Documentation ¶
Overview ¶
Package v1alpha1 contains API Schema definitions for the webservices v1alpha1 API group +kubebuilder:object:generate=true +groupName=webservices.cern.ch
Index ¶
- Constants
- Variables
- func SameSet(a []string, b []string) bool
- type AppDeletionPolicyType
- type AppRole
- type ApplicationRegistration
- func (a ApplicationRegistration) ApplicationIdentifierConvention(clusterInstanceName string) string
- func (in *ApplicationRegistration) DeepCopy() *ApplicationRegistration
- func (in *ApplicationRegistration) DeepCopyInto(out *ApplicationRegistration)
- func (in *ApplicationRegistration) DeepCopyObject() runtime.Object
- func (a ApplicationRegistration) DisplayNameConvention(clusterInstanceName string) string
- type ApplicationRegistrationList
- type ApplicationRegistrationSpec
- type ApplicationRegistrationStatus
- type BootstrapApplicationRole
- type BootstrapApplicationRoleList
- type BootstrapApplicationRoleSpec
- type BootstrapApplicationRoleStatus
- type InitialOwner
- type OIDCFlowType
- type OidcReturnURI
- type OidcReturnURIList
- type OidcReturnURISpec
- type OidcReturnURIStatus
- type ProjectLifecyclePolicy
- type ProjectLifecyclePolicyList
- type ProjectLifecyclePolicySpec
- type ProjectLifecyclePolicyStatus
- type ResourceCategoryType
- type TokenExchangePermissions
Constants ¶
const ( // Condition Types ConditionTypeRoleCreation string = "RoleCreated" // Conditions ConditionRoleBootstrappedSuccessfully string = "RoleBootstrappedSuccessfully" ConditionRoleCreating string = "RoleCreating" ConditionRoleAlreadyExists string = "RoleAlreadyExists" ConditionRoleCreationError string = "RoleCreationError" ConditionGroupLinkError string = "GroupLinkError" ConditionWaitingForLinkedGroups string = "WaitingForLinkedGroups" )
Strings for BootstrapApplicationRoleStatus.Conditions
const ( StatusMessageCreatedSuccesfully string = "Created successfully" StatusMessageAlreadyExists string = "Already existed" StatusMessageMissingGroups string = "Missing Groups: " StatusMessageGroupLinkError string = "Failed to link the following Groups: " StatusMessageWaitingNextReconciliation string = "Awaiting next reconciliation" )
List of Messages for Status
const ( // Type of the Condition in ProjectLifecyclePolicy status that indicates if policy was successfully applied ConditionTypeAppliedProjectLifecyclePolicy string = "AppliedProjectLifecyclePolicy" // Reason for the Condition in ProjectLifecyclePolicy status when policy was successfully applied ConditionReasonSuccessful string = "Successful" // Reason for the Condition in ProjectLifecyclePolicy status when policy was NOT successfully applied // because the conditions are not met for us to be able to do something. ConditionReasonCannotApply string = "CannotApply" // Reason for the Condition in ProjectLifecyclePolicy status when policy was NOT successfully applied // because we tried but someting went wrong. // NB: we could have a separate value for each failure case, but not worth the effort for the projectLifecyclePolicy. ConditionReasonFailed string = "Failed" )
strings for the conditions in status
Variables ¶
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "webservices.cern.ch", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
Types ¶
type AppDeletionPolicyType ¶
type AppDeletionPolicyType string
const ( // AppDeletionPolicyDeleteNamespace deletes parent namespace when an ApplicationRegistration's status.provisioningStatus becomes DeletedFromAPI AppDeletionPolicyDeleteNamespace AppDeletionPolicyType = "DeleteNamespace" // AppDeletionPolicyIgnoreAndPreserveNamespace does nothing when an ApplicationRegistration's status.provisioningStatus becomes DeletedFromAPI AppDeletionPolicyIgnoreAndPreserveNamespace AppDeletionPolicyType = "IgnoreAndPreserveNamespace" // AppDeletionPolicyBlockAndDeleteAfterGracePeriod will mark the namespace as "soft deleted", having a behavior similar to blocked, when an ApplicationRegistration's status.provisioningStatus becomes DeletedFromAPI // Operator should block website similar to normal block procedure: https://okd-internal.docs.cern.ch/operations/project-blocking/ // More info: https://gitlab.cern.ch/webservices/webframeworks-planning/-/issues/1115 AppDeletionPolicyBlockAndDeleteAfterGracePeriod AppDeletionPolicyType = "BlockAndDeleteAfterGracePeriod" )
type AppRole ¶
type AppRole struct { Name string `json:"name"` Required bool `json:"required"` ApplyToAllUsers bool `json:"applyToAllUsers"` Description string `json:"description"` DisplayName string `json:"displayName"` MinLoA int `json:"minimumLevelOfAssurance"` }
AppRole is the Application role created by default together with the application.
