Skip to content

Commit 848dc7c

Browse files
PanSpagetkaPanSpagetka
committed
Add RosaRoleConfig API and CRD.
1 parent e9f2823 commit 848dc7c

17 files changed

+1166
-27
lines changed

PROJECT

Lines changed: 22 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1,60 +1,61 @@
1-
version: "2"
21
domain: cluster.x-k8s.io
32
repo: sigs.k8s.io/cluster-api-provider-aws
43
resources:
5-
# v1beta1 types
64
- group: infrastructure
7-
version: v1beta1
85
kind: AWSMachine
9-
- group: infrastructure
106
version: v1beta1
11-
kind: AWSCluster
127
- group: infrastructure
8+
kind: AWSCluster
139
version: v1beta1
14-
kind: AWSMachineTemplate
1510
- group: infrastructure
11+
kind: AWSMachineTemplate
1612
version: v1beta1
17-
kind: AWSClusterStaticIdentity
1813
- group: infrastructure
14+
kind: AWSClusterStaticIdentity
1915
version: v1beta1
20-
kind: AWSClusterRoleIdentity
2116
- group: infrastructure
17+
kind: AWSClusterRoleIdentity
2218
version: v1beta1
23-
kind: AWSClusterControllerIdentity
2419
- group: infrastructure
20+
kind: AWSClusterControllerIdentity
2521
version: v1beta1
26-
kind: AWSClusterTemplate
2722
- group: infrastructure
23+
kind: AWSClusterTemplate
2824
version: v1beta1
29-
kind: AWSManagedControlPlanes
3025
- group: infrastructure
26+
kind: AWSManagedControlPlanes
3127
version: v1beta1
28+
- group: infrastructure
3229
kind: AWSManagedCluster
33-
# v1beta2 types
30+
version: v1beta1
3431
- group: infrastructure
35-
version: v1beta2
3632
kind: AWSMachine
37-
- group: infrastructure
3833
version: v1beta2
39-
kind: AWSCluster
4034
- group: infrastructure
35+
kind: AWSCluster
4136
version: v1beta2
42-
kind: AWSMachineTemplate
4337
- group: infrastructure
38+
kind: AWSMachineTemplate
4439
version: v1beta2
45-
kind: AWSClusterStaticIdentity
4640
- group: infrastructure
41+
kind: AWSClusterStaticIdentity
4742
version: v1beta2
48-
kind: AWSClusterRoleIdentity
4943
- group: infrastructure
44+
kind: AWSClusterRoleIdentity
5045
version: v1beta2
51-
kind: AWSClusterControllerIdentity
5246
- group: infrastructure
47+
kind: AWSClusterControllerIdentity
5348
version: v1beta2
54-
kind: AWSClusterTemplate
5549
- group: infrastructure
50+
kind: AWSClusterTemplate
5651
version: v1beta2
57-
kind: AWSManagedControlPlanes
5852
- group: infrastructure
53+
kind: AWSManagedControlPlanes
5954
version: v1beta2
55+
- group: infrastructure
6056
kind: AWSManagedCluster
57+
version: v1beta2
58+
- group: infrastructure
59+
kind: ROSARoleConfig
60+
version: v1beta2
61+
version: "2"

