kubesphere.io/api@v0.0.0-20231107125330-c9a03957060c/iam/v1beta1/types.go (about) 1 package v1beta1 2 3 import ( 4 rbacv1 "k8s.io/api/rbac/v1" 5 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 6 ) 7 8 const ( 9 UserReferenceLabel = "iam.kubesphere.io/user-ref" 10 ResourcesPluralUser = "users" 11 ) 12 13 // CategorySpec defines the desired state of Category 14 type CategorySpec struct { 15 DisplayName map[string]string `json:"displayName,omitempty"` 16 Description map[string]string `json:"description,omitempty"` 17 Icon string `json:"icon,omitempty"` 18 } 19 20 //+kubebuilder:object:root=true 21 //+kubebuilder:resource:categories=iam,scope=Cluster 22 23 // Category is the Schema for the categories API 24 type Category struct { 25 metav1.TypeMeta `json:",inline"` 26 metav1.ObjectMeta `json:"metadata,omitempty"` 27 28 Spec CategorySpec `json:"spec,omitempty"` 29 } 30 31 //+kubebuilder:object:root=true 32 //+kubebuilder:resource:categories=iam,scope=Cluster 33 34 // CategoryList contains a list of Category 35 type CategoryList struct { 36 metav1.TypeMeta `json:",inline"` 37 metav1.ListMeta `json:"metadata,omitempty"` 38 Items []Category `json:"items"` 39 } 40 41 // AggregationRoleTemplates indicates which roleTemplate the role is composed of. 42 // If the aggregation selector is not empty, the templateNames will be overwritten by the templates list by selector. 43 type AggregationRoleTemplates struct { 44 // TemplateNames select rules from RoleTemplate`s rules by RoleTemplate name 45 TemplateNames []string `json:"templateNames,omitempty"` 46 47 // Selector select rules from RoleTemplate`s rules by labels 48 Selector metav1.LabelSelector `json:"selector,omitempty"` 49 } 50 51 //+kubebuilder:object:root=true 52 //+kubebuilder:resource:categories=iam,scope=Cluster 53 54 // GlobalRole is the Schema for the globalroles API 55 type GlobalRole struct { 56 metav1.TypeMeta `json:",inline"` 57 metav1.ObjectMeta `json:"metadata,omitempty"` 58 59 // AggregationRoleTemplates means which RoleTemplates are composed this Role 60 AggregationRoleTemplates AggregationRoleTemplates `json:"aggregationRoleTemplates,omitempty"` 61 62 // Rules holds all the PolicyRules for this WorkspaceRole 63 Rules []rbacv1.PolicyRule `json:"rules"` 64 } 65 66 //+kubebuilder:object:root=true 67 // +kubebuilder:resource:categories="iam",scope="Cluster" 68 69 // GlobalRoleList contains a list of GlobalRole 70 type GlobalRoleList struct { 71 metav1.TypeMeta `json:",inline"` 72 metav1.ListMeta `json:"metadata,omitempty"` 73 Items []GlobalRole `json:"items"` 74 } 75 76 // +kubebuilder:object:root=true 77 // +kubebuilder:resource:categories="iam",scope="Cluster" 78 79 // GlobalRoleBinding is the Schema for the globalrolebindings API 80 type GlobalRoleBinding struct { 81 metav1.TypeMeta `json:",inline"` 82 // +optional 83 metav1.ObjectMeta `json:"metadata,omitempty"` 84 85 // Subjects holds references to the objects the role applies to. 86 // +optional 87 Subjects []rbacv1.Subject `json:"subjects,omitempty" protobuf:"bytes,2,rep,name=subjects"` 88 89 // RoleRef can only reference a GlobalRole. 90 // If the RoleRef cannot be resolved, the Authorizer must return an error. 91 RoleRef rbacv1.RoleRef `json:"roleRef" protobuf:"bytes,3,opt,name=roleRef"` 92 } 93 94 // +kubebuilder:object:root=true 95 // +kubebuilder:resource:categories=iam,scope=Cluster 96 97 // GlobalRoleBindingList contains a list of GlobalRoleBinding 98 type GlobalRoleBindingList struct { 99 metav1.TypeMeta `json:",inline"` 100 // Standard object's metadata. 