v1alpha1

package
v0.0.0-...-109baf9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 19, 2026 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the kargo rbac v1alpha1 API group +kubebuilder:object:generate=true +groupName=rbac.kargo.akuity.io

Index

Constants

View Source 
const (
	// AnnotationKeyManaged is an annotation key that can be set on a
	// ServiceAccount, Role, or RoleBinding to indicate that it is managed by
	// Kargo.
	AnnotationKeyManaged = "rbac.kargo.akuity.io/managed"

	// AnnotationKeyOIDCClaimNamePrefix is the prefix of an annotation key that
	// can be set on a ServiceAccount to associate it with any user authenticated
	// via OIDC and having the claim indicated by the full annotation key with
	// any of the values indicated by the annotation. The value of the annotation
	// may be either a scalar string value or a comma-separated list.
	// A string representation of a JSON object in the AnnotationKeyOIDCClaims
	// is the preferred method.
	AnnotationKeyOIDCClaimNamePrefix = "rbac.kargo.akuity.io/claim."

	// AnnotationKeyOIDCClaims is an annotation key that can be set on a
	// ServiceAccount to associate it with any user authenticated via OIDC and
	// having any of the claims indicated by the value of the annotation. The
	// value is expected to be a string representation of a JSON object containing
	// claim names as keys mapped to claim values represented as lists of strings.
	//
	// For example:
	//
	//   `{"email": ["kilgore@kilgore.trout"], "groups": ["devops", "maintainers"]}`
	AnnotationKeyOIDCClaims = "rbac.kargo.akuity.io/claims"

	// AnnotationValueTrue is a value that can be set on an annotation to indicate
	// that it applies.
	AnnotationValueTrue = "true"
)
View Source 
const (
	// LabelKeyAPIToken can be used to mark a Kubernetes Secret as a
	// token for the Kargo API.
	LabelKeyAPIToken = "rbac.kargo.akuity.io/api-token" // nolint: gosec
	// LabelKeySystemRole can be used to mark a ServiceAccount in Kargo's own
	// namespace as a "system role".
	LabelKeySystemRole = "rbac.kargo.akuity.io/system-role"

	// LabelValueTrue is used to identify a label that has a value of "true".
	LabelValueTrue = "true"
)

Variables

View Source 
var (
	ErrInvalidLengthGenerated        = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowGenerated          = fmt.Errorf("proto: integer overflow")
	ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group")
)
View Source 
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{
		Group:   "rbac.kargo.akuity.io",
		Version: "v1alpha1",
	}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

func AnnotationKeyOIDCClaim 

func AnnotationKeyOIDCClaim(name string) string

func OIDCClaimNameFromAnnotationKey 

func OIDCClaimNameFromAnnotationKey(key string) (string, bool)

func OIDCClaimsFromAnnotationValues 

func OIDCClaimsFromAnnotationValues(annotations map[string]string) (map[string][]string, error)

OIDCClaimsFromAnnotationValue parses the values of the newer, preferred rbac.kargo.akuity.io/claims annotation as well as the values of older annotations with keys of the form rbac.kargo.akuity.io/claim.<name> and consolidates them into a single map of claim names to (deduped) claim values describing the set of users mapped to some ServiceAccount.

func SetOIDCClaimsAnnotation 

func SetOIDCClaimsAnnotation(sa *corev1.ServiceAccount, claims map[string][]string) error

SetOIDCClaimsAnnotation marshals the provided map of claims to claim values and writes its string representation as the value of the ServiceAccount's rbac.kargo.akuity.io/claims annotation, which is the newer, preferred method of mapping users to ServiceAccounts. This function also removes any annotations with keys of the form rbac.kargo.akuity.io/claim.<name> (the older method) from the ServiceAccount.

Types

type Claim 

type Claim struct {
	Name   string   `json:"name,omitempty" protobuf:"bytes,1,opt,name=name"`
	Values []string `json:"values,omitempty" protobuf:"bytes,2,rep,name=values"`

} // @name Claim

func (*Claim) DeepCopy 

func (in *Claim) DeepCopy() *Claim

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Claim.