api/v1beta2/rosaroleconfig_types.go

Lines changed: 153 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,153 @@
1+
/*
2+
Copyright The Kubernetes Authors.
3+
4+
Licensed under the Apache License, Version 2.0 (the "License");
5+
you may not use this file except in compliance with the License.
6+
You may obtain a copy of the License at
7+
8+
http://www.apache.org/licenses/LICENSE-2.0
9+
10+
Unless required by applicable law or agreed to in writing, software
11+
distributed under the License is distributed on an "AS IS" BASIS,
12+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
See the License for the specific language governing permissions and
14+
limitations under the License.
15+
*/
16+
17+
package v1beta2
18+
19+
import (
20+
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
21+
)
22+
23+
// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN!
24+
// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.
25+
26+
// ROSARoleConfigSpec defines the desired state of ROSARoleConfig
27+
28+
type ROSARoleConfigSpec struct {
29+
AccountRoleConfig AccountRoleConfig `json:"accountRoleConfig"`
30+
OperatorRoleConfig OperatorRoleConfig `json:"operatorRoleConfig"`
31+
OIDCConfig OIDCConfig `json:"oidcConfig"`
32+
}
33+
34+
// +kubebuilder:object:root=true
35+
36+
// ROSARoleConfig is the Schema for the rosaroleconfigs API
37+
type ROSARoleConfig struct {
38+
metav1.TypeMeta `json:",inline"`
39+
metav1.ObjectMeta `json:"metadata,omitempty"`
40+
41+
Spec ROSARoleConfigSpec `json:"spec,omitempty"`
42+
Status ROSARoleConfigStatus `json:"status,omitempty"`
43+
}
44+
45+
type AccountRoleConfig struct {
46+
// TODO: verify max len
47+
// +kubebuilder:validation:MaxLength:=4
48+
// +kubebuilder:validation:Required
49+
Prefix string `json:"prefix"`
50+
// +optional
51+
PermissionsBoundaryARN string `json:"permissionsBoundaryARN,omitempty"`
52+
// +optional
53+
Path string `json:"path,omitempty"`
54+
// +kubebuilder:validation:Required
55+
Version string `json:"version"`
56+
// +optional
57+
SharedVPCConfig SharedVPCConfig `json:"sharedVPCConfig,omitempty"`
58+
}
59+
60+
type OperatorRoleConfig struct {
61+
// TODO: verify max len
62+
// +kubebuilder:validation:MaxLength:=4
63+
// +kubebuilder:validation:Required
64+
Prefix string `json:"prefix"`
65+
// +optional
66+
PermissionsBoundaryARN string `json:"permissionsBoundaryARN,omitempty"`
67+
// +kubebuilder:validation:Required
68+
OIDCConfigID string `json:"oidcConfigId,omitempty"`
69+
// +optional
70+
SharedVPCConfig SharedVPCConfig `json:"sharedVPCConfig,omitempty"`
71+
}
72+
73+
type SharedVPCConfig struct {
74+
RouteRoleARN string `json:"routeRoleARN,omitempty"`
75+
VPCEndpointRoleARN string `json:"vpcEndpointRoleArn,omitempty"`
76+
}
77+
78+
type OIDCConfig struct {
79+
CreateManagedOIDC string `json:"createManagedOIDC"`
80+
ExternalAuthProviders []ExternalAuthProvider `json:"externalAuthProviders,omitempty"`
81+
}
82+
83+
type ExternalAuthProvider struct {
84+
Name string `json:"name"`
85+
Issuer Issuer `json:"issuer"`
86+
ClaimMappings ClaimMappings `json:"claimMappings"`
87+
OIDCClients []OIDCClient `json:"oidcClients,omitempty"`
88+
}
89+
90+
type Issuer struct {
91+
IssuerURL string `json:"issuerURL"`
92+
Audiences []string `json:"audiences,omitempty"`
93+
}
94+
95+
type ClaimMappings struct {
96+
Username Mapping `json:"username"`
97+
Groups Mapping `json:"groups,omitempty"`
98+
}
99+
100+
type Mapping struct {
101+
Claim string `json:"claim"`
102+
PrefixPolicy string `json:"prefixPolicy,omitempty"`
103+
}
104+
105+
type OIDCClient struct {
106+
ComponentName string `json:"componentName"`
107+
ComponentNamespace string `json:"componentNamespace"`
108+
ClientID string `json:"clientID"`
109+
ClientSecret SecretReference `json:"clientSecret"`
110+
}
111+
112+
type SecretReference struct {
113+
Name string `json:"name"`
114+
}
115+
116+
// ROSARoleConfigStatus defines the observed state of ROSARoleConfig
117+
type ROSARoleConfigStatus struct {
118+
Conditions []metav1.Condition `json:"conditions,omitempty"`
119+
OIDCID string `json:"oidcID,omitempty"`
120+
OIDCProviderARN string `json:"oidcProviderARN,omitempty"`
121+
AccountRolesRef AccountRolesRef `json:"accountRolesRef,omitempty"`
122+
OperatorRolesRef OperatorRolesRef `json:"operatorRolesRef,omitempty"`
123+
}
124+
125+
type AccountRolesRef struct {
126+
InstallerRoleARN string `json:"installerRoleARN,omitempty"`
127+
SupportRoleARN string `json:"supportRoleARN,omitempty"`
128+
WorkerRoleARN string `json:"workerRoleARN,omitempty"`
129+
}
130+
131+
type OperatorRolesRef struct {
132+
IngressARN string `json:"ingressARN,omitempty"`
133+
ImageRegistryARN string `json:"imageRegistryARN,omitempty"`
134+
StorageARN string `json:"storageARN,omitempty"`
135+
NetworkARN string `json:"networkARN,omitempty"`
136+
KubeCloudControllerARN string `json:"kubeCloudControllerARN,omitempty"`
137+
NodePoolManagementARN string `json:"nodePoolManagementARN,omitempty"`
138+
ControlPlaneOperatorARN string `json:"controlPlaneOperatorARN,omitempty"`
139+
KMSProviderARN string `json:"kmsProviderARN,omitempty"`
140+
}
141+
142+
// +kubebuilder:object:root=true
143+
144+
// ROSARoleConfigList contains a list of ROSARoleConfig
145+
type ROSARoleConfigList struct {
146+
metav1.TypeMeta `json:",inline"`
147+
metav1.ListMeta `json:"metadata,omitempty"`
148+
Items []ROSARoleConfig `json:"items"`
149+
}
150+
151+
func init() {
152+
SchemeBuilder.Register(&ROSARoleConfig{}, &ROSARoleConfigList{})
153+
}

0 commit comments

Comments
 (0)