peak-scale · bakito · Jun 18, 2025 · Jun 19, 2025
diff --git a/.gitignore b/.gitignore
@@ -30,3 +30,5 @@ go.work.sum
 # Editor/IDE
 # .idea/
 # .vscode/
+
+bin
diff --git a/api/v1alpha1/accessrequest_types.go b/api/v1alpha1/accessrequest_types.go
@@ -28,18 +28,42 @@ type AccessRequestSpec struct {
 	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
 
-	// Foo is an example field of AccessRequest. Edit accessrequest_types.go to remove/update
-	Foo string `json:"foo,omitempty"`
+	// AccessRuleReference name of the access rule to request
+	// +kubebuilder:validation:Required
+	AccessRuleReference string `json:"accessRuleReference"`
+
+	// A reason on why the request is needed
+	// +kubebuilder:validation:Required
+	Reason string `json:"reason"`
+
+	// Optional Time AccessRequests are valid for, after which they will be automatically deleted. Must be within max duration.
+	// If not defined, defaults from the requested rule.
+	Duration metav1.Duration `json:"duration"`
+
+	// Optionally define for whom the request should be assigned. Defaults to the creation user of the request.
+	For string `json:"for"`
 }
 
 // AccessRequestStatus defines the observed state of AccessRequest.
 type AccessRequestStatus struct {
-	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
-	// Important: Run "make" to regenerate code after modifying this file
+	ActiveFrom  metav1.Timestamp `json:"activeFrom"`
+	ActiveUntil metav1.Timestamp `json:"activeUntil"`
+	KeepUntil   metav1.Timestamp `json:"keepUntil"`
+	Duration    metav1.Duration  `json:"duration"`
+
+	// +kubebuilder:validation:Enum=Requested;Denied;Active;Terminated
+	Phase RequestPhase `json:"phase"`
 }
 
 // +kubebuilder:object:root=true
 // +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="Rule",type=string,JSONPath=`.spec.accessRuleReference`
+// +kubebuilder:printcolumn:name="Reason",type=date,JSONPath=`.spec.reason`
+// +kubebuilder:printcolumn:name="Reference",type=string,JSONPath=`.spec.reference`
+// +kubebuilder:printcolumn:name="ActiveFrom",type=string,JSONPath=`.status.duration`,priority=10
+// +kubebuilder:printcolumn:name="Duration",type=string,JSONPath=`.status.activeUntil`,priority=10
+// +kubebuilder:printcolumn:name="ActiveUntil",type=string,JSONPath=`.status.activeFrom`,priority=10
+// +kubebuilder:printcolumn:name="Phase",type=string,JSONPath=`.status.phase`
 
