v1alpha1

package
v0.0.0-...-29a7b8b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 19, 2024 License: Apache-2.0 Imports: 4 Imported by: 4

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the webservices v1alpha1 API group +kubebuilder:object:generate=true +groupName=webservices.cern.ch

Index

Constants

View Source 
const (
	// Condition Types
	ConditionTypeRoleCreation string = "RoleCreated"
	// Conditions
	ConditionRoleBootstrappedSuccessfully string = "RoleBootstrappedSuccessfully"
	ConditionRoleCreating                 string = "RoleCreating"
	ConditionRoleAlreadyExists            string = "RoleAlreadyExists"
	ConditionRoleCreationError            string = "RoleCreationError"
	ConditionGroupLinkError               string = "GroupLinkError"
	ConditionWaitingForLinkedGroups       string = "WaitingForLinkedGroups"
)

Strings for BootstrapApplicationRoleStatus.Conditions

View Source 
const (
	StatusMessageCreatedSuccesfully        string = "Created successfully"
	StatusMessageAlreadyExists             string = "Already existed"
	StatusMessageMissingGroups             string = "Missing Groups: "
	StatusMessageGroupLinkError            string = "Failed to link the following Groups: "
	StatusMessageWaitingNextReconciliation string = "Awaiting next reconciliation"
)

List of Messages for Status

View Source 
const (
	// Type of the Condition in ProjectLifecyclePolicy status that indicates if policy was successfully applied
	ConditionTypeAppliedProjectLifecyclePolicy string = "AppliedProjectLifecyclePolicy"
	// Reason for the Condition in ProjectLifecyclePolicy status when policy was successfully applied
	ConditionReasonSuccessful string = "Successful"
	// Reason for the Condition in ProjectLifecyclePolicy status when policy was NOT successfully applied
	// because the conditions are not met for us to be able to do something.
	ConditionReasonCannotApply string = "CannotApply"
	// Reason for the Condition in ProjectLifecyclePolicy status when policy was NOT successfully applied
	// because we tried but someting went wrong.
	// NB: we could have a separate value for each failure case, but not worth the effort for the projectLifecyclePolicy.
	ConditionReasonFailed string = "Failed"
)

strings for the conditions in status

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "webservices.cern.ch", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

func SameSet 

func SameSet(a []string, b []string) bool

SameSet asserts whether 2 []string contain the same elements, disregarding order/multiplicity (set equality)

Types

type AppDeletionPolicyType 

type AppDeletionPolicyType string
const (
	// AppDeletionPolicyDeleteNamespace deletes parent namespace when an ApplicationRegistration's status.provisioningStatus becomes DeletedFromAPI
	AppDeletionPolicyDeleteNamespace AppDeletionPolicyType = "DeleteNamespace"
	// AppDeletionPolicyIgnoreAndPreserveNamespace does nothing when an ApplicationRegistration's status.provisioningStatus becomes DeletedFromAPI
	AppDeletionPolicyIgnoreAndPreserveNamespace AppDeletionPolicyType = "IgnoreAndPreserveNamespace"
	// AppDeletionPolicyBlockAndDeleteAfterGracePeriod will mark the namespace as "soft deleted", having a behavior similar to blocked, when an ApplicationRegistration's status.provisioningStatus becomes DeletedFromAPI
	// Operator should block website similar to normal block procedure: https://okd-internal.docs.cern.ch/operations/project-blocking/
	// More info: https://gitlab.cern.ch/webservices/webframeworks-planning/-/issues/1115
	AppDeletionPolicyBlockAndDeleteAfterGracePeriod AppDeletionPolicyType = "BlockAndDeleteAfterGracePeriod"
)

type AppRole 

type AppRole struct {
	Name            string `json:"name"`
	Required        bool   `json:"required"`
	ApplyToAllUsers bool   `json:"applyToAllUsers"`
	Description     string `json:"description"`
	DisplayName     string `json:"displayName"`
	MinLoA          int    `json:"minimumLevelOfAssurance"`
}

