v1alpha1

package
v0.6.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 2, 2022 License: Apache-2.0 Imports: 12 Imported by: 36

Documentation

Overview

+k8s:deepcopy-gen=package,register +groupName=apis.kcp.dev +k8s:openapi-gen=true

Index

Constants

View Source 
const (
	// APIExportValid is a condition for APIBinding that reflects the validity of the referenced APIExport.
	APIExportValid conditionsv1alpha1.ConditionType = "APIExportValid"

	// APIExportInvalidReferenceReason is a reason for the APIExportValid condition of APIBinding that the referenced
	// APIExport reference is invalid.
	APIExportInvalidReferenceReason = "APIExportInvalidReference"
	// APIExportNotFoundReason is a reason for the APIExportValid condition that the referenced APIExport is not found.
	APIExportNotFoundReason = "APIExportNotFound"

	// APIResourceSchemaInvalidReason is a reason for the InitialBindingCompleted and BindingUpToDate conditions when one of generated CRD is invalid.
	APIResourceSchemaInvalidReason = "APIResourceSchemaInvalid"

	// InternalErrorReason is a reason used by multiple conditions that something went wrong.
	InternalErrorReason = "InternalError"

	// InitialBindingCompleted is a condition for APIBinding that indicates the initial binding completed successfully.
	// Once true, this can never be reset to false.
	InitialBindingCompleted conditionsv1alpha1.ConditionType = "InitialBindingCompleted"

	// WaitingForEstablishedReason is a reason for the InitialBindingCompleted condition that the bound CRDs are not ready.
	WaitingForEstablishedReason = "WaitingForEstablished"

	// BindingUpToDate is a condition for APIBinding that indicates that the APIs currently bound are up-to-date with
	// the binding's desired export.
	BindingUpToDate conditionsv1alpha1.ConditionType = "BindingUpToDate"

	// NamingConflictsReason is a reason for the BindingUpToDate condition that at least one API coming in from the APIBinding
	// has a naming conflict with other APIs.
	NamingConflictsReason = "NamingConflicts"

	// BindingResourceDeleteSuccess is a condition for APIBinding that indicates the resources relating this binding are deleted
	// successfully when the APIBinding is deleting
	BindingResourceDeleteSuccess conditionsv1alpha1.ConditionType = "BindingResourceDeleteSuccess"

	// PermissionClaimsAccepted is a condition for APIBinding that indicates that the permission claims were fully accepted or not.
	PermissionClaimsAccepted conditionsv1alpha1.ConditionType = "PermissionClaimAccepted"

	// IdentityMismatchClaimInvalidReason is used one or more claims have an identity mismatch, between what is bound and what is accepted.
	IdentityMismatchClaimInvalidReason = "ClaimIdentityMismatch"

	// UnknownPermissionClaimInvalidReason  is used when no idenitty mismatches exist, but we are unable to update the resources.
	UnknownPermissionClaimInvalidReason = "Unknown"
)

These are valid conditions of APIBinding.

View Source 
const (
	// AnnotationBoundCRDKey is the annotation key that indicates a CRD is for an APIExport (a "bound CRD").
	AnnotationBoundCRDKey = "apis.kcp.dev/bound-crd"
	// AnnotationSchemaClusterKey is the annotation key for a bound CRD indicating the cluster name of the
	// APIResourceSchema for the CRD.
	AnnotationSchemaClusterKey = "apis.kcp.dev/schema-cluster"
	// AnnotationSchemaNameKey is the annotation key for a bound CRD indicating the name of the APIResourceSchema for
	// the CRD.
	AnnotationSchemaNameKey = "apis.kcp.dev/schema-name"
	// AnnotationAPIIdentityKey is the annotation key for a bound CRD indicating the identity hash of the APIExport
	// for the request. This data is synthetic; it is not stored in etcd and instead is only applied when retrieving
	// CRs for the CRD.
	AnnotationAPIIdentityKey = "apis.kcp.dev/identity"
)

These are annotations for bound CRDs

View Source 
const (
	APIExportIdentityValid conditionsv1alpha1.ConditionType = "IdentityValid"

	IdentityVerificationFailedReason = "IdentityVerificationFailed"
	IdentityGenerationFailedReason   = "IdentityGenerationFailed"

	APIExportVirtualWorkspaceURLsReady conditionsv1alpha1.ConditionType = "VirtualWorkspaceURLsReady"

	ErrorGeneratingURLsReason = "ErrorGeneratingURLs"
)

These are valid conditions of APIExport.