func (*AppRole) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppRole.
func (*AppRole) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ApplicationRegistration ¶
type ApplicationRegistration struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec ApplicationRegistrationSpec `json:"spec,omitempty"` Status ApplicationRegistrationStatus `json:"status,omitempty"` }
ApplicationRegistration creates and maintains the Application and OIDC registration objects in the AuthzAPI. More info: https://gitlab.cern.ch/paas-tools/operators/authz-operator#applicationregistration
func (ApplicationRegistration) ApplicationIdentifierConvention ¶
func (a ApplicationRegistration) ApplicationIdentifierConvention(clusterInstanceName string) string
ApplicationIdentifierConvention implements the naming convention {ApplicationName -> ApplicationIdentifier}
func (*ApplicationRegistration) DeepCopy ¶
func (in *ApplicationRegistration) DeepCopy() *ApplicationRegistration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationRegistration.
func (*ApplicationRegistration) DeepCopyInto ¶
func (in *ApplicationRegistration) DeepCopyInto(out *ApplicationRegistration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ApplicationRegistration) DeepCopyObject ¶
func (in *ApplicationRegistration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (ApplicationRegistration) DisplayNameConvention ¶
func (a ApplicationRegistration) DisplayNameConvention(clusterInstanceName string) string
DisplayNameConvention implements the naming convention {ApplicationName -> DisplayName}
type ApplicationRegistrationList ¶
type ApplicationRegistrationList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ApplicationRegistration `json:"items"` }
ApplicationRegistrationList contains a list of ApplicationRegistration
func (*ApplicationRegistrationList) DeepCopy ¶
func (in *ApplicationRegistrationList) DeepCopy() *ApplicationRegistrationList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationRegistrationList.
func (*ApplicationRegistrationList) DeepCopyInto ¶
func (in *ApplicationRegistrationList) DeepCopyInto(out *ApplicationRegistrationList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ApplicationRegistrationList) DeepCopyObject ¶
func (in *ApplicationRegistrationList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ApplicationRegistrationSpec ¶
type ApplicationRegistrationSpec struct { // ApplicationName is used to construct the Application's "display name" following a naming convention: // `Web frameworks site <applicationName> (<instance>)` (see also https://gitlab.cern.ch/paas-tools/operators/authz-operator/issues/5 ). // +kubebuilder:validation:Required // +kubebuilder:validation:MinLength=1 ApplicationName string `json:"applicationName" valid:"matches(^[0-9a-z_\\-]+$),length(1|100)"` // Description defines the purpose of the App. // As of August 2023, the pattern used matches the expected API pattern from the Auth Service. // +kubebuilder:validation:Required // +kubebuilder:validation:Pattern=`\w+` Description string `json:"description"` // HomePage points to the app's homepage // +optional HomePage string `json:"homePage,omitempty"` // InitialOwner is the owner defined at creation time; can then be modified at the application portal // +kubebuilder:validation:Required InitialOwner `json:"initialOwner"` // InitialResourceCategory sets the desired resourceCategory on creation of the application registration // in the application portal. After creation, the category is managed by the owner