AppRole is the Application role created by default together with the application.

func (*AppRole) DeepCopy 

func (in *AppRole) DeepCopy() *AppRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppRole.

func (*AppRole) DeepCopyInto 

func (in *AppRole) DeepCopyInto(out *AppRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ApplicationRegistration 

type ApplicationRegistration struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ApplicationRegistrationSpec   `json:"spec,omitempty"`
	Status ApplicationRegistrationStatus `json:"status,omitempty"`
}

ApplicationRegistration creates and maintains the Application and OIDC registration objects in the AuthzAPI. More info: https://gitlab.cern.ch/paas-tools/operators/authz-operator#applicationregistration

func (ApplicationRegistration) ApplicationIdentifierConvention 

func (a ApplicationRegistration) ApplicationIdentifierConvention(clusterInstanceName string) string

ApplicationIdentifierConvention implements the naming convention {ApplicationName -> ApplicationIdentifier}

func (*ApplicationRegistration) DeepCopy 

func (in *ApplicationRegistration) DeepCopy() *ApplicationRegistration

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationRegistration.

func (*ApplicationRegistration) DeepCopyInto 

func (in *ApplicationRegistration) DeepCopyInto(out *ApplicationRegistration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ApplicationRegistration) DeepCopyObject 

func (in *ApplicationRegistration) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (ApplicationRegistration) DisplayNameConvention 

func (a ApplicationRegistration) DisplayNameConvention(clusterInstanceName string) string

DisplayNameConvention implements the naming convention {ApplicationName -> DisplayName}

type ApplicationRegistrationList 

type ApplicationRegistrationList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ApplicationRegistration `json:"items"`
}

ApplicationRegistrationList contains a list of ApplicationRegistration

func (*ApplicationRegistrationList) DeepCopy 

func (in *ApplicationRegistrationList) DeepCopy() *ApplicationRegistrationList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationRegistrationList.

func (*ApplicationRegistrationList) DeepCopyInto 

func (in *ApplicationRegistrationList) DeepCopyInto(out *ApplicationRegistrationList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ApplicationRegistrationList) DeepCopyObject 

func (in *ApplicationRegistrationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ApplicationRegistrationSpec 

type ApplicationRegistrationSpec struct {
	// ApplicationName is used to construct the Application's "display name" following a naming convention:
	// `Web frameworks site <applicationName> (<instance>)` (see also https://gitlab.cern.ch/paas-tools/operators/authz-operator/issues/5 ).
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	ApplicationName string `json:"applicationName" valid:"matches(^[0-9a-z_\\-]+$),length(1|100)"`
	// Description defines the purpose of the App.
	// As of August 2023, the pattern used matches the expected API pattern from the Auth Service.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Pattern=`\w+`
	Description string `json:"description"`
	// HomePage points to the app's homepage
	// +optional
	HomePage string `json:"homePage,omitempty"`
	// InitialOwner is the owner defined at creation time; can then be modified at the application portal
	// +kubebuilder:validation:Required
	InitialOwner `json:"initialOwner"`
	// InitialResourceCategory sets the desired resourceCategory on creation of the application registration
	// in the application portal. After creation, the category is managed by the owner in the portal.
	// - Default: "Test"  (see https://gitlab.cern.ch/webservices/webframeworks-planning/-/issues/888 )
	// +kubebuilder:validation:Enum="Test";"Personal";"Official"
	// +kubebuilder:default:="Test"
	InitialResourceCategory ResourceCategoryType `json:"initialResourceCategory"`
	// DisplayName is the user-facing name of the ApplicationRegistration as stored in the Authzsvc API
	// +optional
	DisplayName string `json:"displayName,omitempty"`
	// ApplicationIdentifier is the client ID for keycloak. It is auto-generated by the operator following a naming convention,
	// Name convention: `webframeworks-<instance>-<applicationName>` (see also https://gitlab.cern.ch/paas-tools/operators/authz-operator/issues/5 )
	// +optional
	ApplicationIdentifier string `json:"applicationIdentifier,omitempty" valid:"matches(^[a-z][0-9a-z_\\-][0-9a-z_\\-]+$),length(3|127)"`
}