View Source 
const (
	APIExportPermissionClaimLabelPrefix = "claimed.internal.apis.kcp.dev/"
)
View Source 
const (
	// MaximalPermissionPolicyRBACUserGroupPrefix is the prefix for the user and group names
	// when verifying the APIExport.spec.maximalPermissionPolicy.
	MaximalPermissionPolicyRBACUserGroupPrefix = "apis.kcp.dev:binding:"
)
View Source 
const (
	// SecretKeyAPIExportIdentity is the key in an identity secret for the identity of an APIExport.
	SecretKeyAPIExportIdentity = "key"
)

These are for APIExport identity.

Variables

View Source 
var (
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	AddToScheme   = SchemeBuilder.AddToScheme
)
View Source 
var SchemeGroupVersion = schema.GroupVersion{Group: apis.GroupName, Version: "v1alpha1"}

SchemeGroupVersion is group version used to register these objects

Functions

func Kind 

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns back a Group qualified GroupKind

func Resource 

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types

type APIBinding 

type APIBinding struct {
	metav1.TypeMeta `json:",inline"`
	// +optional
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec holds the desired state.
	// +required
	// +kubebuilder:validation:Required
	Spec APIBindingSpec `json:"spec,omitempty"`

	// Status communicates the observed state.
	// +optional
	Status APIBindingStatus `json:"status,omitempty"`
}

APIBinding enables a set of resources and their behaviour through an external service provider in this workspace.

The service provider uses an APIExport to expose the API.

+crd +genclient +genclient:nonNamespaced +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories=kcp

func (*APIBinding) DeepCopy 

func (in *APIBinding) DeepCopy() *APIBinding

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIBinding.

func (*APIBinding) DeepCopyInto 

func (in *APIBinding) DeepCopyInto(out *APIBinding)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*APIBinding) DeepCopyObject 

func (in *APIBinding) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*APIBinding) GetConditions 

func (in *APIBinding) GetConditions() conditionsv1alpha1.Conditions

func (*APIBinding) SetConditions 

func (in *APIBinding) SetConditions(conditions conditionsv1alpha1.Conditions)

type APIBindingList 

type APIBindingList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata"`

	Items []APIBinding `json:"items"`
}

APIBindingList is a list of APIBinding resources

+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*APIBindingList) DeepCopy 

func (in *APIBindingList) DeepCopy() *APIBindingList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIBindingList.

func (*APIBindingList) DeepCopyInto 

func (in *APIBindingList) DeepCopyInto(out *APIBindingList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*APIBindingList) DeepCopyObject 

func (in *APIBindingList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type APIBindingPhaseType 

type APIBindingPhaseType string

APIBindingPhaseType is the type of the current phase of an APIBinding. 

const (
	APIBindingPhaseBinding APIBindingPhaseType = "Binding"
	APIBindingPhaseBound   APIBindingPhaseType = "Bound"
)

type APIBindingSpec 

type APIBindingSpec struct {
	// reference uniquely identifies an API to bind to.
	//
	// +required
	// +kubebuilder:validation:Required
	Reference ExportReference `json:"reference"`

	// acceptedPermissionClaims records the permissions that are granted
	// to the bound workspace.
	// Access is granted on a GroupResource basis and can be filtered on objects by many different selectors.
	// +optional
	AcceptedPermissionClaims []PermissionClaim `json:"acceptedPermissionClaims,omitempty"`
}

APIBindingSpec records the APIs and implementations that are to be bound.

func (*APIBindingSpec) DeepCopy 

func (in *APIBindingSpec) DeepCopy() *APIBindingSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIBindingSpec.

func (*APIBindingSpec) DeepCopyInto 

func (in *APIBindingSpec) DeepCopyInto(out *APIBindingSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type APIBindingStatus 

type APIBindingStatus struct {
	// boundExport records the export this binding is bound to currently. It can
	// differ from the export that was specified in the spec while rebinding
	// to a different APIExport.
	//
	// This field is what gives the APIExport visibility into the objects in this
	// workspace.
	//
	// +optional
	BoundAPIExport *ExportReference `json:"boundExport,omitempty"`

	// boundResources records the state of bound APIs.
	//
	// +optional
	// +listType=map
	// +listMapKey=group
	// +listMapKey=resource
	BoundResources []BoundAPIResource `json:"boundResources,omitempty"`

	// phase is the current phase of the APIBinding:
	// - "": the APIBinding has just been created, waiting to be bound.
	// - Binding: the APIBinding is being bound.
	// - Bound: the APIBinding is bound and the referenced APIs are available in the workspace.
	//
	// +optional
	// +kubebuilder:validation:Enum="";Binding;Bound
	Phase APIBindingPhaseType `json:"phase,omitempty"`

