/
role_types.go
110 lines (91 loc) · 3.14 KB
/
role_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1
import (
"time"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN!
// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.
// RoleSpec defines the desired state of Role
type RoleSpec struct {
// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
// Important: Run "make" to regenerate code after modifying this file
// +optional
Options RoleOptions `json:"options,omitempty"`
// +optional
Allow RoleConditions `json:"allow,omitempty"`
// +optional
Deny RoleConditions `json:"deny,omitempty"`
}
type RoleOptions struct {
ForwardAgent bool `json:"forward_agent"`
// +optional
MaxSessionTTL *time.Duration `json:"max_session_ttl,omitempty"`
// +optional
PortForwarding *bool `json:"port_forwarding,omitempty"`
CertificateFormat string `json:"cert_format"`
// +optional
ClientIdleTimeout int64 `json:"client_idle_timeout,omitempty"`
// +optional
DisconnectExpiredCert bool `json:"disconnect_expired_cert,omitempty"`
}
type RoleConditions struct {
Logins []string `json:"logins"`
Namespaces []string `json:"-"`
// +optional
NodeLabels map[string][]string `json:"node_labels,omitempty"`
// +optional
Rules []Rule `json:"rules,omitempty"`
// +optional
KubeGroups []string `json:"kubernetes_groups,omitempty"`
}
type Rule struct {
// +optional
Resources []string `json:"resources,omitempty"`
// +optional
Verbs []string `json:"verbs,omitempty"`
// +optional
Where string `json:"where,omitempty"`
// +optional
Actions []string `json:"actions,omitempty"`
}
// RoleStatus defines the observed state of Role
type RoleStatus struct {
// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
// Important: Run "make" to regenerate code after modifying this file
Condition string `json:"condition"`
// +optional
Reason string `json:"reason,omitempty"`
// +optional
LastTransitionTime *metav1.Time `json:"last_transition_time,omitempty"`
}
// +kubebuilder:object:root=true
// +kubebuilder:subresource:status
// +kubebuilder:printcolumn:name="Condition",type=string,JSONPath=`.status.condition`
// Role is the Schema for the roles API
type Role struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec RoleSpec `json:"spec,omitempty"`
Status RoleStatus `json:"status,omitempty"`
}
// +kubebuilder:object:root=true
// RoleList contains a list of Role
type RoleList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []Role `json:"items"`
}
func init() {
SchemeBuilder.Register(&Role{}, &RoleList{})
}