ApplicationRegistrationSpec defines the desired state of ApplicationRegistration. For details for fields set on the Authz API, see https://authorization-service-api.web.cern.ch/swagger/index.html

func (*ApplicationRegistrationSpec) DeepCopy 

func (in *ApplicationRegistrationSpec) DeepCopy() *ApplicationRegistrationSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationRegistrationSpec.

func (*ApplicationRegistrationSpec) DeepCopyInto 

func (in *ApplicationRegistrationSpec) DeepCopyInto(out *ApplicationRegistrationSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ApplicationRegistrationStatus 

type ApplicationRegistrationStatus struct {
	// ProvisioningStatus shows whether:
	// - Created: the ApplicationRegistration has been successfully provisioned
	// - Creating: provisioning is still in progress (including any potentially transient errors
	//   from the Authorization API where reconciliation will be reattempted, like
	//   the API not responding or 5xx HTTP errors)
	// - ProvisioningError: provisioning has failed and won't be retried; look at ErrorMessage for details.
	//   It is set for permanent errors, such as name conflicts, invalid initialOwner, 4xx HTTP errors.
	// +kubebuilder:validation:Enum="Created";"Creating";"ProvisioningError";"DeletedFromAPI"
	ProvisioningStatus string `json:"provisioningStatus,omitempty"`

	// ErrorMessage will be set in the event of a terminal error reconciling (or provisioning) the
	// ApplicationRegistration with a human-readable message.
	// This won't be set for transient errors where reconciliation will be reattempted.
	// Error messages originating from the API returned as-is
	// +optional
	ErrorMessage string `json:"errorMessage,omitempty"`
	// ErrorReason will be set in the event of a terminal error reconciling (or provisioning) the
	// ApplicationRegistration with a machine-readable message.
	// This won't be set for transient errors where reconciliation will be reattempted.
	// +optional
	// +kubebuilder:validation:Enum={"ApplicationAlreadyExists","InvalidSpec","k8sAPIClientError", "AuthzAPIClientError","AuthzAPIError","AuthzAPIPermanentError","AuthzAPIInvalidResponse","OwnerNotFound","AuthzsvcApiError","Creating","InvalidOwner","AssociatedApplicationNotFound"}
	ErrorReason string `json:"errorReason,omitempty"`

	// ID is the Unique Identifier of the AplicationRegistration in the Authzsvc API, (This name didn't expect multiple IDs on the Status, therefore the generic ID name)
	// +optional
	ID string `json:"id,omitempty"`
	// CurrentOwnerUsername is the current owner's UPN read from the Application Portal
	// +optional
	CurrentOwnerUsername string `json:"currentOwnerUsername,omitempty"`
	// CurrentAdminGroup is read from the Application Portal
	// +optional
	CurrentAdminGroup string `json:"currentAdminGroup,omitempty"`
	// CurrentResourceCategory is read from the Application Portal
	// +optional
	CurrentResourceCategory ResourceCategoryType `json:"currentResourceCategory,omitempty"`
	// CurrentDescription is read from the Application Portal
	// +optional
	CurrentDescription string `json:"currentDescription,omitempty"`
	// CurrentEnabledStatus shows whether the application is currently enabled
	// +optional
	CurrentEnabledStatus bool `json:"currentEnabledStatus,omitempty"`
	// CurrentDepartement indicates which CERN department the project owner belongs to
	// +optional
	CurrentGroup string `json:"currentGroup,omitempty"`
	// CurrentGroup indicates which CERN group the project owner belongs to
	// +optional
	CurrentDepartment string `json:"currentDepartment,omitempty"`
	// RegistrationID is the identity of the oidc registration of the application in the Authorization service API
	// +optional
	RegistrationID string `json:"registrationId,omitempty"`
	// OIDCEnabled is a flag to know if the OIDC credentials are enabled
	// +optional
	OIDCEnabled bool `json:"OIDCEnabled,omitempty"`
	// +optional
	TokenExchangePermissions `json:"tokenExchangePermissions,omitempty"`
	// ClientCredentialsSecret is the name of the k8s secret holding the OIDC client credentials
	// +optional
	ClientCredentialsSecret string `json:"clientCredentialsSecret,omitempty"`
	// RedirectURIs is the URI where users will be redirected after authenticating to the IdP during the OIDC flows
	// +optional
	RedirectURIs []string `json:"redirectURIs,omitempty"`
}

