From 9d91c1f6cfd40449bd2af8a6b697a3bf7baf933b Mon Sep 17 00:00:00 2001 From: Corey Daley Date: Wed, 28 Jul 2021 12:16:45 -0400 Subject: [PATCH] BUILD-284: Integrate Shared Resources Operator with Cluster Storage Operator Co-authored-by: Adam Kaplan Co-authored-by: Gabe Montero --- Makefile | 1 + hack/lib/init.sh | 1 + hack/update-deepcopy.sh | 2 +- install.go | 2 + sharedresource/OWNERS | 5 + sharedresource/install.go | 26 ++ .../v1alpha1/0000_10_sharedconfigmap.crd.yaml | 105 ++++++++ .../v1alpha1/0000_10_sharedsecret.crd.yaml | 105 ++++++++ sharedresource/v1alpha1/doc.go | 7 + sharedresource/v1alpha1/register.go | 48 ++++ .../v1alpha1/types_shared_configmap.go | 88 +++++++ .../v1alpha1/types_shared_secret.go | 86 ++++++ .../v1alpha1/zz_generated.deepcopy.go | 244 ++++++++++++++++++ .../zz_generated.swagger_doc_generated.go | 108 ++++++++ 14 files changed, 827 insertions(+), 1 deletion(-) create mode 100644 sharedresource/OWNERS create mode 100644 sharedresource/install.go create mode 100644 sharedresource/v1alpha1/0000_10_sharedconfigmap.crd.yaml create mode 100644 sharedresource/v1alpha1/0000_10_sharedsecret.crd.yaml create mode 100644 sharedresource/v1alpha1/doc.go create mode 100644 sharedresource/v1alpha1/register.go create mode 100644 sharedresource/v1alpha1/types_shared_configmap.go create mode 100644 sharedresource/v1alpha1/types_shared_secret.go create mode 100644 sharedresource/v1alpha1/zz_generated.deepcopy.go create mode 100644 sharedresource/v1alpha1/zz_generated.swagger_doc_generated.go diff --git a/Makefile b/Makefile index 70cf37a8710..1a10745da53 100644 --- a/Makefile +++ b/Makefile @@ -32,6 +32,7 @@ $(call add-crd-gen,imageregistry,./imageregistry/v1,./imageregistry/v1,./imagere $(call add-crd-gen,operator,./operator/v1,./operator/v1,./operator/v1) $(call add-crd-gen,operator-alpha,./operator/v1alpha1,./operator/v1alpha1,./operator/v1alpha1) $(call add-crd-gen,operatoringress,./operatoringress/v1,./operatoringress/v1,./operatoringress/v1) +$(call add-crd-gen,sharedresource,./sharedresource/v1alpha1,./sharedresource/v1alpha1,./sharedresource/v1alpha1) $(call add-crd-gen,quota,./quota/v1,./quota/v1,./quota/v1) $(call add-crd-gen,samples,./samples/v1,./samples/v1,./samples/v1) $(call add-crd-gen,security,./security/v1,./security/v1,./security/v1) diff --git a/hack/lib/init.sh b/hack/lib/init.sh index 9c4edd6865c..87ee162c075 100644 --- a/hack/lib/init.sh +++ b/hack/lib/init.sh @@ -31,6 +31,7 @@ operatorcontrolplane/v1alpha1 \ operatoringress/v1 \ operator/v1alpha1 \ project/v1 \ +sharedresource/v1alpha1 \ quota/v1 \ route/v1 \ samples/v1 \ diff --git a/hack/update-deepcopy.sh b/hack/update-deepcopy.sh index aa01063dd89..115dddc7c6a 100755 --- a/hack/update-deepcopy.sh +++ b/hack/update-deepcopy.sh @@ -10,7 +10,7 @@ verify="${VERIFY:-}" GOFLAGS="" bash ${CODEGEN_PKG}/generate-groups.sh "deepcopy" \ github.com/openshift/api/generated \ github.com/openshift/api \ - "apiserver:v1 apps:v1 authorization:v1 build:v1 config:v1 helm:v1beta1 console:v1 console:v1alpha1 image:v1,docker10,dockerpre012 imageregistry:v1 kubecontrolplane:v1 legacyconfig:v1 cloudnetwork:v1 network:v1 networkoperator:v1 oauth:v1 openshiftcontrolplane:v1 operator:v1 operator:v1alpha1 operatorcontrolplane:v1alpha1 operatoringress:v1 osin:v1 project:v1 quota:v1 route:v1 samples:v1 security:v1 securityinternal:v1 servicecertsigner:v1alpha1 template:v1 user:v1 machine:v1beta1" \ + "apiserver:v1 apps:v1 authorization:v1 build:v1 config:v1 helm:v1beta1 console:v1 console:v1alpha1 image:v1,docker10,dockerpre012 imageregistry:v1 kubecontrolplane:v1 legacyconfig:v1 cloudnetwork:v1 network:v1 networkoperator:v1 oauth:v1 openshiftcontrolplane:v1 operator:v1 operator:v1alpha1 operatorcontrolplane:v1alpha1 operatoringress:v1 osin:v1 project:v1 quota:v1 route:v1 samples:v1 security:v1 securityinternal:v1 servicecertsigner:v1alpha1 sharedresource:v1alpha1 template:v1 user:v1 machine:v1beta1" \ --go-header-file ${SCRIPT_ROOT}/hack/empty.txt \ ${verify} diff --git a/install.go b/install.go index 472fe8dd870..c85029dc012 100644 --- a/install.go +++ b/install.go @@ -56,6 +56,7 @@ import ( "github.com/openshift/api/samples" "github.com/openshift/api/security" "github.com/openshift/api/servicecertsigner" + "github.com/openshift/api/sharedresource" "github.com/openshift/api/template" "github.com/openshift/api/user" @@ -88,6 +89,7 @@ var ( samples.Install, security.Install, servicecertsigner.Install, + sharedresource.Install, template.Install, user.Install, machine.Install, diff --git a/sharedresource/OWNERS b/sharedresource/OWNERS new file mode 100644 index 00000000000..c89bc9387f9 --- /dev/null +++ b/sharedresource/OWNERS @@ -0,0 +1,5 @@ +reviewers: + - bparees + - gabemontero + - adambkaplan + - coreydaley diff --git a/sharedresource/install.go b/sharedresource/install.go new file mode 100644 index 00000000000..40eae94a98e --- /dev/null +++ b/sharedresource/install.go @@ -0,0 +1,26 @@ +package sharedresource + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1alpha1 "github.com/openshift/api/sharedresource/v1alpha1" +) + +const ( + GroupName = "sharedresource.openshift.io" +) + +var ( + schemeBuilder = runtime.NewSchemeBuilder(v1alpha1.Install) + // Install is a function which adds every version of this group to a scheme + Install = schemeBuilder.AddToScheme +) + +func Resource(resource string) schema.GroupResource { + return schema.GroupResource{Group: GroupName, Resource: resource} +} + +func Kind(kind string) schema.GroupKind { + return schema.GroupKind{Group: GroupName, Kind: kind} +} diff --git a/sharedresource/v1alpha1/0000_10_sharedconfigmap.crd.yaml b/sharedresource/v1alpha1/0000_10_sharedconfigmap.crd.yaml new file mode 100644 index 00000000000..c7d8d7b8787 --- /dev/null +++ b/sharedresource/v1alpha1/0000_10_sharedconfigmap.crd.yaml @@ -0,0 +1,105 @@ +# this is the boilerplate crd def that controller-gen reads and modifies with the +# contents from shared_configmap_type.go +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sharedconfigmaps.sharedresource.openshift.io + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/979 + displayName: SharedConfigMap + description: Extension for sharing ConfigMaps across Namespaces +spec: + scope: Cluster + group: sharedresource.openshift.io + names: + plural: sharedconfigmaps + singular: sharedconfigmap + kind: SharedConfigMap + listKind: SharedConfigMapList + versions: + - name: v1alpha1 + served: true + storage: true + "schema": + "openAPIV3Schema": + description: "SharedConfigMap allows a ConfigMap to be shared across namespaces. Pods can mount the shared ConfigMap by adding a CSI volume to the pod specification using the \"csi.sharedresource.openshift.io\" CSI driver and a reference to the SharedConfigMap in the volume attributes: \n spec: volumes: - name: shared-configmap csi: driver: csi.sharedresource.openshift.io volumeAttributes: sharedConfigMap: my-share \n For the mount to be successful, the pod's service account must be granted permission to 'use' the named SharedConfigMap object within its namespace with an appropriate Role and RoleBinding. For compactness, here are example `oc` invocations for creating such Role and RoleBinding objects. \n `oc create role shared-resource-my-share --verb=use --resource=sharedconfigmaps.sharedresource.openshift.io --resource-name=my-share` `oc create rolebinding shared-resource-my-share --role=shared-resource-my-share --serviceaccount=my-namespace:default` \n Shared resource objects, in this case ConfigMaps, have default permissions of list, get, and watch for system authenticated users. \n Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support." + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired shared configmap + type: object + required: + - configMapRef + properties: + configMapRef: + description: configMapRef is a reference to the ConfigMap to share + type: object + required: + - name + - namespace + properties: + name: + description: name represents the name of the ConfigMap that is being referenced. + type: string + namespace: + description: namespace represents the namespace where the referenced ConfigMap is located. + type: string + description: + description: description is a user readable explanation of what the backing resource provides. + type: string + status: + description: status is the observed status of the shared configmap + type: object + properties: + conditions: + description: conditions represents any observations made on this particular shared resource by the underlying CSI driver or Share controller. + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ diff --git a/sharedresource/v1alpha1/0000_10_sharedsecret.crd.yaml b/sharedresource/v1alpha1/0000_10_sharedsecret.crd.yaml new file