github.com/rancher/types@v0.0.0-20220328215343-4370ff10ecd5/apis/management.cattle.io/v3/authz_types.go (about) 1 package v3 2 3 import ( 4 "strings" 5 6 "github.com/rancher/norman/condition" 7 "github.com/rancher/norman/types" 8 v1 "k8s.io/api/core/v1" 9 policyv1 "k8s.io/api/policy/v1beta1" 10 rbacv1 "k8s.io/api/rbac/v1" 11 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 12 ) 13 14 var ( 15 NamespaceBackedResource condition.Cond = "BackingNamespaceCreated" 16 CreatorMadeOwner condition.Cond = "CreatorMadeOwner" 17 DefaultNetworkPolicyCreated condition.Cond = "DefaultNetworkPolicyCreated" 18 ProjectConditionInitialRolesPopulated condition.Cond = "InitialRolesPopulated" 19 ProjectConditionMonitoringEnabled condition.Cond = "MonitoringEnabled" 20 ProjectConditionMetricExpressionDeployed condition.Cond = "MetricExpressionDeployed" 21 ) 22 23 type Project struct { 24 types.Namespaced 25 26 metav1.TypeMeta `json:",inline"` 27 metav1.ObjectMeta `json:"metadata,omitempty"` 28 29 Spec ProjectSpec `json:"spec,omitempty"` 30 Status ProjectStatus `json:"status"` 31 } 32 33 func (p *Project) ObjClusterName() string { 34 return p.Spec.ObjClusterName() 35 } 36 37 type ProjectStatus struct { 38 Conditions []ProjectCondition `json:"conditions"` 39 PodSecurityPolicyTemplateName string `json:"podSecurityPolicyTemplateId"` 40 MonitoringStatus *MonitoringStatus `json:"monitoringStatus,omitempty" norman:"nocreate,noupdate"` 41 } 42 43 type ProjectCondition struct { 44 // Type of project condition. 45 Type string `json:"type"` 46 // Status of the condition, one of True, False, Unknown. 47 Status v1.ConditionStatus `json:"status"` 48 // The last time this condition was updated. 49 LastUpdateTime string `json:"lastUpdateTime,omitempty"` 50 // Last time the condition transitioned from one status to another. 51 LastTransitionTime string `json:"lastTransitionTime,omitempty"` 52 // The reason for the condition's last transition. 53 Reason string `json:"reason,omitempty"` 54 // Human-readable message indicating details about last transition 55 Message string `json:"message,omitempty"` 56 } 57 58 type ProjectSpec struct { 59 DisplayName string `json:"displayName,omitempty" norman:"required"` 60 Description string `json:"description"` 61 ClusterName string `json:"clusterName,omitempty" norman:"required,type=reference[cluster]"` 62 ResourceQuota *ProjectResourceQuota `json:"resourceQuota,omitempty"` 63 NamespaceDefaultResourceQuota *NamespaceResourceQuota `json:"namespaceDefaultResourceQuota,omitempty"` 64 ContainerDefaultResourceLimit *ContainerResourceLimit `json:"containerDefaultResourceLimit,omitempty"` 65 EnableProjectMonitoring bool `json:"enableProjectMonitoring" norman:"default=false"` 66 } 67 68 func (p *ProjectSpec) ObjClusterName() string { 69 return p.ClusterName 70 } 71 72 type GlobalRole struct { 73 metav1.TypeMeta `json:",inline"` 74 metav1.ObjectMeta `json:"metadata,omitempty"` 75 76 DisplayName string `json:"displayName,omitempty" norman:"required"` 77 Description string `json:"description"` 78 Rules []rbacv1.PolicyRule `json:"rules,omitempty"` 79 NewUserDefault bool `json:"newUserDefault,omitempty" norman:"required"` 80 Builtin bool `json:"builtin" norman:"nocreate,noupdate"` 81 } 82 83 type GlobalRoleBinding struct { 84 metav1.TypeMeta `json:",inline"` 85 metav1.ObjectMeta `json:"metadata,omitempty"` 86 87 UserName string `json:"userName,omitempty" norman:"noupdate,type=reference[user]"` 88 GroupPrincipalName string `json:"groupPrincipalName,omitempty" norman:"noupdate,type=reference[principal]"` 89 GlobalRoleName string `json:"globalRoleName,omitempty" norman:"required,noupdate,type=reference[globalRole]"` 90 } 91 92 type RoleTemplate