ApplicationRegistrationStatus defines the observed state of ApplicationRegistration

func (*ApplicationRegistrationStatus) DeepCopy 

func (in *ApplicationRegistrationStatus) DeepCopy() *ApplicationRegistrationStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationRegistrationStatus.

func (*ApplicationRegistrationStatus) DeepCopyInto 

func (in *ApplicationRegistrationStatus) DeepCopyInto(out *ApplicationRegistrationStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BootstrapApplicationRole 

type BootstrapApplicationRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   BootstrapApplicationRoleSpec   `json:"spec,omitempty"`
	Status BootstrapApplicationRoleStatus `json:"status,omitempty"`
}

BootstrapApplicationRole creates but does not maintain Roles to the existing Application in the same namespace in the AuthzAPI. More info: https://gitlab.cern.ch/paas-tools/operators/authz-operator#bootstrapapplicationrole

func (*BootstrapApplicationRole) DeepCopy 

func (in *BootstrapApplicationRole) DeepCopy() *BootstrapApplicationRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BootstrapApplicationRole.

func (*BootstrapApplicationRole) DeepCopyInto 

func (in *BootstrapApplicationRole) DeepCopyInto(out *BootstrapApplicationRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*BootstrapApplicationRole) DeepCopyObject 

func (in *BootstrapApplicationRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type BootstrapApplicationRoleList 

type BootstrapApplicationRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []BootstrapApplicationRole `json:"items"`
}

BootstrapApplicationRoleList contains a list of BootstrapApplicationRole

func (*BootstrapApplicationRoleList) DeepCopy 

func (in *BootstrapApplicationRoleList) DeepCopy() *BootstrapApplicationRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BootstrapApplicationRoleList.

func (*BootstrapApplicationRoleList) DeepCopyInto 

func (in *BootstrapApplicationRoleList) DeepCopyInto(out *BootstrapApplicationRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*BootstrapApplicationRoleList) DeepCopyObject 

func (in *BootstrapApplicationRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type BootstrapApplicationRoleSpec 

type BootstrapApplicationRoleSpec struct {
	// The equivalent of "Role Identifier" of the Role in the Application Portal
	// This field will be
	// The Name field must start with a lowercase letter, can contain only lowercase letters, numbers, dashes and underscores, and must be between 3 and 64 characters long.
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// DisplayName represents the "Role Name" of the Role in the Application Portal
	// This field is required in order for the Role to be created
	// +kubebuilder:validation:Required
	DisplayName string `json:"displayName"`

	// Description of the ApplicationRegistration, represents the "Description" in the Application Portal
	// Brief description, required for Role creation
	// +kubebuilder:validation:Required
	Description string `json:"description"`

	// Flag to know if the role is required to access the Application
	// +kubebuilder:validation:Required
	RoleRequired bool `json:"required"`

	// MultifactorRequired allows to enable multifactor authentication
	// (From Application Portal): If checked, users must authenticate with Multifactor Authentication to be granted this role
	// +kubebuilder:validation:Required
	MultifactorRequired bool `json:"multifactorRequired"`