	// conditions is a list of conditions that apply to the APIBinding.
	//
	// +optional
	Conditions conditionsv1alpha1.Conditions `json:"conditions,omitempty"`

	// observedAcceptedPermissionClaims records the permissions that the export provider is granted
	// to the bound workspace. This is granted by binding implictily to an export that contains
	// permissionClaims.
	// Access is granted on a GroupResource basis and can be filtered on objects by many different selectors.
	// +optional
	ObservedAcceptedPermissionClaims []PermissionClaim `json:"ObservedAcceptedPermissionClaims,omitempty"`
}

APIBindingStatus records which schemas are bound.

func (*APIBindingStatus) DeepCopy 

func (in *APIBindingStatus) DeepCopy() *APIBindingStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIBindingStatus.

func (*APIBindingStatus) DeepCopyInto 

func (in *APIBindingStatus) DeepCopyInto(out *APIBindingStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type APIExport 

type APIExport struct {
	metav1.TypeMeta `json:",inline"`
	// +optional
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec holds the desired state.
	//
	// +optional
	Spec APIExportSpec `json:"spec,omitempty"`

	// Status communicates the observed state.
	//
	// +optional
	Status APIExportStatus `json:"status,omitempty"`
}

APIExport registers an API and implementation to allow consumption by others through APIBindings.

APIExports cannot be deleted until status.resourceSchemasInUse is empty.

+crd +genclient +genclient:nonNamespaced +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories=kcp

func (*APIExport) DeepCopy 

func (in *APIExport) DeepCopy() *APIExport

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIExport.

func (*APIExport) DeepCopyInto 

func (in *APIExport) DeepCopyInto(out *APIExport)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*APIExport) DeepCopyObject 

func (in *APIExport) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*APIExport) GetConditions 

func (in *APIExport) GetConditions() conditionsv1alpha1.Conditions

func (*APIExport) SetConditions 

func (in *APIExport) SetConditions(conditions conditionsv1alpha1.Conditions)

type APIExportList 

type APIExportList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata"`

	Items []APIExport `json:"items"`
}

APIExportList is a list of APIExport resources

+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*APIExportList) DeepCopy 

func (in *APIExportList) DeepCopy() *APIExportList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIExportList.

func (*APIExportList) DeepCopyInto 

func (in *APIExportList) DeepCopyInto(out *APIExportList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*APIExportList) DeepCopyObject 

func (in *APIExportList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type APIExportSpec 

type APIExportSpec struct {
	// latestResourceSchemas records the latest APIResourceSchemas that are exposed
	// with this APIExport.
	//
	// The schemas can be changed in the life-cycle of the APIExport. These changes
	// have no effect on existing APIBindings, but only on newly bound ones.
	//
	// For updating existing APIBindings, use an APIDeployment keeping bound
	// workspaces up-to-date.
	//
	// +optional
	// +listType=set
	LatestResourceSchemas []string `json:"latestResourceSchemas,omitempty"`

	// identity points to a secret that contains the API identity in the 'key' file.
	// The API identity determines an unique etcd prefix for objects stored via this
	// APIExport.
	//
	// Different APIExport in a workspace can share a common identity, or have different
	// ones. The identity (the secret) can also be transferred to another workspace
	// when the APIExport is moved.
	//
	// The identity is a secret of the API provider. The APIBindings referencing this APIExport
	// will store a derived, non-sensitive value of this identity.
	//
	// The identity of an APIExport cannot be changed. A derived, non-sensitive value of
	// the identity key is stored in the APIExport status and this value is immutable.
	//
	// The identity is defaulted. A secret with the name of the APIExport is automatically
	// created.
	//
	// +optional
	Identity *Identity `json:"identity,omitempty"`

	// maximalPermissionPolicy will allow for a service provider to set an upper bound on what is allowed
	// for a consumer of this API. If the policy is not set, no upper bound is applied,
	// i.e the consuming users can do whatever the user workspace allows the user to do.
	//
	// The policy consists of RBAC (Cluster)Roles and (Cluster)Bindings. A request of a user in
	// a workspace that binds to this APIExport via an APIBinding is additionally checked against
	// these rules, with the user name and the groups prefixed with `apis.kcp.dev:binding:`.
	//
	// For example: assume a user `adam` with groups `system:authenticated` and `a-team` binds to
	// this APIExport in another workspace root:org:ws. Then a request in that workspace
	// against a resource of this APIExport is authorized as every other request in that workspace,
	// but in addition the RBAC policy here in the APIExport workspace has to grant access to the
	// user `apis.kcp.dev:binding:adam` with the groups `apis.kcp.dev:binding:system:authenticated`
	// and `apis.kcp.dev:binding:a-team`.
	//
	// +optional
	MaximalPermissionPolicy *MaximalPermissionPolicy `json:"maximalPermissionPolicy,omitempty"`

