From 9c41a84cf936cee4ec9c992faa1fb66180fadb08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Wed, 6 Mar 2024 18:01:24 +0100 Subject: [PATCH] t --- charts/capsule/crds/tenant-crd.yaml | 8 ++- .../crd/bases/capsule.clastix.io_tenants.yaml | 8 ++- config/install.yaml | 63 +++++++++++++++++++ pkg/api/cluster_resource.go | 10 +-- 4 files changed, 82 insertions(+), 7 deletions(-) diff --git a/charts/capsule/crds/tenant-crd.yaml b/charts/capsule/crds/tenant-crd.yaml index c28a20b2f..5dc0dfb9a 100644 --- a/charts/capsule/crds/tenant-crd.yaml +++ b/charts/capsule/crds/tenant-crd.yaml @@ -1985,13 +1985,16 @@ spec: description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against any resource listed will - be allowed. + be allowed. '*' represents all resources. Empty string + represents v1 api resources. items: type: string type: array operations: default: - List + description: Operations which can be executed on the selected + resources. items: enum: - List @@ -2053,7 +2056,10 @@ spec: type: object x-kubernetes-map-type: atomic required: + - apiGroups - operations + - resources + - selector type: object type: array clusterRoles: diff --git a/config/crd/bases/capsule.clastix.io_tenants.yaml b/config/crd/bases/capsule.clastix.io_tenants.yaml index c28a20b2f..5dc0dfb9a 100644 --- a/config/crd/bases/capsule.clastix.io_tenants.yaml +++ b/config/crd/bases/capsule.clastix.io_tenants.yaml @@ -1985,13 +1985,16 @@ spec: description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against any resource listed will - be allowed. + be allowed. '*' represents all resources. Empty string + represents v1 api resources. items: type: string type: array operations: default: - List + description: Operations which can be executed on the selected + resources. items: enum: - List @@ -2053,7 +2056,10 @@ spec: type: object x-kubernetes-map-type: atomic required: + - apiGroups - operations + - resources + - selector type: object type: array clusterRoles: diff --git a/config/install.yaml b/config/install.yaml index 816f999b4..25ce4d517 100644 --- a/config/install.yaml +++ b/config/install.yaml @@ -1807,6 +1807,69 @@ spec: description: Specifies the owners of the Tenant. Mandatory. items: properties: + clusterResources: + description: Defines additional cluster-resources for the specific Owner. + items: + properties: + apiGroups: + description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against any resource listed will be allowed. '*' represents all resources. Empty string represents v1 api resources. + items: + type: string + type: array + operations: + default: + - List + description: Operations which can be executed on the selected resources. + items: + enum: + - List + - Update + - Delete + type: string + type: array + resources: + description: Resources is a list of resources this rule applies to. '*' represents all resources. + items: + type: string + type: array + selector: + description: Select all cluster scoped resources with the given label selector. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - apiGroups + - operations + - resources + - selector + type: object + type: array clusterRoles: default: - admin diff --git a/pkg/api/cluster_resource.go b/pkg/api/cluster_resource.go index 6ee6078e5..59a878a4f 100644 --- a/pkg/api/cluster_resource.go +++ b/pkg/api/cluster_resource.go @@ -18,16 +18,16 @@ const ( // +kubebuilder:object:generate=true type ClusterResource struct { - // APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against any resource listed will be allowed. - APIGroups []string `json:"apiGroups,omitempty"` + // APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against any resource listed will be allowed. '*' represents all resources. Empty string represents v1 api resources. + APIGroups []string `json:"apiGroups"` // Resources is a list of resources this rule applies to. '*' represents all resources. - Resources []string `json:"resources,omitempty"` + Resources []string `json:"resources"` + // Operations which can be executed on the selected resources. // +kubebuilder:default={List} Operations []ClusterResourceOperation `json:"operations"` // Select all cluster scoped resources with the given label selector. - // +optional - Selector *metav1.LabelSelector `json:"selector,omitempty"` + Selector *metav1.LabelSelector `json:"selector"` }