Skip to content

feat: add support for label expressions to k8s operator #28074

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nklaassen merged 1 commit into from
Jun 22, 2023
Merged

feat: add support for label expressions to k8s operator #28074

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
132 changes: 130 additions & 2 deletions ...art/teleport-cluster/charts/teleport-operator/templates/resources.teleport.dev_roles.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,10 @@ spec:
description: AppLabels is a map of labels used as part of the
RBAC system.
type: object
app_labels_expression:
description: AppLabelsExpression is a predicate expression used
to allow/deny access to Apps.
type: string
aws_role_arns:
description: AWSRoleARNs is a list of AWS role ARNs this role
is allowed to assume.
Expand All @@ -61,12 +65,20 @@ spec:
description: ClusterLabels is a map of node labels (used to dynamically
grant access to clusters).
type: object
cluster_labels_expression:
description: ClusterLabelsExpression is a predicate expression
used to allow/deny access to remote Teleport clusters.
type: string
db_labels:
additionalProperties:
x-kubernetes-preserve-unknown-fields: true
description: DatabaseLabels are used in RBAC system to allow/deny
access to databases.
type: object
db_labels_expression:
description: DatabaseLabelsExpression is a predicate expression
used to allow/deny access to Databases.
type: string
db_names:
description: DatabaseNames is a list of database names this role
is allowed to connect to.
Expand All @@ -87,6 +99,10 @@ spec:
description: DatabaseServiceLabels are used in RBAC system to
allow/deny access to Database Services.
type: object
db_service_labels_expression:
description: DatabaseServiceLabelsExpression is a predicate expression
used to allow/deny access to Database Services.
type: string
db_users:
description: DatabaseUsers is a list of databases users this role
is allowed to connect as.
Expand Down Expand Up @@ -114,6 +130,10 @@ spec:
description: GroupLabels is a map of labels used as part of the
RBAC system.
type: object
group_labels_expression:
description: GroupLabelsExpression is a predicate expression used
to allow/deny access to user groups.
type: string
host_groups:
description: HostGroups is a list of groups for created users
to be added to
Expand Down Expand Up @@ -196,6 +216,10 @@ spec:
description: KubernetesLabels is a map of kubernetes cluster labels
used for RBAC.
type: object
kubernetes_labels_expression:
description: KubernetesLabelsExpression is a predicate expression
used to allow/deny access to kubernetes clusters.
type: string
kubernetes_resources:
description: KubernetesResources is the Kubernetes Resources this
Role grants access to.
Expand Down Expand Up @@ -232,6 +256,10 @@ spec:
description: NodeLabels is a map of node labels (used to dynamically
grant access to nodes).
type: object
node_labels_expression:
description: NodeLabelsExpression is a predicate expression used
to allow/deny access to SSH nodes.
type: string
request:
nullable: true
properties:
Expand Down Expand Up @@ -439,6 +467,10 @@ spec:
description: WindowsDesktopLabels are used in the RBAC system
to allow/deny access to Windows desktops.
type: object
windows_desktop_labels_expression:
description: WindowsDesktopLabelsExpression is a predicate expression
used to allow/deny access to Windows desktops.
type: string
windows_desktop_logins:
description: WindowsDesktopLogins is a list of desktop login names
allowed/denied for Windows desktops.
Expand All @@ -457,6 +489,10 @@ spec:
description: AppLabels is a map of labels used as part of the
RBAC system.
type: object
app_labels_expression:
description: AppLabelsExpression is a predicate expression used
to allow/deny access to Apps.
type: string
aws_role_arns:
description: AWSRoleARNs is a list of AWS role ARNs this role
is allowed to assume.
Expand All @@ -477,12 +513,20 @@ spec:
description: ClusterLabels is a map of node labels (used to dynamically
grant access to clusters).
type: object
cluster_labels_expression:
description: ClusterLabelsExpression is a predicate expression
used to allow/deny access to remote Teleport clusters.
type: string
db_labels:
additionalProperties:
x-kubernetes-preserve-unknown-fields: true
description: DatabaseLabels are used in RBAC system to allow/deny
access to databases.
type: object
db_labels_expression:
description: DatabaseLabelsExpression is a predicate expression
used to allow/deny access to Databases.
type: string
db_names:
description: DatabaseNames is a list of database names this role
is allowed to connect to.