struct { 93 metav1.TypeMeta `json:",inline"` 94 metav1.ObjectMeta `json:"metadata,omitempty"` 95 96 DisplayName string `json:"displayName,omitempty" norman:"required"` 97 Description string `json:"description"` 98 Rules []rbacv1.PolicyRule `json:"rules,omitempty"` 99 Builtin bool `json:"builtin" norman:"nocreate,noupdate"` 100 External bool `json:"external"` 101 Hidden bool `json:"hidden"` 102 Locked bool `json:"locked,omitempty" norman:"type=boolean"` 103 ClusterCreatorDefault bool `json:"clusterCreatorDefault,omitempty" norman:"required"` 104 ProjectCreatorDefault bool `json:"projectCreatorDefault,omitempty" norman:"required"` 105 Context string `json:"context" norman:"type=string,options=project|cluster"` 106 RoleTemplateNames []string `json:"roleTemplateNames,omitempty" norman:"type=array[reference[roleTemplate]]"` 107 Administrative bool `json:"administrative,omitempty"` 108 } 109 110 type PodSecurityPolicyTemplate struct { 111 metav1.TypeMeta `json:",inline"` 112 metav1.ObjectMeta `json:"metadata,omitempty"` 113 114 Description string `json:"description"` 115 Spec policyv1.PodSecurityPolicySpec `json:"spec,omitempty"` 116 } 117 118 type PodSecurityPolicyTemplateProjectBinding struct { 119 types.Namespaced 120 metav1.TypeMeta `json:",inline"` 121 metav1.ObjectMeta `json:"metadata,omitempty"` 122 123 PodSecurityPolicyTemplateName string `json:"podSecurityPolicyTemplateId" norman:"required,type=reference[podSecurityPolicyTemplate]"` 124 TargetProjectName string `json:"targetProjectId" norman:"required,type=reference[project]"` 125 } 126 127 type ProjectRoleTemplateBinding struct { 128 types.Namespaced 129 metav1.TypeMeta `json:",inline"` 130 metav1.ObjectMeta `json:"metadata,omitempty"` 131 132 UserName string `json:"userName,omitempty" norman:"noupdate,type=reference[user]"` 133 UserPrincipalName string `json:"userPrincipalName,omitempty" norman:"noupdate,type=reference[principal]"` 134 GroupName string `json:"groupName,omitempty" norman:"noupdate,type=reference[group]"` 135 GroupPrincipalName string `json:"groupPrincipalName,omitempty" norman:"noupdate,type=reference[principal]"` 136 ProjectName string `json:"projectName,omitempty" norman:"required,noupdate,type=reference[project]"` 137 RoleTemplateName string `json:"roleTemplateName,omitempty" norman:"required,type=reference[roleTemplate]"` 138 ServiceAccount string `json:"serviceAccount,omitempty" norman:"nocreate,noupdate"` 139 } 140 141 func (p *ProjectRoleTemplateBinding) ObjClusterName() string { 142 if parts := strings.SplitN(p.ProjectName, ":", 2); len(parts) == 2 { 143 return parts[0] 144 } 145 return "" 146 } 147 148 type ClusterRoleTemplateBinding struct { 149 types.Namespaced 150 metav1.TypeMeta `json:",inline"` 151 metav1.ObjectMeta `json:"metadata,omitempty"` 152 153 UserName string `json:"userName,omitempty" norman:"noupdate,type=reference[user]"` 154 UserPrincipalName string `json:"userPrincipalName,omitempty" norman:"noupdate,type=reference[principal]"` 155 GroupName string `json:"groupName,omitempty" norman:"noupdate,type=reference[group]"` 156 GroupPrincipalName string `json:"groupPrincipalName,omitempty" norman:"noupdate,type=reference[principal]"` 157 ClusterName string `json:"clusterName,omitempty" norman:"required,noupdate,type=reference[cluster]"` 158 RoleTemplateName string `json:"roleTemplateName,omitempty" norman:"required,type=reference[roleTemplate]"` 159 } 160 161 func (c *ClusterRoleTemplateBinding) ObjClusterName() string { 162 return c.ClusterName 163 } 164 165 type SetPodSecurityPolicyTemplateInput struct { 166 PodSecurityPolicyTemplateName string `json:"podSecurityPolicyTemplateId" norman:"required,type=reference[podSecurityPolicyTemplate]"` 167 }