-
Notifications
You must be signed in to change notification settings - Fork 73
/
awsfederatedaccountaccess_types.go
115 lines (98 loc) · 4.95 KB
/
awsfederatedaccountaccess_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
package v1alpha1
import (
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN!
// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.
// AWSFederatedAccountAccessState defines the various status an FederatedAccountAccess CR can have
type AWSFederatedAccountAccessState string
const (
// AWSFederatedAccountAccessStateInProgress const for InProgress status state
AWSFederatedAccountAccessStateInProgress AWSFederatedAccountAccessState = "InProgress"
// AWSFederatedAccountStateReady const for Applied status state
AWSFederatedAccountStateReady AWSFederatedAccountAccessState = "Ready"
// AWSFederatedAccountStateFailed cont for Failed status state
AWSFederatedAccountStateFailed AWSFederatedAccountAccessState = "Failed"
)
// AWSFederatedAccountAccessSpec defines the desired state of AWSFederatedAccountAccess
// +k8s:openapi-gen=true
type AWSFederatedAccountAccessSpec struct {
// ExternalCustomerAWSARN holds the external AWS IAM ARN
ExternalCustomerAWSIAMARN string `json:"externalCustomerAWSIAMARN"`
// AWSCustomerCredentialSecret holds the credentials to the cluster account where the role wil be created
AWSCustomerCredentialSecret AWSSecretReference `json:"awsCustomerCredentialSecret"`
// FederatedRoleName must be the name of a federatedrole cr that currently exists
AWSFederatedRole AWSFederatedRoleRef `json:"awsFederatedRole"`
}
// AWSFederatedAccountAccessStatus defines the observed state of AWSFederatedAccountAccess
// +k8s:openapi-gen=true
type AWSFederatedAccountAccessStatus struct {
// +listType=map
// +listMapKey=type
Conditions []AWSFederatedAccountAccessCondition `json:"conditions"`
State AWSFederatedAccountAccessState `json:"state"`
ConsoleURL string `json:"consoleURL,omitempty"`
}
// AWSFederatedAccountAccessCondition defines a current condition state of the account
type AWSFederatedAccountAccessCondition struct {
// Type is the type of the condition.
Type AWSFederatedAccountAccessConditionType `json:"type"`
// Status is the status of the condition
Status corev1.ConditionStatus `json:"status"`
// LastProbeTime is the last time we probed the condition.
// +optional
LastProbeTime metav1.Time `json:"lastProbeTime,omitempty"`
// LastTransitionTime is the laste time the condition transitioned from one status to another.
// +optional
LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
// Reason is a unique, one-word, CamelCase reason for the condition's last transition.
// +optional
Reason string `json:"reason,omitempty"`
// Message is a human-readable message indicating details about last transition.
// +optional
Message string `json:"message,omitempty"`
}
// AWSFederatedAccountAccessConditionType is a valid value for AccountCondition.Type
type AWSFederatedAccountAccessConditionType string
const (
// AWSFederatedAccountInProgress is set when an Account access is in progress
AWSFederatedAccountInProgress AWSFederatedAccountAccessConditionType = "InProgress"
// AWSFederatedAccountReady is set when an Account access has been successfully applied
AWSFederatedAccountReady AWSFederatedAccountAccessConditionType = "Ready"
// AWSFederatedAccountFailed is set when account access has failed to apply
AWSFederatedAccountFailed AWSFederatedAccountAccessConditionType = "Failed"
)
// AWSSecretReference holds the name and namespace of an secret containing credentials to cluster account
type AWSSecretReference struct {
Name string `json:"name"`
Namespace string `json:"namespace"`
}
// AWSFederatedRoleRef holds the name and namespace to reference an AWSFederatedRole CR
type AWSFederatedRoleRef struct {
Name string `json:"name"`
Namespace string `json:"namespace"`
}
// +kubebuilder:object:root=true
// AWSFederatedAccountAccess is the Schema for the awsfederatedaccountaccesses API
// +k8s:openapi-gen=true
// +kubebuilder:subresource:status
// +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state",description="Status the federated account access user"
// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="Age since federated account access user was created"
// +kubebuilder:resource:path=awsfederatedaccountaccesses,scope=Namespaced
type AWSFederatedAccountAccess struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec AWSFederatedAccountAccessSpec `json:"spec,omitempty"`
Status AWSFederatedAccountAccessStatus `json:"status,omitempty"`
}
// +kubebuilder:object:root=true
// AWSFederatedAccountAccessList contains a list of AWSFederatedAccountAccess
type AWSFederatedAccountAccessList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []AWSFederatedAccountAccess `json:"items"`
}
func init() {
SchemeBuilder.Register(&AWSFederatedAccountAccess{}, &AWSFederatedAccountAccessList{})
}