Expand All @@ -503,6 +547,10 @@ spec:
description: DatabaseServiceLabels are used in RBAC system to
allow/deny access to Database Services.
type: object
db_service_labels_expression:
description: DatabaseServiceLabelsExpression is a predicate expression
used to allow/deny access to Database Services.
type: string
db_users:
description: DatabaseUsers is a list of databases users this role
is allowed to connect as.
Expand Down Expand Up @@ -530,6 +578,10 @@ spec:
description: GroupLabels is a map of labels used as part of the
RBAC system.
type: object
group_labels_expression:
description: GroupLabelsExpression is a predicate expression used
to allow/deny access to user groups.
type: string
host_groups:
description: HostGroups is a list of groups for created users
to be added to
Expand Down Expand Up @@ -612,6 +664,10 @@ spec:
description: KubernetesLabels is a map of kubernetes cluster labels
used for RBAC.
type: object
kubernetes_labels_expression:
description: KubernetesLabelsExpression is a predicate expression
used to allow/deny access to kubernetes clusters.
type: string
kubernetes_resources:
description: KubernetesResources is the Kubernetes Resources this
Role grants access to.
Expand Down Expand Up @@ -648,6 +704,10 @@ spec:
description: NodeLabels is a map of node labels (used to dynamically
grant access to nodes).
type: object
node_labels_expression:
description: NodeLabelsExpression is a predicate expression used
to allow/deny access to SSH nodes.
type: string
request:
nullable: true
properties:
Expand Down Expand Up @@ -855,6 +915,10 @@ spec:
description: WindowsDesktopLabels are used in the RBAC system
to allow/deny access to Windows desktops.
type: object
windows_desktop_labels_expression:
description: WindowsDesktopLabelsExpression is a predicate expression
used to allow/deny access to Windows desktops.
type: string
windows_desktop_logins:
description: WindowsDesktopLogins is a list of desktop login names
allowed/denied for Windows desktops.
Expand Down Expand Up @@ -1018,7 +1082,7 @@ spec:
type: string
request_prompt:
description: RequestPrompt is an optional message which tells
users what they aught to
users what they aught to request.
type: string
require_session_mfa:
description: RequireMFAType is the type of MFA requirement enforced
Expand Down Expand Up @@ -1143,6 +1207,10 @@ spec:
description: AppLabels is a map of labels used as part of the
RBAC system.
type: object
app_labels_expression:
description: AppLabelsExpression is a predicate expression used
to allow/deny access to Apps.
type: string
aws_role_arns:
description: AWSRoleARNs is a list of AWS role ARNs this role
is allowed to assume.
Expand All @@ -1163,12 +1231,20 @@ spec:
description: ClusterLabels is a map of node labels (used to dynamically
grant access to clusters).
type: object
cluster_labels_expression:
description: ClusterLabelsExpression is a predicate expression
used to allow/deny access to remote Teleport clusters.
type: string
db_labels:
additionalProperties:
x-kubernetes-preserve-unknown-fields: true
description: DatabaseLabels are used in RBAC system to allow/deny
access to databases.
type: object
db_labels_expression:
description: DatabaseLabelsExpression is a predicate expression
used to allow/deny access to Databases.
type: string
db_names:
description: DatabaseNames is a list of database names this role
is allowed to connect to.
Expand All @@ -1189,6 +1265,10 @@ spec:
description: DatabaseServiceLabels are used in RBAC system to
allow/deny access to Database Services.
type: object
db_service_labels_expression:
description: DatabaseServiceLabelsExpression is a predicate expression
used to allow/deny access to Database Services.
type: string
db_users:
description: DatabaseUsers is a list of databases users this role
is allowed to connect as.
Expand Down Expand Up @@ -1216,6 +1296,10 @@ spec:
description: GroupLabels is a map of labels used as part of the
RBAC system.
type: object
group_labels_expression:
description: GroupLabelsExpression is a predicate expression used
to allow/deny access to user groups.
type: string
host_groups:
description: HostGroups is a list of groups for created users
to be added to
Expand Down Expand Up @@ -1298,6 +1382,10 @@ spec:
description: KubernetesLabels is a map of kubernetes cluster labels
used for RBAC.
type: object
kubernetes_labels_expression:
description: KubernetesLabelsExpression is a predicate expression
used to allow/deny access to kubernetes clusters.
type: string
kubernetes_resources:
description: KubernetesResources is the Kubernetes Resources this
Role grants access to.