	// (From Application Portal): if checked, this role will applied to all authenticated users, regardless of them belonging to any group or not.
	// Use this option to define a role that is based only on the value of the Minimum Level of Assurance and/or usage of Multifactor authentication.
	// +kubebuilder:validation:Required
	ApplyToAllUsers bool `json:"applyToAllUsers"`

	// Level of assurance defines the accepted authentication providers, ranging from CERN identities (highest) to social accounts (public, therefore lowest)
	// Default: 4
	// +kubebuilder:validation:Required
	MinLevelOfAssurance int `json:"minLevelOfAssurance"`

	// List of CERN Groups that are going to be bound to the created Application Role
	// +kubebuilder:validation:Optional
	LinkedGroups []string `json:"linkedGroups"`
}

BootstrapApplicationRoleSpec defines the desired state of BootstrapApplicationRole

func (*BootstrapApplicationRoleSpec) DeepCopy 

func (in *BootstrapApplicationRoleSpec) DeepCopy() *BootstrapApplicationRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BootstrapApplicationRoleSpec.

func (*BootstrapApplicationRoleSpec) DeepCopyInto 

func (in *BootstrapApplicationRoleSpec) DeepCopyInto(out *BootstrapApplicationRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BootstrapApplicationRoleStatus 

type BootstrapApplicationRoleStatus struct {
	// +kubebuilder:validation:type=string
	// +optional
	RoleID string `json:"id"`
	// +kubebuilder:validation:type=array
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`
}

BootstrapApplicationRoleStatus defines the observed state of BootstrapApplicationRole

func (*BootstrapApplicationRoleStatus) DeepCopy 

func (in *BootstrapApplicationRoleStatus) DeepCopy() *BootstrapApplicationRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BootstrapApplicationRoleStatus.

func (*BootstrapApplicationRoleStatus) DeepCopyInto 

func (in *BootstrapApplicationRoleStatus) DeepCopyInto(out *BootstrapApplicationRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type InitialOwner 

type InitialOwner struct {
	// username is the owner's CERN username
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	Username string `json:"username"`
}

InitialOwner is the owner of the resource at creation time

func (*InitialOwner) DeepCopy 

func (in *InitialOwner) DeepCopy() *InitialOwner

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitialOwner.

func (*InitialOwner) DeepCopyInto 

func (in *InitialOwner) DeepCopyInto(out *InitialOwner)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OIDCFlowType 

type OIDCFlowType string
const (
	OIDCFlowImplicit          OIDCFlowType = "Implicit"
	OIDCFlowAuthorizationCode OIDCFlowType = "AuthorizationCode"
	OIDCFlowClientCredentials OIDCFlowType = "ClientCredentials"
)

type OidcReturnURI 

type OidcReturnURI struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   OidcReturnURISpec   `json:"spec,omitempty"`
	Status OidcReturnURIStatus `json:"status,omitempty"`
}

OIDC return URIs are the valid addresses where the Identity Provider (keycloak) is allowed to redirect the user after successful authentication. More info: https://gitlab.cern.ch/paas-tools/operators/authz-operator#oidcreturnuri

func (*OidcReturnURI) DeepCopy 

func (in *OidcReturnURI) DeepCopy() *OidcReturnURI

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OidcReturnURI.

func (*OidcReturnURI) DeepCopyInto 

func (in *OidcReturnURI) DeepCopyInto(out *OidcReturnURI)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*OidcReturnURI) DeepCopyObject 

func (in *OidcReturnURI) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type OidcReturnURIList 

type OidcReturnURIList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []OidcReturnURI `json:"items"`
}

OidcReturnURIList contains a list of OidcReturnURI

func (*OidcReturnURIList) DeepCopy 

func (in *OidcReturnURIList) DeepCopy() *OidcReturnURIList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OidcReturnURIList.