in the portal. // - Default: "Test" (see https://gitlab.cern.ch/webservices/webframeworks-planning/-/issues/888 ) // +kubebuilder:validation:Enum="Test";"Personal";"Official" // +kubebuilder:default:="Test" InitialResourceCategory ResourceCategoryType `json:"initialResourceCategory"` // DisplayName is the user-facing name of the ApplicationRegistration as stored in the Authzsvc API // +optional DisplayName string `json:"displayName,omitempty"` // ApplicationIdentifier is the client ID for keycloak. It is auto-generated by the operator following a naming convention, // Name convention: `webframeworks-<instance>-<applicationName>` (see also https://gitlab.cern.ch/paas-tools/operators/authz-operator/issues/5 ) // +optional ApplicationIdentifier string `json:"applicationIdentifier,omitempty" valid:"matches(^[a-z][0-9a-z_\\-][0-9a-z_\\-]+$),length(3|127)"` }
ApplicationRegistrationSpec defines the desired state of ApplicationRegistration. For details for fields set on the Authz API, see https://authorization-service-api.web.cern.ch/swagger/index.html
func (*ApplicationRegistrationSpec) DeepCopy ¶
func (in *ApplicationRegistrationSpec) DeepCopy() *ApplicationRegistrationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationRegistrationSpec.
func (*ApplicationRegistrationSpec) DeepCopyInto ¶
func (in *ApplicationRegistrationSpec) DeepCopyInto(out *ApplicationRegistrationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ApplicationRegistrationStatus ¶
type ApplicationRegistrationStatus struct { // ProvisioningStatus shows whether: // - Created: the ApplicationRegistration has been successfully provisioned // - Creating: provisioning is still in progress (including any potentially transient errors // from the Authorization API where reconciliation will be reattempted, like // the API not responding or 5xx HTTP errors) // - ProvisioningError: provisioning has failed and won't be retried; look at ErrorMessage for details. // It is set for permanent errors, such as name conflicts, invalid initialOwner, 4xx HTTP errors. // +kubebuilder:validation:Enum="Created";"Creating";"ProvisioningError";"DeletedFromAPI" ProvisioningStatus string `json:"provisioningStatus,omitempty"` // ErrorMessage will be set in the event of a terminal error reconciling (or provisioning) the // ApplicationRegistration with a human-readable message. // This won't be set for transient errors where reconciliation will be reattempted. // Error messages originating from the API returned as-is // +optional ErrorMessage string `json:"errorMessage,omitempty"` // ErrorReason will be set in the event of a terminal error reconciling (or provisioning) the // ApplicationRegistration with a machine-readable message. // This won't be set for transient errors where reconciliation will be reattempted. // +optional // +kubebuilder:validation:Enum={"ApplicationAlreadyExists","InvalidSpec","k8sAPIClientError", "AuthzAPIClientError","AuthzAPIError","AuthzAPIPermanentError","AuthzAPIInvalidResponse","OwnerNotFound","AuthzsvcApiError","Creating","InvalidOwner","AssociatedApplicationNotFound"} ErrorReason string `json:"errorReason,omitempty"` // ID is the Unique Identifier of the AplicationRegistration in the Authzsvc API, (This name didn't expect multiple IDs on the Status, therefore the generic ID name) // +optional ID string `json:"id,omitempty"` // CurrentOwnerUsername is the current owner's UPN read from the Application Portal // +optional CurrentOwnerUsername string `json:"currentOwnerUsername,omitempty"` // CurrentAdminGroup