mode 100644 index 00000000000..b323df59099 --- /dev/null +++ b/sharedresource/v1alpha1/0000_10_sharedsecret.crd.yaml @@ -0,0 +1,105 @@ +# this is the boilerplate crd def that controller-gen reads and modifies with the +# contents from shared_secret_type.go +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sharedsecrets.sharedresource.openshift.io + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/979 + displayName: SharedSecret + description: Extension for sharing Secrets across Namespaces +spec: + scope: Cluster + group: sharedresource.openshift.io + names: + plural: sharedsecrets + singular: sharedsecret + kind: SharedSecret + listKind: SharedSecretList + versions: + - name: v1alpha1 + served: true + storage: true + "schema": + "openAPIV3Schema": + description: "SharedSecret allows a Secret to be shared across namespaces. Pods can mount the shared Secret by adding a CSI volume to the pod specification using the \"csi.sharedresource.openshift.io\" CSI driver and a reference to the SharedSecret in the volume attributes: \n spec: volumes: - name: shared-secret csi: driver: csi.sharedresource.openshift.io volumeAttributes: sharedSecret: my-share \n For the mount to be successful, the pod's service account must be granted permission to 'use' the named SharedSecret object within its namespace with an appropriate Role and RoleBinding. For compactness, here are example `oc` invocations for creating such Role and RoleBinding objects. \n `oc create role shared-resource-my-share --verb=use --resource=sharedsecrets.sharedresource.openshift.io --resource-name=my-share` `oc create rolebinding shared-resource-my-share --role=shared-resource-my-share --serviceaccount=my-namespace:default` \n Shared resource objects, in this case Secrets, have default permissions of list, get, and watch for system authenticated users. \n Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support." + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired shared secret + type: object + required: + - secretRef + properties: + description: + description: description is a user readable explanation of what the backing resource provides. + type: string + secretRef: + description: secretRef is a reference to the Secret to share + type: object + required: + - name + - namespace + properties: + name: + description: name represents the name of the Secret that is being referenced. + type: string + namespace: + description: namespace represents the namespace where the referenced Secret is located. + type: string + status: + description: status is the observed status of the shared secret + type: object + properties: + conditions: + description: conditions represents any observations made on this particular shared resource by the underlying CSI driver or Share controller. + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ diff --git a/sharedresource/v1alpha1/doc.go b/sharedresource/v1alpha1/doc.go new file mode 100644 index 00000000000..833dd7f12ce --- /dev/null +++ b/sharedresource/v1alpha1/doc.go @@ -0,0 +1,7 @@ +// +k8s:deepcopy-gen=package,register +// +k8s:defaulter-gen=TypeMeta +// +k8s:openapi-gen=true + +// +groupName=sharedresource.openshift.io +// Package v1alplha1 is the v1alpha1 version of the API. +package v1alpha1 diff --git a/sharedresource/v1alpha1/register.go b/sharedresource/v1alpha1/register.go new file mode 100644 index 00000000000..506b5f0ac0d --- /dev/null +++ b/sharedresource/v1alpha1/register.go @@ -0,0 +1,48 @@ +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const ( + Version = "v1alpha1" + GroupName = "sharedresource.openshift.io" +) + +var ( + scheme = runtime.NewScheme() + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + AddToScheme = SchemeBuilder.AddToScheme + // SchemeGroupVersion is the group version used to register these objects. + SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: Version} + // Install is a function which adds this version to a scheme + Install = SchemeBuilder.AddToScheme +) + +func init() { + AddToScheme(scheme) +} + +// addKnownTypes adds the set of types defined in this package to the supplied scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &SharedConfigMap{}, + &SharedConfigMapList{}, + &SharedSecret{}, + &SharedSecretList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} + +// Kind takes an unqualified kind and returns back a Group qualified