move openshift/cloud-credential-operator API into openshift/api

Makefile

@@ -19,6 +19,7 @@ GO_LD_FLAGS:=
 # $3 - manifests
 # $4 - output
 $(call add-crd-gen,authorization,./authorization/v1,./authorization/v1,./authorization/v1)
+$(call add-crd-gen,cloudcredential,./cloudcredential/v1,./cloudcredential/v1,./cloudcredential/v1)
 $(call add-crd-gen,config,./config/v1,./config/v1,./config/v1)
 $(call add-crd-gen,console,./console/v1,./console/v1,./console/v1)
 $(call add-crd-gen,imageregistry,./imageregistry/v1,./imageregistry/v1,./imageregistry/v1)

cloudcredential/install.go

@@ -0,0 +1,26 @@
+package cloudcredential
+
+import (
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+
+	ccv1 "github.com/openshift/api/cloudcredential/v1"
+)
+
+const (
+	GroupName = "cloudcredentials.openshift.io"
+)
+
+var (
+	schemeBuilder = runtime.NewSchemeBuilder(ccv1.Install)
+	// Install is a function which adds every version of this group to a scheme
+	Install = schemeBuilder.AddToScheme
+)
+
+func Resource(resource string) schema.GroupResource {
+	return schema.GroupResource{Group: GroupName, Resource: resource}
+}
+
+func Kind(kind string) schema.GroupKind {
+	return schema.GroupKind{Group: GroupName, Kind: kind}
+}

cloudcredential/v1/0000_10_config-operator_01_credentialsrequest.crd.yaml

@@ -0,0 +1,146 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: credentialsrequests.cloudcredential.openshift.io
+spec:
+  group: cloudcredential.openshift.io
+  names:
+    kind: CredentialsRequest
+    listKind: CredentialsRequestList
+    plural: credentialsrequests
+    singular: credentialsrequest
+  scope: Namespaced
+  subresources:
+    status: {}
+  version: v1
+  validation:
+    openAPIV3Schema:
+      description: CredentialsRequest is the Schema for the credentialsrequests API
+      type: object
+      required:
+      - spec
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: CredentialsRequestSpec defines the desired state of CredentialsRequest
+          type: object
+          required:
+          - secretRef
+          properties:
+            providerSpec:
+              description: ProviderSpec contains the cloud provider specific credentials
+                specification.
+              type: object
+            secretRef:
+              description: SecretRef points to the secret where the credentials should
+                be stored once generated.
+              type: object
+              properties:
+                apiVersion:
+                  description: API version of the referent.
+                  type: string
+                fieldPath:
+                  description: 'If referring to a piece of an object instead of an
+                    entire object, this string should contain a valid JSON/Go field
+                    access statement, such as desiredState.manifest.containers[2].
+                    For example, if the object reference is to a container within
+                    a pod, this would take on a value like: "spec.containers{name}"
+                    (where "name" refers to the name of the container that triggered
+                    the event) or if no container name is specified "spec.containers[2]"
+                    (container with index 2 in this pod). This syntax is chosen only
+                    to have some well-defined way of referencing a part of an object.
+                    TODO: this design is not final and this field is subject to change
+                    in the future.'
+                  type: string
+                kind:
+                  description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                  type: string
+                name:
+                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                  type: string
+                namespace:
+                  description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                  type: string
+                resourceVersion:
+                  description: 'Specific resourceVersion to which this reference is
+                    made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                  type: string
+                uid:
+                  description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                  type: string
+        status:
+          description: CredentialsRequestStatus defines the observed state of CredentialsRequest
+          type: object
+          required:
+          - lastSyncGeneration
+          - provisioned
+          properties:
+            conditions:
+              description: Conditions includes detailed status for the CredentialsRequest
+              type: array
+              items:
+                description: CredentialsRequestCondition contains details for any
+                  of the conditions on a CredentialsRequest object
+                type: object
+                required:
+                - status
+                - type
+                properties:
+                  lastProbeTime:
+                    description: LastProbeTime is the last time we probed the condition
+                    type: string
+                    format: date-time
+                  lastTransitionTime:
+                    description: LastTransitionTime is the last time the condition
+                      transitioned from one status to another.
+                    type: string
+                    format: date-time
+                  message:
+                    description: Message is a human-readable message indicating details
+                      about the last transition
+                    type: string
+                  reason:
+                    description: Reason is a unique, one-word, CamelCase reason for
+                      the condition's last transition
+                    type: string
+                  status:
+                    description: Status is the status of the condition
+                    type: string
+                  type:
+                    description: Type is the specific type of the condition
+                    type: string
+            lastSyncGeneration:
+              description: LastSyncGeneration is the generation of the credentials
+                request resource that was last synced. Used to determine if the object
+                has changed and requires a sync.
+              type: integer
+              format: int64
+            lastSyncTimestamp:
+              description: LastSyncTimestamp is the time that the credentials were
+                last synced.
+              type: string
+              format: date-time
+            providerStatus:
+              description: ProviderStatus contains cloud provider specific status.
+              type: object
+            provisioned:
+              description: Provisioned is true once the credentials have been initially
+                provisioned.
+              type: boolean
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