is read from the Application Portal // +optional CurrentAdminGroup string `json:"currentAdminGroup,omitempty"` // CurrentResourceCategory is read from the Application Portal // +optional CurrentResourceCategory ResourceCategoryType `json:"currentResourceCategory,omitempty"` // CurrentDescription is read from the Application Portal // +optional CurrentDescription string `json:"currentDescription,omitempty"` // CurrentEnabledStatus shows whether the application is currently enabled // +optional CurrentEnabledStatus bool `json:"currentEnabledStatus,omitempty"` // CurrentDepartement indicates which CERN department the project owner belongs to // +optional CurrentGroup string `json:"currentGroup,omitempty"` // CurrentGroup indicates which CERN group the project owner belongs to // +optional CurrentDepartment string `json:"currentDepartment,omitempty"` // RegistrationID is the identity of the oidc registration of the application in the Authorization service API // +optional RegistrationID string `json:"registrationId,omitempty"` // OIDCEnabled is a flag to know if the OIDC credentials are enabled // +optional OIDCEnabled bool `json:"OIDCEnabled,omitempty"` // +optional TokenExchangePermissions `json:"tokenExchangePermissions,omitempty"` // ClientCredentialsSecret is the name of the k8s secret holding the OIDC client credentials // +optional ClientCredentialsSecret string `json:"clientCredentialsSecret,omitempty"` // RedirectURIs is the URI where users will be redirected after authenticating to the IdP during the OIDC flows // +optional RedirectURIs []string `json:"redirectURIs,omitempty"` }
ApplicationRegistrationStatus defines the observed state of ApplicationRegistration
func (*ApplicationRegistrationStatus) DeepCopy ¶
func (in *ApplicationRegistrationStatus) DeepCopy() *ApplicationRegistrationStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationRegistrationStatus.
func (*ApplicationRegistrationStatus) DeepCopyInto ¶
func (in *ApplicationRegistrationStatus) DeepCopyInto(out *ApplicationRegistrationStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BootstrapApplicationRole ¶
type BootstrapApplicationRole struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec BootstrapApplicationRoleSpec `json:"spec,omitempty"` Status BootstrapApplicationRoleStatus `json:"status,omitempty"` }
BootstrapApplicationRole creates but does not maintain Roles to the existing Application in the same namespace in the AuthzAPI. More info: https://gitlab.cern.ch/paas-tools/operators/authz-operator#bootstrapapplicationrole
func (*BootstrapApplicationRole) DeepCopy ¶
func (in *BootstrapApplicationRole) DeepCopy() *BootstrapApplicationRole
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BootstrapApplicationRole.
func (*BootstrapApplicationRole) DeepCopyInto ¶
func (in *BootstrapApplicationRole) DeepCopyInto(out *BootstrapApplicationRole)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*BootstrapApplicationRole) DeepCopyObject ¶
func (in *BootstrapApplicationRole) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type BootstrapApplicationRoleList ¶
type BootstrapApplicationRoleList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []BootstrapApplicationRole `json:"items"` }
BootstrapApplicationRoleList contains a list of BootstrapApplicationRole
func (*BootstrapApplicationRoleList) DeepCopy ¶
func (in *BootstrapApplicationRoleList) DeepCopy() *BootstrapApplicationRoleList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BootstrapApplicationRoleList.