func (*Claim) DeepCopyInto 

func (in *Claim) DeepCopyInto(out *Claim)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Claim) Descriptor 

func (*Claim) Descriptor() ([]byte, []int)

func (*Claim) Marshal 

func (m *Claim) Marshal() (dAtA []byte, err error)

func (*Claim) MarshalTo 

func (m *Claim) MarshalTo(dAtA []byte) (int, error)

func (*Claim) MarshalToSizedBuffer 

func (m *Claim) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Claim) ProtoMessage 

func (*Claim) ProtoMessage()

func (*Claim) Reset 

func (m *Claim) Reset()

func (*Claim) Size 

func (m *Claim) Size() (n int)

func (*Claim) String 

func (this *Claim) String() string

func (*Claim) Unmarshal 

func (m *Claim) Unmarshal(dAtA []byte) error

func (*Claim) XXX_DiscardUnknown 

func (m *Claim) XXX_DiscardUnknown()

func (*Claim) XXX_Marshal 

func (m *Claim) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Claim) XXX_Merge 

func (m *Claim) XXX_Merge(src proto.Message)

func (*Claim) XXX_Size 

func (m *Claim) XXX_Size() int

func (*Claim) XXX_Unmarshal 

func (m *Claim) XXX_Unmarshal(b []byte) error

type ResourceDetails 

type ResourceDetails struct {
	ResourceType string   `json:"resourceType,omitempty" protobuf:"bytes,1,opt,name=resourceType"`
	ResourceName string   `json:"resourceName,omitempty" protobuf:"bytes,2,opt,name=resourceName"`
	Verbs        []string `json:"verbs,omitempty" protobuf:"bytes,3,rep,name=verbs"`

} // @name ResourceDetails

func (*ResourceDetails) DeepCopy 

func (in *ResourceDetails) DeepCopy() *ResourceDetails

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceDetails.

func (*ResourceDetails) DeepCopyInto 

func (in *ResourceDetails) DeepCopyInto(out *ResourceDetails)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ResourceDetails) Descriptor 

func (*ResourceDetails) Descriptor() ([]byte, []int)

func (*ResourceDetails) Marshal 

func (m *ResourceDetails) Marshal() (dAtA []byte, err error)

func (*ResourceDetails) MarshalTo 

func (m *ResourceDetails) MarshalTo(dAtA []byte) (int, error)

func (*ResourceDetails) MarshalToSizedBuffer 

func (m *ResourceDetails) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ResourceDetails) ProtoMessage 

func (*ResourceDetails) ProtoMessage()

func (*ResourceDetails) Reset 

func (m *ResourceDetails) Reset()

func (*ResourceDetails) Size 

func (m *ResourceDetails) Size() (n int)

func (*ResourceDetails) String 

func (this *ResourceDetails) String() string

func (*ResourceDetails) Unmarshal 

func (m *ResourceDetails) Unmarshal(dAtA []byte) error

func (*ResourceDetails) XXX_DiscardUnknown 

func (m *ResourceDetails) XXX_DiscardUnknown()

func (*ResourceDetails) XXX_Marshal 

func (m *ResourceDetails) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ResourceDetails) XXX_Merge 

func (m *ResourceDetails) XXX_Merge(src proto.Message)

func (*ResourceDetails) XXX_Size 

func (m *ResourceDetails) XXX_Size() int

func (*ResourceDetails) XXX_Unmarshal 

func (m *ResourceDetails) XXX_Unmarshal(b []byte) error

type Role 

type Role struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
	KargoManaged      bool                `json:"kargoManaged,omitempty" protobuf:"varint,2,opt,name=kargoManaged"`
	Claims            []Claim             `json:"claims,omitempty" protobuf:"bytes,7,rep,name=claims"`
	Rules             []rbacv1.PolicyRule `json:"rules,omitempty" protobuf:"bytes,6,rep,name=rules"`
}

+kubebuilder:object:root=true

func (*Role) DeepCopy 

func (in *Role) DeepCopy() *Role

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Role.

func (*Role) DeepCopyInto 

func (in *Role) DeepCopyInto(out *Role)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Role) DeepCopyObject 

func (in *Role) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Role) Descriptor 

func (*Role) Descriptor() ([]byte, []int)

func (*Role) Marshal 

func (m *Role) Marshal() (dAtA []byte, err error)

func (*Role) MarshalTo 

func (m *Role) MarshalTo(dAtA []byte) (int, error)

func (*Role) MarshalToSizedBuffer 

func (m *Role) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Role) ProtoMessage 

func (*Role) ProtoMessage()

func (*Role) Reset 

func (m *Role) Reset()

func (*Role) Size 

func (m *Role) Size() (n int)

func (*Role) String 

func (this *Role) String() string

func (*Role) Unmarshal 

func (m *Role) Unmarshal(dAtA []byte) error

func (*Role) XXX_DiscardUnknown 

func (m *Role) XXX_DiscardUnknown()

func (*Role) XXX_Marshal 

func (m *Role) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Role) XXX_Merge 

func (m *Role) XXX_Merge(src proto.Message)