 // AccessRequest is the Schema for the accessrequests API.
 type AccessRequest struct {
@@ -62,3 +86,12 @@ type AccessRequestList struct {
 func init() {
 	SchemeBuilder.Register(&AccessRequest{}, &AccessRequestList{})
 }
+
+type RequestPhase string
+
+const (
+	RequestPhaseRequested  RequestPhase = "Requested"
+	RequestPhaseDenied     RequestPhase = "Denied"
+	RequestPhaseActive     RequestPhase = "Active"
+	RequestPhaseTerminated RequestPhase = "Terminated"
+)
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/bin/controller-gen b/bin/controller-gen
diff --git a/bin/controller-gen-v0.17.2 b/bin/controller-gen-v0.17.2
diff --git a/config/crd/bases/addons.projectcapsule.dev_accessrequests.yaml b/config/crd/bases/addons.projectcapsule.dev_accessrequests.yaml
@@ -0,0 +1,186 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.17.2
+  name: accessrequests.addons.projectcapsule.dev
+spec:
+  group: addons.projectcapsule.dev
+  names:
+    kind: AccessRequest
+    listKind: AccessRequestList
+    plural: accessrequests
+    singular: accessrequest
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.accessRuleReference
+      name: Rule
+      type: string
+    - jsonPath: .spec.reason
+      name: Reason
+      type: date
+    - jsonPath: .spec.reference
+      name: Reference
+      type: string
+    - jsonPath: .status.duration
+      name: ActiveFrom
+      priority: 10
+      type: string
+    - jsonPath: .status.activeUntil
+      name: Duration
+      priority: 10
+      type: string
+    - jsonPath: .status.activeFrom
+      name: ActiveUntil
+      priority: 10
+      type: string
+    - jsonPath: .status.phase
+      name: Phase
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: AccessRequest is the Schema for the accessrequests API.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: AccessRequestSpec defines the desired state of AccessRequest.
+            properties:
+              accessRuleReference:
+                description: AccessRuleReference name of the access rule to request
+                type: string
+              duration:
+                description: |-
+                  Optional Time AccessRequests are valid for, after which they will be automatically deleted. Must be within max duration.
+                  If not defined, defaults from the requested rule.
+                type: string
+              for:
+                description: Optionally define for whom the request should be assigned.
+                  Defaults to the creation user of the request.
+                type: string
+              reason:
+                description: A reason on why the request is needed
+                type: string
+            required:
+            - accessRuleReference
+            - duration
+            - for
+            - reason
+            type: object
+          status:
+            description: AccessRequestStatus defines the observed state of AccessRequest.
+            properties:
+              activeFrom:
+                description: |-
+                  Timestamp is a struct that is equivalent to Time, but intended for
+                  protobuf marshalling/unmarshalling. It is generated into a serialization
+                  that matches Time. Do not use in Go structs.
+                properties:
+                  nanos:
+                    description: |-
+                      Non-negative fractions of a second at nanosecond resolution. Negative
+                      second values with fractions must still have non-negative nanos values
+                      that count forward in time. Must be from 0 to 999,999,999
+                      inclusive. This field may be limited in precision depending on context.
+                    format: int32
+                    type: integer
+                  seconds:
+                    description: |-
+                      Represents seconds of UTC time since Unix epoch
+                      1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+                      9999-12-31T23:59:59Z inclusive.
+                    format: int64
+                    type: integer
+                required:
+                - nanos
+                - seconds
+                type: object
+              activeUntil:
+                description: |-
+                  Timestamp is a struct that is equivalent to Time, but intended for
+                  protobuf marshalling/unmarshalling. It is generated into a serialization
+                  that matches Time. Do not use in Go structs.
+                properties:
+                  nanos:
+                    description: |-
+                      Non-negative fractions of a second at nanosecond resolution. Negative
+                      second values with fractions must still have non-negative nanos values
+                      that count forward in time. Must be from 0 to 999,999,999
+                      inclusive. This field may be limited in precision depending on context.
+                    format: int32
+                    type: integer
+                  seconds:
+                    description: |-
+                      Represents seconds of UTC time since Unix epoch
+                      1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+                      9999-12-31T23:59:59Z inclusive.
+                    format: int64
+                    type: integer
+                required:
+                - nanos
+                - seconds
+                type: object
+              duration:
+                type: string
+              keepUntil:
+                description: |-
+                  Timestamp is a struct that is equivalent to Time, but intended for
+                  protobuf marshalling/unmarshalling. It is generated into a serialization
+                  that matches Time. Do not use in Go structs.
+                properties:
+                  nanos:
+                    description: |-
+                      Non-negative fractions of a second at nanosecond resolution. Negative
+                      second values with fractions must still have non-negative nanos values
+                      that count forward in time. Must be from 0 to 999,999,999
+                      inclusive. This field may be limited in precision depending on context.
+                    format: int32
+                    type: integer
+                  seconds:
+                    description: |-
+                      Represents seconds of UTC time since Unix epoch
+                      1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+                      9999-12-31T23:59:59Z inclusive.
+                    format: int64
+                    type: integer
+                required:
+                - nanos
+                - seconds
+                type: object
+              phase:
+                enum:
+                - Requested
+                - Denied
+                - Active
+                - Terminated
+                type: string
+            required:
+            - activeFrom
+            - activeUntil
+            - duration
+            - keepUntil
+            - phase
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}