func (*BootstrapApplicationRoleList) DeepCopyInto ¶
func (in *BootstrapApplicationRoleList) DeepCopyInto(out *BootstrapApplicationRoleList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*BootstrapApplicationRoleList) DeepCopyObject ¶
func (in *BootstrapApplicationRoleList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type BootstrapApplicationRoleSpec ¶
type BootstrapApplicationRoleSpec struct { // The equivalent of "Role Identifier" of the Role in the Application Portal // This field will be // The Name field must start with a lowercase letter, can contain only lowercase letters, numbers, dashes and underscores, and must be between 3 and 64 characters long. // +kubebuilder:validation:Required Name string `json:"name"` // DisplayName represents the "Role Name" of the Role in the Application Portal // This field is required in order for the Role to be created // +kubebuilder:validation:Required DisplayName string `json:"displayName"` // Description of the ApplicationRegistration, represents the "Description" in the Application Portal // Brief description, required for Role creation // +kubebuilder:validation:Required Description string `json:"description"` // Flag to know if the role is required to access the Application // +kubebuilder:validation:Required RoleRequired bool `json:"required"` // MultifactorRequired allows to enable multifactor authentication // (From Application Portal): If checked, users must authenticate with Multifactor Authentication to be granted this role // +kubebuilder:validation:Required MultifactorRequired bool `json:"multifactorRequired"` // (From Application Portal): if checked, this role will applied to all authenticated users, regardless of them belonging to any group or not. // Use this option to define a role that is based only on the value of the Minimum Level of Assurance and/or usage of Multifactor authentication. // +kubebuilder:validation:Required ApplyToAllUsers bool `json:"applyToAllUsers"` // Level of assurance defines the accepted authentication providers, ranging from CERN identities (highest) to social accounts (public, therefore lowest) // Default: 4 // +kubebuilder:validation:Required MinLevelOfAssurance int `json:"minLevelOfAssurance"` // List of CERN Groups that are going to be bound to the created Application Role // +kubebuilder:validation:Optional LinkedGroups []string `json:"linkedGroups"` }
BootstrapApplicationRoleSpec defines the desired state of BootstrapApplicationRole
func (*BootstrapApplicationRoleSpec) DeepCopy ¶
func (in *BootstrapApplicationRoleSpec) DeepCopy() *BootstrapApplicationRoleSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BootstrapApplicationRoleSpec.
func (*BootstrapApplicationRoleSpec) DeepCopyInto ¶
func (in *BootstrapApplicationRoleSpec) DeepCopyInto(out *BootstrapApplicationRoleSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BootstrapApplicationRoleStatus ¶
type BootstrapApplicationRoleStatus struct { // +kubebuilder:validation:type=string // +optional RoleID string `json:"id"` // +kubebuilder:validation:type=array // +optional Conditions []metav1.Condition `json:"conditions,omitempty"` }
BootstrapApplicationRoleStatus defines the observed state of BootstrapApplicationRole
func (*BootstrapApplicationRoleStatus) DeepCopy ¶
func (in *BootstrapApplicationRoleStatus) DeepCopy() *BootstrapApplicationRoleStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BootstrapApplicationRoleStatus.
func (*BootstrapApplicationRoleStatus) DeepCopyInto ¶
func (in *BootstrapApplicationRoleStatus) DeepCopyInto(out *BootstrapApplicationRoleStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type InitialOwner ¶
type InitialOwner struct { // username is the owner's CERN username // +kubebuilder:validation:Required // +kubebuilder:validation:MinLength=1 Username string `json:"username"` }
InitialOwner is the owner of the resource at creation time
func (*InitialOwner) DeepCopy ¶
func (in *InitialOwner) DeepCopy() *InitialOwner
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialOwner.
func (*InitialOwner) DeepCopyInto ¶
func (in *InitialOwner) DeepCopyInto(out *InitialOwner)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OIDCFlowType ¶
type OIDCFlowType string
const ( OIDCFlowImplicit OIDCFlowType = "Implicit" OIDCFlowAuthorizationCode OIDCFlowType = "AuthorizationCode" OIDCFlowClientCredentials OIDCFlowType = "ClientCredentials" )
type OidcReturnURI ¶
type OidcReturnURI struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec OidcReturnURISpec `json:"spec,omitempty"` Status OidcReturnURIStatus `json:"status,omitempty"` }
OIDC return URIs are the valid addresses where the Identity Provider (keycloak) is allowed to redirect the user after successful authentication. More info: https://gitlab.cern.ch/paas-tools/operators/authz-operator#oidcreturnuri
func (*OidcReturnURI) DeepCopy ¶
func (in *OidcReturnURI) DeepCopy() *OidcReturnURI
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OidcReturnURI.
func (*OidcReturnURI) DeepCopyInto ¶
func (in *OidcReturnURI) DeepCopyInto(out *OidcReturnURI)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*OidcReturnURI) DeepCopyObject ¶
func (in *OidcReturnURI) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type OidcReturnURIList ¶
type OidcReturnURIList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []OidcReturnURI `json:"items"` }
OidcReturnURIList contains a list of OidcReturnURI
func (*OidcReturnURIList) DeepCopy ¶
func (in *OidcReturnURIList) DeepCopy() *OidcReturnURIList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OidcReturnURIList.