101 // +optional 102 metav1.ListMeta `json:"metadata,omitempty"` 103 Items []GlobalRoleBinding `json:"items"` 104 } 105 106 //+kubebuilder:object:root=true 107 //+kubebuilder:resource:categories=iam,scope=Cluster 108 //+kubebuilder:printcolumn:name="Workspace",type="string",JSONPath=".metadata.labels.kubesphere\\.io/workspace" 109 //+kubebuilder:printcolumn:name="Alias",type="string",JSONPath=".metadata.annotations.kubesphere\\.io/alias-name" 110 111 // WorkspaceRole is the Schema for the workspaceroles API 112 type WorkspaceRole struct { 113 metav1.TypeMeta `json:",inline"` 114 metav1.ObjectMeta `json:"metadata,omitempty"` 115 116 // AggregationRoleTemplates means which RoleTemplates are composed this Role 117 AggregationRoleTemplates AggregationRoleTemplates `json:"aggregationRoleTemplates,omitempty"` 118 119 // Rules holds all the PolicyRules for this WorkspaceRole 120 Rules []rbacv1.PolicyRule `json:"rules,omitempty"` 121 } 122 123 //+kubebuilder:object:root=true 124 //+kubebuilder:resource:categories=iam,scope=Cluster 125 126 // WorkspaceRoleList contains a list of WorkspaceRole 127 type WorkspaceRoleList struct { 128 metav1.TypeMeta `json:",inline"` 129 metav1.ListMeta `json:"metadata,omitempty"` 130 Items []WorkspaceRole `json:"items"` 131 } 132 133 // +kubebuilder:object:root=true 134 // +kubebuilder:printcolumn:name="Workspace",type="string",JSONPath=".metadata.labels.kubesphere\\.io/workspace" 135 // +kubebuilder:resource:categories="iam",scope="Cluster" 136 137 // WorkspaceRoleBinding is the Schema for the workspacerolebindings API 138 type WorkspaceRoleBinding struct { 139 metav1.TypeMeta `json:",inline"` 140 metav1.ObjectMeta `json:"metadata,omitempty"` 141 142 // Subjects holds references to the objects the role applies to. 143 // +optional 144 Subjects []rbacv1.Subject `json:"subjects,omitempty" protobuf:"bytes,2,rep,name=subjects"` 145 146 // RoleRef can only reference a WorkspaceRole. 147 // If the RoleRef cannot be resolved, the Authorizer must return an error. 148 RoleRef rbacv1.RoleRef `json:"roleRef" protobuf:"bytes,3,opt,name=roleRef"` 149 } 150 151 // +kubebuilder:object:root=true 152 // +kubebuilder:resource:categories="iam",scope="Cluster" 153 154 // WorkspaceRoleBindingList contains a list of WorkspaceRoleBinding 155 type WorkspaceRoleBindingList struct { 156 metav1.TypeMeta `json:",inline"` 157 metav1.ListMeta `json:"metadata,omitempty"` 158 Items []WorkspaceRoleBinding `json:"items"` 159 } 160 161 //+kubebuilder:object:root=true 162 //+kubebuilder:resource:categories=iam,scope=Namespaced 163 164 // Role is the Schema for the roles API 165 type Role struct { 166 metav1.TypeMeta `json:",inline"` 167 metav1.ObjectMeta `json:"metadata,omitempty"` 168 169 // AggregationRoleTemplates means which RoleTemplates are composed this Role 170 AggregationRoleTemplates AggregationRoleTemplates `json:"aggregationRoleTemplates,omitempty"` 171 172 // Rules holds all the PolicyRules for this WorkspaceRole 173 Rules []rbacv1.PolicyRule `json:"rules,omitempty"` 174 } 175 176 //+kubebuilder:object:root=true 177 //+kubebuilder:resource:categories=iam,scope=Namespaced 178 179 // RoleList contains a list of Role 180 type RoleList struct { 181 metav1.TypeMeta `json:",inline"` 182 metav1.ListMeta `json:"metadata,omitempty"` 183 Items []Role `json:"items"` 184 } 185 186 //+kubebuilder:object:root=true 187 //+kubebuilder:resource:categories=iam,scope=Namespaced 188 189 type RoleBinding struct { 190 metav1.TypeMeta `json:",inline"` 191 metav1.ObjectMeta `json:"metadata,omitempty"` 192 193 // Subjects holds references to the objects the role applies to. 194 // +optional 195 Subjects []rbacv1.Subject `json:"subjects,omitempty" protobuf:"bytes,2,rep,name=subjects"` 196 197 // RoleRef can only reference a WorkspaceRole. 