Skip to content

Update CRDs #459

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
tnozicka wants to merge 10 commits into from
Closed

Update CRDs #459

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
55cc259
Bring only alpha-build-machinery manually to avoid dependency on
tnozicka Oct 7, 2019
9981d30
Migrate Makefile to use alpha-build-machinery
tnozicka Oct 3, 2019
7068375
Fix tags to pass go vet
tnozicka Oct 3, 2019
25fbfa4
Add config.openshift.io from cluster-config-operator
tnozicka Oct 7, 2019
72dc11a
Add authorization.openshift.io from cluster-config-operator
tnozicka Oct 7, 2019
d7a48e1
Add console.openshift.io from cluster-config-operator
tnozicka Oct 7, 2019
140863a
Add operator.openshift.io from cluster-config-operator
tnozicka Oct 7, 2019
85e462e
Add quota.openshift.io from cluster-config-operator
tnozicka Oct 7, 2019
1722e84
Add security.openshift.io from cluster-config-operator
tnozicka Oct 7, 2019
d87d03b
Raise travis to go 1.12 but it should be really removed and tests moved
tnozicka Oct 7, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
language: go

go:
- "1.11"
- "1.12"

install:
- wget https://github.com/google/protobuf/releases/download/v3.0.2/protoc-3.0.2-linux-x86_64.zip
Expand Down
57 changes: 37 additions & 20 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,33 +1,50 @@
all: build
.PHONY: all

RUNTIME ?= podman
RUNTIME_IMAGE_NAME ?= openshift-api-generator
# Include the library makefile
include $(addprefix ./hack/alpha-build-machinery/make/, \
golang.mk \
targets/openshift/deps.mk \
targets/openshift/crd-schema-gen.mk \
)

build:
go build github.com/openshift/api/...
.PHONY: build
GO_PACKAGES :=$(addsuffix ...,$(addprefix ./,$(filter-out vendor/,$(filter-out hack/,$(wildcard */)))))
GO_BUILD_PACKAGES :=$(GO_PACKAGES)
GO_BUILD_PACKAGES_EXPANDED :=$(GO_BUILD_PACKAGES)
# LDFLAGS are not needed for dummy builds (saving time on calling git commands)
GO_LD_FLAGS:=

test:
go test github.com/openshift/api/...
.PHONY: test
# Set crd-schema-gen variables
CONTROLLER_GEN_VERSION :=v0.2.1

verify:
# $1 - target name
# $2 - apis
# $3 - manifests
# $4 - output
$(call add-crd-gen,authorization,./authorization/v1,./authorization/v1,./authorization/v1)
$(call add-crd-gen,config,./config/v1,./config/v1,./config/v1)
$(call add-crd-gen,console,./console/v1,./console/v1,./console/v1)
$(call add-crd-gen,operator,./operator/v1alpha1,./operator/v1alpha1,./operator/v1alpha1)
$(call add-crd-gen,quota,./quota/v1,./quota/v1,./quota/v1)
$(call add-crd-gen,security,./security/v1,./security/v1,./security/v1)

RUNTIME ?= podman
RUNTIME_IMAGE_NAME ?= openshift-api-generator

verify-scripts:
bash -x hack/verify-deepcopy.sh
bash -x hack/verify-protobuf.sh
bash -x hack/verify-swagger-docs.sh
.PHONY: verify

update-deps:
hack/update-deps.sh
.PHONY: update-deps
.PHONY: verify-scripts
verify: verify-scripts

generate-with-container: Dockerfile.build
$(RUNTIME) build -t $(RUNTIME_IMAGE_NAME) -f Dockerfile.build .
$(RUNTIME) run -ti --rm -v $(PWD):/go/src/github.com/openshift/api:z -w /go/src/github.com/openshift/api $(RUNTIME_IMAGE_NAME) make generate

generate:
update-scripts:
hack/update-deepcopy.sh
hack/update-protobuf.sh
hack/update-swagger-docs.sh
.PHONY: generate
.PHONY: update-scripts
update: update-scripts