func (*OidcReturnURIList) DeepCopyInto ¶
func (in *OidcReturnURIList) DeepCopyInto(out *OidcReturnURIList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*OidcReturnURIList) DeepCopyObject ¶
func (in *OidcReturnURIList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type OidcReturnURISpec ¶
type OidcReturnURISpec struct { // RedirectURI is an OIDC redirect URI for the ApplicationRegistration in the same namespace RedirectURI string `json:"redirectURI,omitempty" valid:"url"` }
OidcReturnURISpec defines the desired state of OidcReturnURI
func (*OidcReturnURISpec) DeepCopy ¶
func (in *OidcReturnURISpec) DeepCopy() *OidcReturnURISpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OidcReturnURISpec.
func (*OidcReturnURISpec) DeepCopyInto ¶
func (in *OidcReturnURISpec) DeepCopyInto(out *OidcReturnURISpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OidcReturnURIStatus ¶
type OidcReturnURIStatus struct { }
OidcReturnURIStatus defines the observed state of OidcReturnURI
func (*OidcReturnURIStatus) DeepCopy ¶
func (in *OidcReturnURIStatus) DeepCopy() *OidcReturnURIStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OidcReturnURIStatus.
func (*OidcReturnURIStatus) DeepCopyInto ¶
func (in *OidcReturnURIStatus) DeepCopyInto(out *OidcReturnURIStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProjectLifecyclePolicy ¶
type ProjectLifecyclePolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec ProjectLifecyclePolicySpec `json:"spec,omitempty"` Status ProjectLifecyclePolicyStatus `json:"status,omitempty"` }
ProjectLifecyclePolicy controls how the authz-operator applies changes to lifecycle-related properties of the application in the AuthzAPI to the OKD project/namespace containing an `ApplicationRegistration`. More info: https://gitlab.cern.ch/paas-tools/operators/authz-operator#projectlifecyclepolicy
func (*ProjectLifecyclePolicy) DeepCopy ¶
func (in *ProjectLifecyclePolicy) DeepCopy() *ProjectLifecyclePolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectLifecyclePolicy.
func (*ProjectLifecyclePolicy) DeepCopyInto ¶
func (in *ProjectLifecyclePolicy) DeepCopyInto(out *ProjectLifecyclePolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ProjectLifecyclePolicy) DeepCopyObject ¶
func (in *ProjectLifecyclePolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ProjectLifecyclePolicyList ¶
type ProjectLifecyclePolicyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ProjectLifecyclePolicy `json:"items"` }
ProjectLifecyclePolicyList contains a list of ProjectLifecyclePolicy
func (*ProjectLifecyclePolicyList) DeepCopy ¶
func (in *ProjectLifecyclePolicyList) DeepCopy() *ProjectLifecyclePolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectLifecyclePolicyList.