198 // If the RoleRef cannot be resolved, the Authorizer must return an error. 199 RoleRef rbacv1.RoleRef `json:"roleRef" protobuf:"bytes,3,opt,name=roleRef"` 200 } 201 202 //+kubebuilder:object:root=true 203 //+kubebuilder:resource:categories=iam,scope=Namespaced 204 205 type RoleBindingList struct { 206 metav1.TypeMeta `json:",inline"` 207 metav1.ListMeta `json:"metadata,omitempty"` 208 Items []RoleBinding `json:"items"` 209 } 210 211 //+kubebuilder:object:root=true 212 //+kubebuilder:resource:categories=iam,scope=Cluster 213 214 // ClusterRole is the Schema for the clusterroles API 215 type ClusterRole struct { 216 metav1.TypeMeta `json:",inline"` 217 metav1.ObjectMeta `json:"metadata,omitempty"` 218 219 // AggregationRoleTemplates means which RoleTemplates are composed this Role 220 AggregationRoleTemplates AggregationRoleTemplates `json:"aggregationRoleTemplates,omitempty"` 221 222 // Rules holds all the PolicyRules for this WorkspaceRole 223 Rules []rbacv1.PolicyRule `json:"rules,omitempty"` 224 } 225 226 //+kubebuilder:object:root=true 227 //+kubebuilder:resource:categories=iam,scope=Cluster 228 229 // ClusterRoleList contains a list of ClusterRole 230 type ClusterRoleList struct { 231 metav1.TypeMeta `json:",inline"` 232 metav1.ListMeta `json:"metadata,omitempty"` 233 Items []ClusterRole `json:"items"` 234 } 235 236 //+kubebuilder:object:root=true 237 //+kubebuilder:resource:categories=iam,scope=Cluster 238 239 type ClusterRoleBinding struct { 240 metav1.TypeMeta `json:",inline"` 241 metav1.ObjectMeta `json:"metadata,omitempty"` 242 243 // Subjects holds references to the objects the role applies to. 244 // +optional 245 Subjects []rbacv1.Subject `json:"subjects,omitempty" protobuf:"bytes,2,rep,name=subjects"` 246 247 // RoleRef can only reference a WorkspaceRole. 248 // If the RoleRef cannot be resolved, the Authorizer must return an error. 249 RoleRef rbacv1.RoleRef `json:"roleRef" protobuf:"bytes,3,opt,name=roleRef"` 250 } 251 252 //+kubebuilder:object:root=true 253 //+kubebuilder:resource:categories=iam,scope=Cluster 254 255 type ClusterRoleBindingList struct { 256 metav1.TypeMeta `json:",inline"` 257 metav1.ListMeta `json:"metadata,omitempty"` 258 Items []ClusterRoleBinding `json:"items"` 259 } 260 261 // RoleTemplateSpec defines the desired state of RoleTemplate 262 type RoleTemplateSpec struct { 263 // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster 264 // Important: Run "make" to regenerate code after modifying this file 265 266 // DisplayName represent the name displays at console, this field 267 DisplayName map[string]string `json:"displayName,omitempty"` 268 Description map[string]string `json:"description,omitempty"` 269 Rules []rbacv1.PolicyRule `json:"rules"` 270 } 271 272 // +kubebuilder:object:root=true 273 // +kubebuilder:resource:categories=iam,scope=Cluster 274 // +kubebuilder:storageversion 275 // RoleTemplate is the Schema for the roletemplates API 276 type RoleTemplate struct { 277 metav1.TypeMeta `json:",inline"` 278 metav1.ObjectMeta `json:"metadata,omitempty"` 279 280 Spec RoleTemplateSpec `json:"spec,omitempty"` 281 } 282 283 //+kubebuilder:object:root=true 284 //+kubebuilder:resource:categories=iam,scope=Cluster 285 286 // RoleTemplateList contains a list of RoleTemplate 287 type RoleTemplateList struct { 288 metav1.TypeMeta `json:",inline"` 289 metav1.ListMeta `json:"metadata,omitempty"` 290 Items []RoleTemplate `json:"items"` 291 }