GroupKind +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} diff --git a/sharedresource/v1alpha1/types_shared_configmap.go b/sharedresource/v1alpha1/types_shared_configmap.go new file mode 100644 index 00000000000..fee35d02706 --- /dev/null +++ b/sharedresource/v1alpha1/types_shared_configmap.go @@ -0,0 +1,88 @@ +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// SharedConfigMap allows a ConfigMap to be shared across namespaces. +// Pods can mount the shared ConfigMap by adding a CSI volume to the pod specification using the +// "csi.sharedresource.openshift.io" CSI driver and a reference to the SharedConfigMap in the volume attributes: +// +// spec: +// volumes: +// - name: shared-configmap +// csi: +// driver: csi.sharedresource.openshift.io +// volumeAttributes: +// sharedConfigMap: my-share +// +// For the mount to be successful, the pod's service account must be granted permission to 'use' the named SharedConfigMap object +// within its namespace with an appropriate Role and RoleBinding. For compactness, here are example `oc` invocations for creating +// such Role and RoleBinding objects. +// +// `oc create role shared-resource-my-share --verb=use --resource=sharedconfigmaps.sharedresource.openshift.io --resource-name=my-share` +// `oc create rolebinding shared-resource-my-share --role=shared-resource-my-share --serviceaccount=my-namespace:default` +// +// Shared resource objects, in this case ConfigMaps, have default permissions of list, get, and watch for system authenticated users. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// These capabilities should not be used by applications needing long term support. +// +k8s:openapi-gen=true +// +openshift:compatibility-gen:level=4 +// +kubebuilder:subresource:status +// +type SharedConfigMap struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec is the specification of the desired shared configmap + // +kubebuilder:validation:Required + Spec SharedConfigMapSpec `json:"spec,omitempty"` + + // status is the observed status of the shared configmap + Status SharedConfigMapStatus `json:"status,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// SharedConfigMapList contains a list of SharedConfigMap objects. +// +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +type SharedConfigMapList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []SharedConfigMap `json:"items"` +} + +// ConfigMapReference contains information about which ConfigMap to share +type ConfigMapReference struct { + // name represents the name of the ConfigMap that is being referenced. + // +kubebuilder:validation:Required + Name string `json:"name"` + // namespace represents the namespace where the referenced ConfigMap is located. + // +kubebuilder:validation:Required + Namespace string `json:"namespace"` +} + +// SharedConfigMapSpec defines the desired state of a SharedConfigMap +// +k8s:openapi-gen=true +type SharedConfigMapSpec struct { + //configMapRef is a reference to the ConfigMap to share + // +kubebuilder:validation:Required + ConfigMapRef ConfigMapReference `json:"configMapRef"` + // description is a user readable explanation of what the backing resource provides. + Description string `json:"description,omitempty"` +} + +// SharedSecretStatus contains the observed status of the shared resource +type SharedConfigMapStatus struct { + // conditions represents any observations made on this particular shared resource by the underlying CSI driver or Share controller. + // +patchMergeKey=type + // +patchStrategy=merge + Conditions []metav1.Condition `json:"conditions,omitempty"` +} diff --git a/sharedresource/v1alpha1/types_shared_secret.go b/sharedresource/v1alpha1/types_shared_secret.go new file mode 100644 index 00000000000..99a539df605 --- /dev/null +++ b/sharedresource/v1alpha1/types_shared_secret.go @@ -0,0 +1,86 @@ +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// SharedSecret allows a Secret to be shared across namespaces. +// Pods can mount the shared Secret by adding a CSI volume to the pod specification using the +// "csi.sharedresource.openshift.io" CSI driver and a reference to the SharedSecret in the volume attributes: +// +// spec: +// volumes: +// - name: shared-secret +// csi: +// driver: csi.sharedresource.openshift.io +// volumeAttributes: +// sharedSecret: my-share +// +// For the mount to be successful, the pod's service account must be granted permission to 'use' the named SharedSecret object +// within its namespace with an appropriate Role and RoleBinding. For compactness, here are example `oc` invocations for creating +// such Role and RoleBinding objects. +// +// `oc create role shared-resource-my-share --verb=use --resource=sharedsecrets.sharedresource.openshift.io --resource-name=my-share` +// `oc create rolebinding shared-resource-my-share --role=shared-resource-my-share --serviceaccount=my-namespace:default` +// +// Shared resource objects, in this case Secrets, have default permissions of list, get, and watch for system authenticated users. