-
Notifications
You must be signed in to change notification settings - Fork 139
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
vSphere passthrough mode for CredentialsRequests
Implement a simple passthrough-mode-only actuator for vSphere. Assumes the credentials used during installation are good enough to be passed along to any in-cluster components needing vSphere credentials. Add the VSphereProviderSpec definitions which allows listing permissions being requested (even though they are presently ignored as passthrough-mode is assumed).
- Loading branch information
Joel Diaz
committed
Jan 9, 2020
1 parent
de83d86
commit 55c6662
Showing
10 changed files
with
1,203 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
/* | ||
Copyright 2020 The OpenShift Authors. | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package v1 | ||
|
||
import ( | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
) | ||
|
||
// TODO: these types should eventually be broken out, along with the actuator, | ||
// to a separate repo. | ||
|
||
// VSphereProviderSpec contains the required information to create RBAC role | ||
// bindings for VSphere. | ||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object | ||
type VSphereProviderSpec struct { | ||
metav1.TypeMeta `json:",inline"` | ||
|
||
// Permissions contains a list of groups of privileges that are being requested. | ||
Permissions []VSpherePermission `json:"permissions"` | ||
} | ||
|
||
// VSpherePermission captures the details of the privileges being requested for the list of entities. | ||
type VSpherePermission struct { | ||
// Privileges is the list of access being requested. | ||
Privileges []string `json:"privileges"` | ||
|
||
// TODO: when implementing mint-mode will need to figure out how to allow | ||
// a CredentialsRequest to indicate that the above list of privileges should | ||
// be bound to a specific scope(s) (eg Storage, Hosts/Clusters, Networking, Global, etc). | ||
// Entities is the list of entities for which the list of permissions should be granted | ||
// access to. | ||
// Entities []string `json:"entities"` | ||
|
||
// Also will need to allow specifying whether permissions should "Propagate to children". | ||
// Propagate bool `json:"propagate"` | ||
} | ||
|
||
// VSphereProviderStatus contains the status of the credentials request in VSphere. | ||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object | ||
type VSphereProviderStatus struct { | ||
metav1.TypeMeta `json:",inline"` | ||
|
||
// SecretLastResourceVersion is the resource version of the secret resource | ||
// that was last synced. Used to determine if the object has changed and | ||
// requires a sync. | ||
SecretLastResourceVersion string `json:"secretLastResourceVersion"` | ||
} |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.