func (*ProjectLifecyclePolicyList) DeepCopyInto ¶
func (in *ProjectLifecyclePolicyList) DeepCopyInto(out *ProjectLifecyclePolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ProjectLifecyclePolicyList) DeepCopyObject ¶
func (in *ProjectLifecyclePolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ProjectLifecyclePolicySpec ¶
type ProjectLifecyclePolicySpec struct { // The ClusterRole that should be granted to the Application's owner and administrator group // in the RoleBinding identified by ApplicationOwnerRoleBindingName. // The authz-operator serviceaccount MUST itself have this cluster role so it can grant it to other users! // If not specified, then no RoleBinding is created. // +optional ApplicationOwnerClusterRole string `json:"applicationOwnerClusterRole,omitempty"` // Name of a RoleBinding whose members should be set to the value of ApplicationRegistration's status.CurrentOwnerUsername // and (if present) status.CurrentAdminGroup. // Any other member will be removed from the RoleBinding. // +kubebuilder:default:="application-owner" ApplicationOwnerRoleBindingName string `json:"applicationOwnerRoleBindingName"` // Policy when the ApplicationRegistration's status.provisioningStatus becomes DeletedFromAPI, // i.e. the application was deleted from the Application Portal. // If DeleteNamespace, the parent namespace/project containing the ApplicationRegistration is deleted. // +kubebuilder:validation:Enum="IgnoreAndPreserveNamespace";"DeleteNamespace";"BlockAndDeleteAfterGracePeriod" // +kubebuilder:default:="IgnoreAndPreserveNamespace" ApplicationDeletedFromAuthApiPolicy AppDeletionPolicyType `json:"applicationDeletedFromAuthApiPolicy"` // Generate a link to the application's management page in the application portal. // This is created as a ConsoleLink in the NamespaceDashboard (the only type of link // that can be specified per namespace). // +optional ApplicationPortalManagementLink bool `json:"applicationPortalConsoleLink,omitempty"` // Generate a link showing current application's category in the app portal // with link to the application's management page to update category. // This is created as a ConsoleLink in the NamespaceDashboard (the only type of link // that can be specified per namespace). // +optional ApplicationCategoryLink bool `json:"applicationCategoryLink,omitempty"` // Sync the parent Openshift project's metadata (annotations and labels) with the information from the Application Portal. // Description goes to the standard Openshift annotation for project description. Owner, Admin Group and category are // exposed with custom labels. // +optional // +kubebuilder:default:=true SyncProjectMetadata bool `json:"syncProjectMetadata,omitempty"` }
ProjectLifecyclePolicySpec defines the desired state of ProjectLifecyclePolicy
func (*ProjectLifecyclePolicySpec) DeepCopy ¶
func (in *ProjectLifecyclePolicySpec) DeepCopy() *ProjectLifecyclePolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectLifecyclePolicySpec.
func (*ProjectLifecyclePolicySpec) DeepCopyInto ¶
func (in *ProjectLifecyclePolicySpec) DeepCopyInto(out *ProjectLifecyclePolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProjectLifecyclePolicyStatus ¶
type ProjectLifecyclePolicyStatus struct { // Conditions represent the latest available observations of an object's state Conditions []metav1.Condition `json:"conditions"` }
ProjectLifecyclePolicyStatus defines the observed state of ProjectLifecyclePolicy
func (*ProjectLifecyclePolicyStatus) DeepCopy ¶
func (in *ProjectLifecyclePolicyStatus) DeepCopy() *ProjectLifecyclePolicyStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectLifecyclePolicyStatus.
func (*ProjectLifecyclePolicyStatus) DeepCopyInto ¶
func (in *ProjectLifecyclePolicyStatus) DeepCopyInto(out *ProjectLifecyclePolicyStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResourceCategoryType ¶
type ResourceCategoryType string
const ( // The application portal defines these 4 values ResourceCategoryUndefined ResourceCategoryType = "Undefined" ResourceCategoryTest ResourceCategoryType = "Test" ResourceCategoryPersonal ResourceCategoryType = "Personal" ResourceCategoryOfficial ResourceCategoryType = "Official" )
type TokenExchangePermissions ¶
type TokenExchangePermissions struct { // requests are the Application identifiers for which token exchange permissions are requested // +optional Requests []string `json:"requests,omitempty"` // allowed are the Application identifiers for which token exchange is allowed (has been granted by the corresponding application) // +optional Allowed []string `json:"allowed,omitempty"` }
TokenExchangePermissions lists applications for which token exchange permissions have been requested or allowed
func (*TokenExchangePermissions) DeepCopy ¶
func (in *TokenExchangePermissions) DeepCopy() *TokenExchangePermissions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenExchangePermissions.
func (*TokenExchangePermissions) DeepCopyInto ¶
func (in *TokenExchangePermissions) DeepCopyInto(out *TokenExchangePermissions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.