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +kubebuilder:subresource:status +// +type SharedSecret struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec is the specification of the desired shared secret + // +kubebuilder:validation:Required + Spec SharedSecretSpec `json:"spec,omitempty"` + + // status is the observed status of the shared secret + Status SharedSecretStatus `json:"status,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// SharedSecretList contains a list of SharedSecret objects. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +type SharedSecretList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []SharedSecret `json:"items"` +} + +// SharedSecretReference contains information about which Secret to share +type SharedSecretReference struct { + // name represents the name of the Secret that is being referenced. + // +kubebuilder:validation:Required + Name string `json:"name"` + // namespace represents the namespace where the referenced Secret is located. + // +kubebuilder:validation:Required + Namespace string `json:"namespace"` +} + +// SharedSecretSpec defines the desired state of a SharedSecret +// +k8s:openapi-gen=true +type SharedSecretSpec struct { + // secretRef is a reference to the Secret to share + // +kubebuilder:validation:Required + SecretRef SharedSecretReference `json:"secretRef"` + // description is a user readable explanation of what the backing resource provides. + Description string `json:"description,omitempty"` +} + +// SharedSecretStatus contains the observed status of the shared resource +type SharedSecretStatus struct { + // conditions represents any observations made on this particular shared resource by the underlying CSI driver or Share controller. + // +patchMergeKey=type + // +patchStrategy=merge + Conditions []metav1.Condition `json:"conditions,omitempty"` +} diff --git a/sharedresource/v1alpha1/zz_generated.deepcopy.go b/sharedresource/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 00000000000..593b5a46b7f --- /dev/null +++ b/sharedresource/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,244 @@ +// +build !ignore_autogenerated + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigMapReference) DeepCopyInto(out *ConfigMapReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapReference. +func (in *ConfigMapReference) DeepCopy() *ConfigMapReference { + if in == nil { + return nil + } + out := new(ConfigMapReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SharedConfigMap) DeepCopyInto(out *SharedConfigMap) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SharedConfigMap. +func (in *SharedConfigMap) DeepCopy() *SharedConfigMap { + if in == nil { + return nil + } + out := new(SharedConfigMap) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *SharedConfigMap) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SharedConfigMapList) DeepCopyInto(out *SharedConfigMapList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]SharedConfigMap, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SharedConfigMapList. +func (in *SharedConfigMapList) DeepCopy() *SharedConfigMapList { + if in == nil { + return nil + } + out := new(SharedConfigMapList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *SharedConfigMapList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SharedConfigMapSpec) DeepCopyInto(out *SharedConfigMapSpec) { + *out = *in + out.ConfigMapRef = in.ConfigMapRef + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SharedConfigMapSpec. +func (in *SharedConfigMapSpec) DeepCopy() *SharedConfigMapSpec { + if in == nil { + return nil + } + out := new(SharedConfigMapSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SharedConfigMapStatus) DeepCopyInto(out *SharedConfigMapStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SharedConfigMapStatus. +func (in *SharedConfigMapStatus) DeepCopy() *SharedConfigMapStatus { + if in == nil { + return nil + } + out := new(SharedConfigMapStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SharedSecret) DeepCopyInto(out *SharedSecret) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SharedSecret. +func (in *SharedSecret) DeepCopy() *SharedSecret { + if in == nil { + return nil + } + out := new(SharedSecret) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *SharedSecret) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SharedSecretList) DeepCopyInto(out *SharedSecretList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]SharedSecret, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SharedSecretList. +func (in *SharedSecretList) DeepCopy() *SharedSecretList { + if in == nil { + return nil + } + out := new(SharedSecretList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *SharedSecretList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SharedSecretReference) DeepCopyInto(out *SharedSecretReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SharedSecretReference. +func (in *SharedSecretReference) DeepCopy() *SharedSecretReference { + if in == nil { + return nil + } + out := new(SharedSecretReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SharedSecretSpec) DeepCopyInto(out *SharedSecretSpec) { + *out = *in + out.SecretRef = in.SecretRef + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SharedSecretSpec. +func (in *SharedSecretSpec) DeepCopy() *SharedSecretSpec { + if in == nil { + return nil + } + out := new(SharedSecretSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SharedSecretStatus) DeepCopyInto(out *SharedSecretStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SharedSecretStatus. +func (in *SharedSecretStatus) DeepCopy() *SharedSecretStatus { + if in == nil { + return nil + } + out := new(SharedSecretStatus) + in.DeepCopyInto(out) + return out +} diff --git a/sharedresource/v1alpha1/zz_generated.swagger_doc_generated.go b/sharedresource/v1alpha1/zz_generated.swagger_doc_generated.go new file mode 100644 index 00000000000..65189405274 --- /dev/null +++ b/sharedresource/v1alpha1/zz_generated.swagger_doc_generated.go @@ -0,0 +1,108 @@ +package v1alpha1 + +// This file contains a collection of methods that can be used from go-restful to +// generate Swagger API documentation for its models. Please read this PR for more +// information on the implementation: https://github.com/emicklei/go-restful/pull/215 +// +// TODOs are ignored from the parser (e.g. TODO(andronat):... || TODO:...) if and only if +// they are on one line! For multiple line or blocks that you want to ignore use ---. +// Any context after a --- is ignored. +// +// Those methods can be generated by using hack/update-swagger-docs.sh + +// AUTO-GENERATED FUNCTIONS START HERE +var map_ConfigMapReference = map[string]string{ + "": "ConfigMapReference contains information about which ConfigMap to share", + "name": "name represents the name of the ConfigMap that is being referenced.", + "namespace": "namespace represents the namespace where the referenced ConfigMap is located.", +} + +func (ConfigMapReference) SwaggerDoc() map[string]string { + return map_ConfigMapReference +} + +var map_SharedConfigMap = map[string]string{ + "": "SharedConfigMap allows a ConfigMap to be shared across namespaces. Pods can mount the shared ConfigMap by adding a CSI volume to the pod specification using the \"csi.sharedresource.openshift.io\" CSI driver and a reference to the SharedConfigMap in the volume attributes:\n\nspec:\n volumes:\n - name: shared-configmap\n csi:\n driver: csi.sharedresource.openshift.io\n volumeAttributes:\n sharedConfigMap: my-share\n\nFor the mount to be successful, the pod's service account must be granted permission to 'use' the named SharedConfigMap object within its namespace with an appropriate Role and RoleBinding. For compactness, here are example `oc` invocations for creating such Role and RoleBinding objects.\n\n `oc create role shared-resource-my-share --verb=use --resource=sharedconfigmaps.sharedresource.openshift.io --resource-name=my-share`\n `oc create rolebinding shared-resource-my-share --role=shared-resource-my-share --serviceaccount=my-namespace:default`\n\nShared resource objects, in this case ConfigMaps, have default permissions of list, get, and watch for system authenticated users.