func (*Role) XXX_Size 

func (m *Role) XXX_Size() int

func (*Role) XXX_Unmarshal 

func (m *Role) XXX_Unmarshal(b []byte) error

type RoleResources 

type RoleResources struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
	ServiceAccount    corev1.ServiceAccount `json:"serviceAccount,omitempty" protobuf:"bytes,2,opt,name=serviceAccount"`
	Roles             []rbacv1.Role         `json:"roles,omitempty" protobuf:"bytes,3,rep,name=roles"`
	ClusterRoles      []rbacv1.ClusterRole  `json:"clusterRoles,omitempty" protobuf:"bytes,5,rep,name=clusterRoles"`
	RoleBindings      []rbacv1.RoleBinding  `json:"roleBindings,omitempty" protobuf:"bytes,4,rep,name=roleBindings"`
}

+kubebuilder:object:root=true

func (*RoleResources) DeepCopy 

func (in *RoleResources) DeepCopy() *RoleResources

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleResources.

func (*RoleResources) DeepCopyInto 

func (in *RoleResources) DeepCopyInto(out *RoleResources)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RoleResources) DeepCopyObject 

func (in *RoleResources) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*RoleResources) Descriptor 

func (*RoleResources) Descriptor() ([]byte, []int)

func (*RoleResources) Marshal 

func (m *RoleResources) Marshal() (dAtA []byte, err error)

func (*RoleResources) MarshalTo 

func (m *RoleResources) MarshalTo(dAtA []byte) (int, error)

func (*RoleResources) MarshalToSizedBuffer 

func (m *RoleResources) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RoleResources) ProtoMessage 

func (*RoleResources) ProtoMessage()

func (*RoleResources) Reset 

func (m *RoleResources) Reset()

func (*RoleResources) Size 

func (m *RoleResources) Size() (n int)

func (*RoleResources) String 

func (this *RoleResources) String() string

func (*RoleResources) Unmarshal 

func (m *RoleResources) Unmarshal(dAtA []byte) error

func (*RoleResources) XXX_DiscardUnknown 

func (m *RoleResources) XXX_DiscardUnknown()

func (*RoleResources) XXX_Marshal 

func (m *RoleResources) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RoleResources) XXX_Merge 

func (m *RoleResources) XXX_Merge(src proto.Message)

func (*RoleResources) XXX_Size 

func (m *RoleResources) XXX_Size() int

func (*RoleResources) XXX_Unmarshal 

func (m *RoleResources) XXX_Unmarshal(b []byte) error

type ServiceAccountReference 

type ServiceAccountReference struct {
	Name      string `json:"name,omitempty" protobuf:"bytes,1,opt,name=name"`
	Namespace string `json:"namespace,omitempty" protobuf:"bytes,2,opt,name=namespace"`
}

func (*ServiceAccountReference) DeepCopy 

func (in *ServiceAccountReference) DeepCopy() *ServiceAccountReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountReference.

func (*ServiceAccountReference) DeepCopyInto 

func (in *ServiceAccountReference) DeepCopyInto(out *ServiceAccountReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ServiceAccountReference) Descriptor 

func (*ServiceAccountReference) Descriptor() ([]byte, []int)

func (*ServiceAccountReference) Marshal 

func (m *ServiceAccountReference) Marshal() (dAtA []byte, err error)

func (*ServiceAccountReference) MarshalTo 

func (m *ServiceAccountReference) MarshalTo(dAtA []byte) (int, error)

func (*ServiceAccountReference) MarshalToSizedBuffer 

func (m *ServiceAccountReference) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ServiceAccountReference) ProtoMessage 

func (*ServiceAccountReference) ProtoMessage()

func (*ServiceAccountReference) Reset 

func (m *ServiceAccountReference) Reset()

func (*ServiceAccountReference) Size 

func (m *ServiceAccountReference) Size() (n int)

func (*ServiceAccountReference) String 

func (this *ServiceAccountReference) String() string

func (*ServiceAccountReference) Unmarshal 

func (m *ServiceAccountReference) Unmarshal(dAtA []byte) error

func (*ServiceAccountReference) XXX_DiscardUnknown 

func (m *ServiceAccountReference) XXX_DiscardUnknown()

func (*ServiceAccountReference) XXX_Marshal 

func (m *ServiceAccountReference) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ServiceAccountReference) XXX_Merge 

func (m *ServiceAccountReference) XXX_Merge(src proto.Message)

func (*ServiceAccountReference) XXX_Size 

func (m *ServiceAccountReference) XXX_Size() int

func (*ServiceAccountReference) XXX_Unmarshal 

func (m *ServiceAccountReference) XXX_Unmarshal(b []byte) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.