Skip to content

Commit

Permalink
t
Browse files Browse the repository at this point in the history
  • Loading branch information
@oliverbaehler
oliverbaehler committed Mar 6, 2024
1 parent 95f9023 commit 9c41a84
Show file tree
Hide file tree
Showing 4 changed files with 82 additions and 7 deletions.
8 changes: 7 additions & 1 deletion charts/capsule/crds/tenant-crd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1985,13 +1985,16 @@ spec:
description: APIGroups is the name of the APIGroup that
contains the resources. If multiple API groups are specified,
any action requested against any resource listed will
be allowed.
be allowed. '*' represents all resources. Empty string
represents v1 api resources.
items:
type: string
type: array
operations:
default:
- List
description: Operations which can be executed on the selected
resources.
items:
enum:
- List
Expand Down Expand Up @@ -2053,7 +2056,10 @@ spec:
type: object
x-kubernetes-map-type: atomic
required:
- apiGroups
- operations
- resources
- selector
type: object
type: array
clusterRoles:
Expand Down
8 changes: 7 additions & 1 deletion config/crd/bases/capsule.clastix.io_tenants.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1985,13 +1985,16 @@ spec:
description: APIGroups is the name of the APIGroup that
contains the resources. If multiple API groups are specified,
any action requested against any resource listed will
be allowed.
be allowed. '*' represents all resources. Empty string
represents v1 api resources.
items:
type: string
type: array
operations:
default:
- List
description: Operations which can be executed on the selected
resources.
items:
enum:
- List
Expand Down Expand Up @@ -2053,7 +2056,10 @@ spec:
type: object
x-kubernetes-map-type: atomic
required:
- apiGroups
- operations
- resources
- selector
type: object
type: array
clusterRoles:
Expand Down
63 changes: 63 additions & 0 deletions config/install.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1807,6 +1807,69 @@ spec:
description: Specifies the owners of the Tenant. Mandatory.
items:
properties:
clusterResources:
description: Defines additional cluster-resources for the specific Owner.
items:
properties:
apiGroups:
description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against any resource listed will be allowed. '*' represents all resources. Empty string represents v1 api resources.
items:
type: string
type: array
operations:
default:
- List
description: Operations which can be executed on the selected resources.
items:
enum:
- List
- Update
- Delete
type: string
type: array
resources:
description: Resources is a list of resources this rule applies to. '*' represents all resources.
items:
type: string
type: array
selector:
description: Select all cluster scoped resources with the given label selector.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
required:
- apiGroups
- operations
- resources
- selector
type: object
type: array
clusterRoles:
default:
- admin
Expand Down
10 changes: 5 additions & 5 deletions pkg/api/cluster_resource.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,16 +18,16 @@ const (

// +kubebuilder:object:generate=true
type ClusterResource struct {
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against any resource listed will be allowed.
APIGroups []string `json:"apiGroups,omitempty"`
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against any resource listed will be allowed. '*' represents all resources. Empty string represents v1 api resources.
APIGroups []string `json:"apiGroups"`

// Resources is a list of resources this rule applies to. '*' represents all resources.
Resources []string `json:"resources,omitempty"`
Resources []string `json:"resources"`

// Operations which can be executed on the selected resources.
// +kubebuilder:default={List}
Operations []ClusterResourceOperation `json:"operations"`

// Select all cluster scoped resources with the given label selector.
// +optional
Selector *metav1.LabelSelector `json:"selector,omitempty"`
Selector *metav1.LabelSelector `json:"selector"`
}

0 comments on commit 9c41a84

Please sign in to comment.