func (*OidcReturnURIList) DeepCopyInto 

func (in *OidcReturnURIList) DeepCopyInto(out *OidcReturnURIList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*OidcReturnURIList) DeepCopyObject 

func (in *OidcReturnURIList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type OidcReturnURISpec 

type OidcReturnURISpec struct {
	// RedirectURI is an OIDC redirect URI for the ApplicationRegistration in the same namespace
	RedirectURI string `json:"redirectURI,omitempty" valid:"url"`
}

OidcReturnURISpec defines the desired state of OidcReturnURI

func (*OidcReturnURISpec) DeepCopy 

func (in *OidcReturnURISpec) DeepCopy() *OidcReturnURISpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OidcReturnURISpec.

func (*OidcReturnURISpec) DeepCopyInto 

func (in *OidcReturnURISpec) DeepCopyInto(out *OidcReturnURISpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OidcReturnURIStatus 

type OidcReturnURIStatus struct {
}

OidcReturnURIStatus defines the observed state of OidcReturnURI

func (*OidcReturnURIStatus) DeepCopy 

func (in *OidcReturnURIStatus) DeepCopy() *OidcReturnURIStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OidcReturnURIStatus.

func (*OidcReturnURIStatus) DeepCopyInto 

func (in *OidcReturnURIStatus) DeepCopyInto(out *OidcReturnURIStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProjectLifecyclePolicy 

type ProjectLifecyclePolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ProjectLifecyclePolicySpec   `json:"spec,omitempty"`
	Status ProjectLifecyclePolicyStatus `json:"status,omitempty"`
}

ProjectLifecyclePolicy controls how the authz-operator applies changes to lifecycle-related properties of the application in the AuthzAPI to the OKD project/namespace containing an `ApplicationRegistration`. More info: https://gitlab.cern.ch/paas-tools/operators/authz-operator#projectlifecyclepolicy

func (*ProjectLifecyclePolicy) DeepCopy 

func (in *ProjectLifecyclePolicy) DeepCopy() *ProjectLifecyclePolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectLifecyclePolicy.

func (*ProjectLifecyclePolicy) DeepCopyInto 

func (in *ProjectLifecyclePolicy) DeepCopyInto(out *ProjectLifecyclePolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ProjectLifecyclePolicy) DeepCopyObject 

func (in *ProjectLifecyclePolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ProjectLifecyclePolicyList 

type ProjectLifecyclePolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ProjectLifecyclePolicy `json:"items"`
}

ProjectLifecyclePolicyList contains a list of ProjectLifecyclePolicy

func (*ProjectLifecyclePolicyList) DeepCopy 

func (in *ProjectLifecyclePolicyList) DeepCopy() *ProjectLifecyclePolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectLifecyclePolicyList.

func (*ProjectLifecyclePolicyList) DeepCopyInto 

func (in *ProjectLifecyclePolicyList) DeepCopyInto(out *ProjectLifecyclePolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ProjectLifecyclePolicyList) DeepCopyObject 

func (in *ProjectLifecyclePolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ProjectLifecyclePolicySpec 

type ProjectLifecyclePolicySpec struct {

	// The ClusterRole that should be granted to the Application's owner and administrator group
	// in the RoleBinding identified by ApplicationOwnerRoleBindingName.
	// The authz-operator serviceaccount MUST itself have this cluster role so it can grant it to other users!
	// If not specified, then no RoleBinding is created.
	// +optional
	ApplicationOwnerClusterRole string `json:"applicationOwnerClusterRole,omitempty"`

	// Name of a RoleBinding whose members should be set to the value of ApplicationRegistration's status.CurrentOwnerUsername
	// and (if present) status.CurrentAdminGroup.
	// Any other member will be removed from the RoleBinding.
	// +kubebuilder:default:="application-owner"
	ApplicationOwnerRoleBindingName string `json:"applicationOwnerRoleBindingName"`