cloudcredential/v1/aws_manual.deepcopy.go

@@ -0,0 +1,79 @@
+package v1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto will perform a DeepCopy into the provided AWSProviderSpec
+func (in *AWSProviderSpec) DeepCopyInto(out *AWSProviderSpec) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	if in.StatementEntries != nil {
+		in, out := &in.StatementEntries, &out.StatementEntries
+		*out = make([]StatementEntry, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy will DeepCopy and return a pointer to a
+// new AWSProviderSpec
+func (in *AWSProviderSpec) DeepCopy() *AWSProviderSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(AWSProviderSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject will return a DeepCopied AWSProviderSpec
+// as a runtime.Object
+func (in *AWSProviderSpec) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+func deepCopyIAMPolicyCondition(ipc IAMPolicyCondition) IAMPolicyCondition {
+	cp := make(IAMPolicyCondition)
+	for key, val := range ipc {
+		if val != nil {
+			cp[key] = make(IAMPolicyConditionKeyValue)
+			for subKey, subVal := range val {
+				cp[key][subKey] = subVal
+			}
+		}
+	}
+
+	return cp
+}
+
+// DeepCopyInto will perform a DeepCopy into the provided StatementEntry
+func (in *StatementEntry) DeepCopyInto(out *StatementEntry) {
+	*out = *in
+	if in.Action != nil {
+		in, out := &in.Action, &out.Action
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.PolicyCondition != nil {
+		out.PolicyCondition = deepCopyIAMPolicyCondition(in.PolicyCondition)
+	}
+
+	return
+}
+
+// DeepCopy will DeepCopy and return a pointer to a
+// new StatementEntry
+func (in *StatementEntry) DeepCopy() *StatementEntry {
+	if in == nil {
+		return nil
+	}
+	out := new(StatementEntry)
+	in.DeepCopyInto(out)
+	return out
+}

cloudcredential/v1/aws_manual.deepcopy_test.go

@@ -0,0 +1,77 @@
+package v1
+
+import (
+	"testing"
+
+	"k8s.io/apimachinery/pkg/runtime"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAWSProviderSpecDeepCopy(t *testing.T) {
+
+	tests := []struct {
+		name         string
+		providerSpec *AWSProviderSpec
+	}{
+		{
+			name: "basic provider spec",
+			providerSpec: &AWSProviderSpec{
+				StatementEntries: []StatementEntry{
+					{
+						Effect: "Allow",
+						Action: []string{
+							"iam:Action1",
+							"iam:Action2",
+						},
+						Resource: "*",
+					},
+				},
+			},
+		},
+		{
+			name: "with conditions",
+			providerSpec: &AWSProviderSpec{
+				StatementEntries: []StatementEntry{
+					{
+						Effect: "Allow",
+						Action: []string{
+							"iam:Action1",
+							"iam:Action2",
+						},
+						Resource: "*",
+						PolicyCondition: IAMPolicyCondition{
+							"StringEquals": IAMPolicyConditionKeyValue{
+								"aws:userid": "testuser",
+							},
+							"StringNotEquals": IAMPolicyConditionKeyValue{
+								"aws:SourceVpc": "vpc-12345",
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name:         "nil provider spec",
+			providerSpec: nil,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			dCopy := test.providerSpec.DeepCopy()
+			assert.Equal(t, test.providerSpec, dCopy, "expected the DeepCopy() results to be deeply equal")
+
+			if test.providerSpec != nil {
+				newAWSProviderSpec := &AWSProviderSpec{}
+				test.providerSpec.DeepCopyInto(newAWSProviderSpec)
+				assert.Equal(t, test.providerSpec, newAWSProviderSpec, "expected the DeepCopyInto() results to be deeply equal")
+
+				dCopyObject := test.providerSpec.DeepCopyObject()
+				testProviderSpecObject := runtime.Object(test.providerSpec)
+				assert.Equal(t, testProviderSpecObject, dCopyObject, "expected the DeepCopyObject() results to be equal")
+			}
+		})
+	}
+}