forked from labring/sealos
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* feat: expose mongo uri. (labring#3586) * expose mongo uri env. * feat: operation request -> rolebinding (sa <-> role) * feat: operation request -> rolebinding (sa <-> role) * feat: operation request --------- Co-authored-by: yy <56745951+lingdie@users.noreply.github.com>
- Loading branch information
Showing
21 changed files
with
1,225 additions
and
32 deletions.
There are no files selected for viewing
23 changes: 0 additions & 23 deletions
23
controllers/licenseissuer/deploy/manifests/customconfig.yaml.tmpl
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
/* | ||
Copyright 2022 labring. | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package v1 | ||
|
||
import ( | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
) | ||
|
||
// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! | ||
// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. | ||
|
||
// OperationrequestSpec defines the desired state of Operationrequest | ||
type OperationrequestSpec struct { | ||
// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster | ||
// Important: Run "make" to regenerate code after modifying this file | ||
Username string `json:"username,omitempty"` | ||
Namespace string `json:"namespace,omitempty"` | ||
// +kubebuilder:validation:Enum=Owner;Manager;Developer | ||
Type string `json:"type,omitempty"` | ||
// +kubebuilder:validation:Enum=Grant;Update;Deprive | ||
Action ActionType `json:"action,omitempty"` //TODO action可能要加个 update 用于更新rolebinding | ||
} | ||
type ActionType string | ||
|
||
const ( | ||
Grant ActionType = "Grant" | ||
Update ActionType = "Update" | ||
Deprive ActionType = "Deprive" | ||
) | ||
|
||
const ExpirationTime string = "3m" | ||
|
||
// OperationrequestStatus defines the observed state of Operationrequest | ||
type OperationrequestStatus struct { | ||
// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster | ||
// Important: Run "make" to regenerate code after modifying this file | ||
|
||
// Phase is the recently observed lifecycle phase of user | ||
//+kubebuilder:default:=Unknown | ||
Phase RequestPhase `json:"phase,omitempty"` | ||
} | ||
|
||
type RequestPhase string | ||
|
||
// These are the valid phases of node. | ||
const ( | ||
RequestPending RequestPhase = "Pending" | ||
RequestUnknown RequestPhase = "Unknown" | ||
RequestActive RequestPhase = "Active" | ||
) | ||
|
||
//+kubebuilder:object:root=true | ||
//+kubebuilder:subresource:status | ||
|
||
// Operationrequest is the Schema for the operationrequests API | ||
type Operationrequest struct { | ||
metav1.TypeMeta `json:",inline"` | ||
metav1.ObjectMeta `json:"metadata,omitempty"` | ||
|
||
Spec OperationrequestSpec `json:"spec,omitempty"` | ||
Status OperationrequestStatus `json:"status,omitempty"` | ||
} | ||
|
||
//+kubebuilder:object:root=true | ||
|
||
// OperationrequestList contains a list of Operationrequest | ||
type OperationrequestList struct { | ||
metav1.TypeMeta `json:",inline"` | ||
metav1.ListMeta `json:"metadata,omitempty"` | ||
Items []Operationrequest `json:"items"` | ||
} | ||
|
||
func init() { | ||
SchemeBuilder.Register(&Operationrequest{}, &OperationrequestList{}) | ||
} |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
69 changes: 69 additions & 0 deletions
69
controllers/user/config/crd/bases/user.sealos.io_operationrequests.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
--- | ||
apiVersion: apiextensions.k8s.io/v1 | ||
kind: CustomResourceDefinition | ||
metadata: | ||
annotations: | ||
controller-gen.kubebuilder.io/version: v0.10.0 | ||
creationTimestamp: null | ||
name: operationrequests.user.sealos.io | ||
spec: | ||
group: user.sealos.io | ||
names: | ||
kind: Operationrequest | ||
listKind: OperationrequestList | ||
plural: operationrequests | ||
singular: operationrequest | ||
scope: Namespaced | ||
versions: | ||
- name: v1 | ||
schema: | ||
openAPIV3Schema: | ||
description: Operationrequest is the Schema for the operationrequests API | ||
properties: | ||
apiVersion: | ||
description: 'APIVersion defines the versioned schema of this representation | ||
of an object. Servers should convert recognized schemas to the latest | ||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | ||
type: string | ||
kind: | ||
description: 'Kind is a string value representing the REST resource this | ||
object represents. Servers may infer this from the endpoint the client | ||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | ||
type: string | ||
metadata: | ||
type: object | ||
spec: | ||
description: OperationrequestSpec defines the desired state of Operationrequest | ||
properties: | ||
action: | ||
enum: | ||
- Grant | ||
- Update | ||
- Deprive | ||
type: string | ||
namespace: | ||
type: string | ||
type: | ||
enum: | ||
- Owner | ||
- Manager | ||
- Developer | ||
type: string | ||
username: | ||
description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster | ||
Important: Run "make" to regenerate code after modifying this file' | ||
type: string | ||
type: object | ||
status: | ||
description: OperationrequestStatus defines the observed state of Operationrequest | ||
properties: | ||
phase: | ||
default: Unknown | ||
description: Phase is the recently observed lifecycle phase of user | ||
type: string | ||
type: object | ||
type: object | ||
served: true | ||
storage: true | ||
subresources: | ||
status: {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
7 changes: 7 additions & 0 deletions
7
controllers/user/config/crd/patches/cainjection_in_operationrequests.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# The following patch adds a directive for certmanager to inject CA into the CRD | ||
apiVersion: apiextensions.k8s.io/v1 | ||
kind: CustomResourceDefinition | ||
metadata: | ||
annotations: | ||
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) | ||
name: operationrequests.user.sealos.io |
16 changes: 16 additions & 0 deletions
16
controllers/user/config/crd/patches/webhook_in_operationrequests.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
# The following patch enables a conversion webhook for the CRD | ||
apiVersion: apiextensions.k8s.io/v1 | ||
kind: CustomResourceDefinition | ||
metadata: | ||
name: operationrequests.user.sealos.io | ||
spec: | ||
conversion: | ||
strategy: Webhook | ||
webhook: | ||
clientConfig: | ||
service: | ||
namespace: system | ||
name: webhook-service | ||
path: /convert | ||
conversionReviewVersions: | ||
- v1 |
31 changes: 31 additions & 0 deletions
31
controllers/user/config/rbac/operationrequest_editor_role.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
# permissions for end users to edit operationrequests. | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
labels: | ||
app.kubernetes.io/name: clusterrole | ||
app.kubernetes.io/instance: operationrequest-editor-role | ||
app.kubernetes.io/component: rbac | ||
app.kubernetes.io/created-by: user | ||
app.kubernetes.io/part-of: user | ||
app.kubernetes.io/managed-by: kustomize | ||
name: operationrequest-editor-role | ||
rules: | ||
- apiGroups: | ||
- user.sealos.io | ||
resources: | ||
- operationrequests | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- user.sealos.io | ||
resources: | ||
- operationrequests/status | ||
verbs: | ||
- get |
Oops, something went wrong.