generate-with-container: Dockerfile.build
$(RUNTIME) build -t $(RUNTIME_IMAGE_NAME) -f Dockerfile.build .
$(RUNTIME) run -ti --rm -v $(PWD):/go/src/github.com/openshift/api:z -w /go/src/github.com/openshift/api $(RUNTIME_IMAGE_NAME) make update-scripts
205 changes: 205 additions & 0 deletions authorization/v1/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,205 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: rolebindingrestrictions.authorization.openshift.io
spec:
group: authorization.openshift.io
names:
kind: RoleBindingRestriction
listKind: RoleBindingRestrictionList
plural: rolebindingrestrictions
singular: rolebindingrestriction
scope: Namespaced
versions:
- name: v1
served: true
storage: true
"validation":
"openAPIV3Schema":
description: RoleBindingRestriction is an object that can be matched against
a subject (user, group, or service account) to determine whether rolebindings
on that subject are allowed in the namespace to which the RoleBindingRestriction
belongs. If any one of those RoleBindingRestriction objects matches a subject,
rolebindings on that subject in the namespace are allowed.
type: object
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
description: Standard object's metadata.
type: object
spec:
description: Spec defines the matcher.
type: object
properties:
grouprestriction:
description: GroupRestriction matches against group subjects.
type: object
properties:
groups:
description: Groups is a list of groups used to match against an
individual user's groups. If the user is a member of one of the
whitelisted groups, the user is allowed to be bound to a role.
type: array
items:
type: string
nullable: true
labels:
description: Selectors specifies a list of label selectors over
group labels.
type: array
items:
description: A label selector is a label query over a set of resources.
The result of matchLabels and matchExpressions are ANDed. An
empty label selector matches all objects. A null label selector
matches no objects.
type: object
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
type: array
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
type: object
required:
- key
- operator
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
type: array
items:
type: string
matchLabels:
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
type: object
additionalProperties:
type: string
nullable: true
nullable: true
serviceaccountrestriction:
description: ServiceAccountRestriction matches against service-account
subjects.
type: object
properties:
namespaces:
description: Namespaces specifies a list of literal namespace names.
type: array
items:
type: string
serviceaccounts:
description: ServiceAccounts specifies a list of literal service-account
names.
type: array
items:
description: ServiceAccountReference specifies a service account
and namespace by their names.
type: object
properties:
name:
description: Name is the name of the service account.
type: string
namespace:
description: Namespace is the namespace of the service account. Service
accounts from inside the whitelisted namespaces are allowed
to be bound to roles. If Namespace is empty, then the namespace
of the RoleBindingRestriction in which the ServiceAccountReference
is embedded is used.
type: string
nullable: true
userrestriction:
description: UserRestriction matches against user subjects.
type: object
properties:
groups:
description: Groups specifies a list of literal group names.
type: array
items:
type: string
nullable: true
labels:
description: Selectors specifies a list of label selectors over
user labels.
type: array
items:
description: A label selector is a label query over a set of resources.
The result of matchLabels and matchExpressions are ANDed. An
empty label selector matches all objects. A null label selector
matches no objects.
type: object
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
type: array
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
type: object
required:
- key
- operator
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
type: array
items:
type: string
matchLabels:
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
type: object
additionalProperties:
type: string
nullable: true
users:
description: Users specifies a list of literal user names.
type: array
items:
type: string
nullable: true
100 changes: 100 additions & 0 deletions config/v1/0000_03_config-operator_01_operatorhub.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: operatorhubs.config.openshift.io
spec:
group: config.openshift.io
names:
kind: OperatorHub
listKind: OperatorHubList
plural: operatorhubs
singular: operatorhub
scope: Cluster
subresources:
status: {}
version: v1
versions:
- name: v1
served: true
storage: true
"validation":
"openAPIV3Schema":
description: OperatorHub is the Schema for the operatorhubs API. It can be used
to change the state of the default hub sources for OperatorHub on the cluster
from enabled to disabled and vice versa.
type: object
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: OperatorHubSpec defines the desired state of OperatorHub
type: object
properties:
disableAllDefaultSources:
description: disableAllDefaultSources allows you to disable all the
default hub sources. If this is true, a specific entry in sources
can be used to enable a default source. If this is false, a specific
entry in sources can be used to disable or enable a default source.
type: boolean
sources:
description: sources is the list of default hub sources and their configuration.
If the list is empty, it implies that the default hub sources are
enabled on the cluster unless disableAllDefaultSources is true. If
disableAllDefaultSources is true and sources is not empty, the configuration
present in sources will take precedence. The list of default hub sources
and their current state will always be reflected in the status block.
type: array
items:
description: HubSource is used to specify the hub source and its configuration
type: object
properties:
disabled:
description: disabled is used to disable a default hub source
on cluster
type: boolean
name:
description: name is the name of one of the default hub sources
type: string
maxLength: 253
minLength: 1
status:
description: OperatorHubStatus defines the observed state of OperatorHub.
The current state of the default hub sources will always be reflected
here.
type: object
properties:
sources:
description: sources encapsulates the result of applying the configuration
for each hub source
type: array
items:
description: HubSourceStatus is used to reflect the current state
of applying the configuration to a default source
type: object
properties:
disabled:
description: disabled is used to disable a default hub source
on cluster
type: boolean
message:
description: message provides more information regarding failures
type: string
name:
description: name is the name of one of the default hub sources
type: string
maxLength: 253
minLength: 1
status:
description: status indicates success or failure in applying the
configuration
type: string
Loading