Expand Down Expand Up @@ -1334,6 +1422,10 @@ spec:
description: NodeLabels is a map of node labels (used to dynamically
grant access to nodes).
type: object
node_labels_expression:
description: NodeLabelsExpression is a predicate expression used
to allow/deny access to SSH nodes.
type: string
request:
nullable: true
properties:
Expand Down Expand Up @@ -1541,6 +1633,10 @@ spec:
description: WindowsDesktopLabels are used in the RBAC system
to allow/deny access to Windows desktops.
type: object
windows_desktop_labels_expression:
description: WindowsDesktopLabelsExpression is a predicate expression
used to allow/deny access to Windows desktops.
type: string
windows_desktop_logins:
description: WindowsDesktopLogins is a list of desktop login names
allowed/denied for Windows desktops.
Expand All @@ -1559,6 +1655,10 @@ spec:
description: AppLabels is a map of labels used as part of the
RBAC system.
type: object
app_labels_expression:
description: AppLabelsExpression is a predicate expression used
to allow/deny access to Apps.
type: string
aws_role_arns:
description: AWSRoleARNs is a list of AWS role ARNs this role
is allowed to assume.
Expand All @@ -1579,12 +1679,20 @@ spec:
description: ClusterLabels is a map of node labels (used to dynamically
grant access to clusters).
type: object
cluster_labels_expression:
description: ClusterLabelsExpression is a predicate expression
used to allow/deny access to remote Teleport clusters.
type: string
db_labels:
additionalProperties:
x-kubernetes-preserve-unknown-fields: true
description: DatabaseLabels are used in RBAC system to allow/deny
access to databases.
type: object
db_labels_expression:
description: DatabaseLabelsExpression is a predicate expression
used to allow/deny access to Databases.
type: string
db_names:
description: DatabaseNames is a list of database names this role
is allowed to connect to.
Expand All @@ -1605,6 +1713,10 @@ spec:
description: DatabaseServiceLabels are used in RBAC system to
allow/deny access to Database Services.
type: object
db_service_labels_expression:
description: DatabaseServiceLabelsExpression is a predicate expression
used to allow/deny access to Database Services.
type: string
db_users:
description: DatabaseUsers is a list of databases users this role
is allowed to connect as.
Expand Down Expand Up @@ -1632,6 +1744,10 @@ spec:
description: GroupLabels is a map of labels used as part of the
RBAC system.
type: object
group_labels_expression:
description: GroupLabelsExpression is a predicate expression used
to allow/deny access to user groups.
type: string
host_groups:
description: HostGroups is a list of groups for created users
to be added to
Expand Down Expand Up @@ -1714,6 +1830,10 @@ spec:
description: KubernetesLabels is a map of kubernetes cluster labels
used for RBAC.
type: object
kubernetes_labels_expression:
description: KubernetesLabelsExpression is a predicate expression
used to allow/deny access to kubernetes clusters.
type: string
kubernetes_resources:
description: KubernetesResources is the Kubernetes Resources this
Role grants access to.
Expand Down Expand Up @@ -1750,6 +1870,10 @@ spec:
description: NodeLabels is a map of node labels (used to dynamically
grant access to nodes).
type: object
node_labels_expression:
description: NodeLabelsExpression is a predicate expression used
to allow/deny access to SSH nodes.
type: string
request:
nullable: true
properties:
Expand Down Expand Up @@ -1957,6 +2081,10 @@ spec:
description: WindowsDesktopLabels are used in the RBAC system
to allow/deny access to Windows desktops.
type: object
windows_desktop_labels_expression:
description: WindowsDesktopLabelsExpression is a predicate expression
used to allow/deny access to Windows desktops.
type: string
windows_desktop_logins:
description: WindowsDesktopLogins is a list of desktop login names
allowed/denied for Windows desktops.
Expand Down Expand Up @@ -2120,7 +2248,7 @@ spec:
type: string
request_prompt:
description: RequestPrompt is an optional message which tells
users what they aught to
users what they aught to request.
type: string
require_session_mfa:
description: RequireMFAType is the type of MFA requirement enforced
Expand Down
Loading