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support.", + "spec": "spec is the specification of the desired shared configmap", + "status": "status is the observed status of the shared configmap", +} + +func (SharedConfigMap) SwaggerDoc() map[string]string { + return map_SharedConfigMap +} + +var map_SharedConfigMapList = map[string]string{ + "": "SharedConfigMapList contains a list of SharedConfigMap objects.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support.", +} + +func (SharedConfigMapList) SwaggerDoc() map[string]string { + return map_SharedConfigMapList +} + +var map_SharedConfigMapSpec = map[string]string{ + "": "SharedConfigMapSpec defines the desired state of a SharedConfigMap", + "configMapRef": "configMapRef is a reference to the ConfigMap to share", + "description": "description is a user readable explanation of what the backing resource provides.", +} + +func (SharedConfigMapSpec) SwaggerDoc() map[string]string { + return map_SharedConfigMapSpec +} + +var map_SharedConfigMapStatus = map[string]string{ + "": "SharedSecretStatus contains the observed status of the shared resource", + "conditions": "conditions represents any observations made on this particular shared resource by the underlying CSI driver or Share controller.", +} + +func (SharedConfigMapStatus) SwaggerDoc() map[string]string { + return map_SharedConfigMapStatus +} + +var map_SharedSecret = map[string]string{ + "": "SharedSecret allows a Secret to be shared across namespaces. Pods can mount the shared Secret by adding a CSI volume to the pod specification using the \"csi.sharedresource.openshift.io\" CSI driver and a reference to the SharedSecret in the volume attributes:\n\nspec:\n volumes:\n - name: shared-secret\n csi:\n driver: csi.sharedresource.openshift.io\n volumeAttributes:\n sharedSecret: my-share\n\nFor the mount to be successful, the pod's service account must be granted permission to 'use' the named SharedSecret object within its namespace with an appropriate Role and RoleBinding. For compactness, here are example `oc` invocations for creating such Role and RoleBinding objects.\n\n `oc create role shared-resource-my-share --verb=use --resource=sharedsecrets.sharedresource.openshift.io --resource-name=my-share`\n `oc create rolebinding shared-resource-my-share --role=shared-resource-my-share --serviceaccount=my-namespace:default`\n\nShared resource objects, in this case Secrets, have default permissions of list, get, and watch for system authenticated users.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support.", + "spec": "spec is the specification of the desired shared secret", + "status": "status is the observed status of the shared secret", +} + +func (SharedSecret) SwaggerDoc() map[string]string { + return map_SharedSecret +} + +var map_SharedSecretList = map[string]string{ + "": "SharedSecretList contains a list of SharedSecret objects.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support.", +} + +func (SharedSecretList) SwaggerDoc() map[string]string { + return map_SharedSecretList +} + +var map_SharedSecretReference = map[string]string{ + "": "SharedSecretReference contains information about which Secret to share", + "name": "name represents the name of the Secret that is being referenced.", + "namespace": "namespace represents the namespace where the referenced Secret is located.", +} + +func (SharedSecretReference) SwaggerDoc() map[string]string { + return map_SharedSecretReference +} + +var map_SharedSecretSpec = map[string]string{ + "": "SharedSecretSpec defines the desired state of a SharedSecret", + "secretRef": "secretRef is a reference to the Secret to share", + "description": "description is a user readable explanation of what the backing resource provides.", +} + +func (SharedSecretSpec) SwaggerDoc() map[string]string { + return map_SharedSecretSpec +} + +var map_SharedSecretStatus = map[string]string{ + "": "SharedSecretStatus contains the observed status of the shared resource", + "conditions": "conditions represents any observations made on this particular shared resource by the underlying CSI driver or Share controller.", +} + +func (SharedSecretStatus) SwaggerDoc() map[string]string { + return map_SharedSecretStatus +} + +// AUTO-GENERATED FUNCTIONS END HERE