	// Policy when the ApplicationRegistration's status.provisioningStatus becomes DeletedFromAPI,
	// i.e. the application was deleted from the Application Portal.
	// If DeleteNamespace, the parent namespace/project containing the ApplicationRegistration is deleted.
	// +kubebuilder:validation:Enum="IgnoreAndPreserveNamespace";"DeleteNamespace";"BlockAndDeleteAfterGracePeriod"
	// +kubebuilder:default:="IgnoreAndPreserveNamespace"
	ApplicationDeletedFromAuthApiPolicy AppDeletionPolicyType `json:"applicationDeletedFromAuthApiPolicy"`

	// Generate a link to the application's management page in the application portal.
	// This is created as a ConsoleLink in the NamespaceDashboard (the only type of link
	// that can be specified per namespace).
	// +optional
	ApplicationPortalManagementLink bool `json:"applicationPortalConsoleLink,omitempty"`

	// Generate a link showing current application's category in the app portal
	// with link to the application's management page to update category.
	// This is created as a ConsoleLink in the NamespaceDashboard (the only type of link
	// that can be specified per namespace).
	// +optional
	ApplicationCategoryLink bool `json:"applicationCategoryLink,omitempty"`

	// Sync the parent Openshift project's metadata (annotations and labels) with the information from the Application Portal.
	// Description goes to the standard Openshift annotation for project description. Owner, Admin Group and category are
	// exposed with custom labels.
	// +optional
	// +kubebuilder:default:=true
	SyncProjectMetadata bool `json:"syncProjectMetadata,omitempty"`
}

ProjectLifecyclePolicySpec defines the desired state of ProjectLifecyclePolicy

func (*ProjectLifecyclePolicySpec) DeepCopy 

func (in *ProjectLifecyclePolicySpec) DeepCopy() *ProjectLifecyclePolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectLifecyclePolicySpec.

func (*ProjectLifecyclePolicySpec) DeepCopyInto 

func (in *ProjectLifecyclePolicySpec) DeepCopyInto(out *ProjectLifecyclePolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProjectLifecyclePolicyStatus 

type ProjectLifecyclePolicyStatus struct {
	// Conditions represent the latest available observations of an object's state
	Conditions []metav1.Condition `json:"conditions"`
}

ProjectLifecyclePolicyStatus defines the observed state of ProjectLifecyclePolicy

func (*ProjectLifecyclePolicyStatus) DeepCopy 

func (in *ProjectLifecyclePolicyStatus) DeepCopy() *ProjectLifecyclePolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectLifecyclePolicyStatus.

func (*ProjectLifecyclePolicyStatus) DeepCopyInto 

func (in *ProjectLifecyclePolicyStatus) DeepCopyInto(out *ProjectLifecyclePolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResourceCategoryType 

type ResourceCategoryType string
const (
	// The application portal defines these 4 values
	ResourceCategoryUndefined ResourceCategoryType = "Undefined"
	ResourceCategoryTest      ResourceCategoryType = "Test"
	ResourceCategoryPersonal  ResourceCategoryType = "Personal"
	ResourceCategoryOfficial  ResourceCategoryType = "Official"
)

type TokenExchangePermissions 

type TokenExchangePermissions struct {
	// requests are the Application identifiers for which token exchange permissions are requested
	// +optional
	Requests []string `json:"requests,omitempty"`
	// allowed are the Application identifiers for which token exchange is allowed (has been granted by the corresponding application)
	// +optional
	Allowed []string `json:"allowed,omitempty"`
}

TokenExchangePermissions lists applications for which token exchange permissions have been requested or allowed

func (*TokenExchangePermissions) DeepCopy 

func (in *TokenExchangePermissions) DeepCopy() *TokenExchangePermissions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenExchangePermissions.

func (*TokenExchangePermissions) DeepCopyInto 

func (in *TokenExchangePermissions) DeepCopyInto(out *TokenExchangePermissions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.