,omitempty"`
}

// AvailableUpgrade is the definition of the available upgrade for the Template
type AvailableUpgrade struct {
// Name is the name of the Template to which the upgrade is available.
Name string `json:"name"`
}

func init() {
SchemeBuilder.Register(&ClusterTemplateChain{}, &ClusterTemplateChainList{})
SchemeBuilder.Register(&ServiceTemplateChain{}, &ServiceTemplateChainList{})
}
95 changes: 95 additions & 0 deletions api/v1alpha1/templatemanagement_types.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
// Copyright 2024
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package v1alpha1

import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

// +kubebuilder:object:root=true
// +kubebuilder:subresource:status
// +kubebuilder:resource:shortName=tm,scope=Cluster

// TemplateManagement is the Schema for the template management API
type TemplateManagement struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

Spec TemplateManagementSpec `json:"spec,omitempty"`
Status TemplateManagementStatus `json:"status,omitempty"`
}

// +kubebuilder:object:root=true

// TemplateManagementList contains a list of TemplateManagement
type TemplateManagementList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []TemplateManagement `json:"items"`
}

// TemplateManagementSpec defines the desired state of TemplateManagement
type TemplateManagementSpec struct {
// AccessRules is the list of access rules. Each AccessRule enforces
// Templates distribution to the TargetNamespaces.
AccessRules []AccessRule `json:"accessRules,omitempty"`
}

// AccessRule is the definition of the TemplateManagement access rule. Each AccessRule enforces
// Templates distribution to the TargetNamespaces
type AccessRule struct {
// TargetNamespaces defines the namespaces where selected Templates will be distributed.
// Templates will be distributed to all namespaces if unset.
// +optional
TargetNamespaces TargetNamespaces `json:"targetNamespaces,omitempty"`
// ClusterTemplateChains lists the names of ClusterTemplateChains whose ClusterTemplates
// will be distributed to all namespaces specified in TargetNamespaces.
// +optional
ClusterTemplateChains []string `json:"clusterTemplateChains,omitempty"`
// ServiceTemplateChains lists the names of ServiceTemplateChains whose ServiceTemplates
// will be distributed to all namespaces specified in TargetNamespaces.
// +optional
ServiceTemplateChains []string `json:"serviceTemplateChains,omitempty"`
}

// +kubebuilder:validation:XValidation:rule="((has(self.stringSelector) ? 1 : 0) + (has(self.selector) ? 1 : 0) + (has(self.list) ? 1 : 0)) <= 1", message="only one of spec.targetNamespaces.selector or spec.targetNamespaces.stringSelector spec.targetNamespaces.list can be specified"

// TargetNamespaces defines the list of namespaces or the label selector to select namespaces
type TargetNamespaces struct {
// StringSelector is a label query to select namespaces.
// Mutually exclusive with Selector.
// +optional
StringSelector string `json:"stringSelector,omitempty"`
// Selector is a structured label query to select namespaces.
// Mutually exclusive with StringSelector.
// +optional
Selector metav1.LabelSelector `json:"selector,omitempty"`
// List is the list of namespaces to select.
// +optional
List []string `json:"list,omitempty"`
}

// TemplateManagementStatus defines the observed state of TemplateManagement
type TemplateManagementStatus struct {
// ObservedGeneration is the last observed generation.
// +optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
// Current reflects the applied access rules configuration.
Current []AccessRule `json:"current,omitempty"`
}

func init() {
SchemeBuilder.Register(&TemplateManagement{}, &TemplateManagementList{})
}
Loading

0 comments on commit 4736854

Please sign in to comment.