	// permissionClaims make resources available in APIExport's virtual workspace that are not part
	// of the actual APIExport resources.
	//
	// PermissionClaims are optional and should be the least access necessary to complete the functions
	// that the service provider needs. Access is asked for on a GroupResource + identity basis.
	//
	// PermissionClaims must be accepted by the user's explicit acknowledgement. Hence, when claims
	// change, the respecting objects are not visible immediately.
	//
	// PermissionClaims overlapping with the APIExport resources are ignored.
	//
	// +optional
	// +listType=map
	// +listMapKey=group
	// +listMapKey=resource
	PermissionClaims []PermissionClaim `json:"permissionClaims,omitempty"`
}

APIExportSpec defines the desired state of APIExport.

func (*APIExportSpec) DeepCopy 

func (in *APIExportSpec) DeepCopy() *APIExportSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIExportSpec.

func (*APIExportSpec) DeepCopyInto 

func (in *APIExportSpec) DeepCopyInto(out *APIExportSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type APIExportStatus 

type APIExportStatus struct {
	// identityHash is the hash of the API identity key of this APIExport. This value
	// is immutable as soon as it is set.
	//
	// +optional
	IdentityHash string `json:"identityHash,omitempty"`

	// conditions is a list of conditions that apply to the APIExport.
	//
	// +optional
	Conditions conditionsv1alpha1.Conditions `json:"conditions,omitempty"`

	// virtualWorkspaces contains all APIExport virtual workspace URLs.
	// +optional
	VirtualWorkspaces []VirtualWorkspace `json:"virtualWorkspaces,omitempty"`
}

APIExportStatus defines the observed state of APIExport.

func (*APIExportStatus) DeepCopy 

func (in *APIExportStatus) DeepCopy() *APIExportStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIExportStatus.

func (*APIExportStatus) DeepCopyInto 

func (in *APIExportStatus) DeepCopyInto(out *APIExportStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type APIResourceSchema 

type APIResourceSchema struct {
	metav1.TypeMeta `json:",inline"`
	// +optional
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec holds the desired state.
	//
	// +optional
	Spec APIResourceSchemaSpec `json:"spec,omitempty"`
}

APIResourceSchema describes a resource, identified by (group, version, resource, schema).

A APIResourceSchema is immutable and cannot be deleted if they are referenced by an APIExport in the same workspace.

+crd +genclient +genclient:nonNamespaced +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:resource:scope=Cluster,categories=kcp

func CRDToAPIResourceSchema 

func CRDToAPIResourceSchema(crd *apiextensionsv1.CustomResourceDefinition, prefix string) (*APIResourceSchema, error)

CRDToAPIResourceSchema converts a CustomResourceDefinition to an APIResourceSchema. The name of the returned APIResourceSchema is in the form of <prefix>.<crd.Name>.

func (*APIResourceSchema) DeepCopy 

func (in *APIResourceSchema) DeepCopy() *APIResourceSchema

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIResourceSchema.

func (*APIResourceSchema) DeepCopyInto 

func (in *APIResourceSchema) DeepCopyInto(out *APIResourceSchema)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*APIResourceSchema) DeepCopyObject 

func (in *APIResourceSchema) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type APIResourceSchemaList 

type APIResourceSchemaList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata"`

	Items []APIResourceSchema `json:"items"`
}

APIResourceSchemaList is a list of APIResourceSchema resources

+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*APIResourceSchemaList) DeepCopy 

func (in *APIResourceSchemaList) DeepCopy() *APIResourceSchemaList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIResourceSchemaList.

func (*APIResourceSchemaList) DeepCopyInto 

func (in *APIResourceSchemaList) DeepCopyInto(out *APIResourceSchemaList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*APIResourceSchemaList) DeepCopyObject 

func (in *APIResourceSchemaList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type APIResourceSchemaSpec 

type APIResourceSchemaSpec struct {
	// group is the API group of the defined custom resource. Empty string means the
	// core API group. 	The resources are served under `/apis/<group>/...` or `/api` for the core group.
	//
	// +required
	Group string `json:"group"`

	// names specify the resource and kind names for the custom resource.
	//
	// +required
	Names apiextensionsv1.CustomResourceDefinitionNames `json:"names"`
	// scope indicates whether the defined custom resource is cluster- or namespace-scoped.
	// Allowed values are `Cluster` and `Namespaced`.
	//
	// +required
	// +kubebuilder:validation:Enum=Cluster;Namespaced
	Scope apiextensionsv1.ResourceScope `json:"scope"`

	// versions is the API version of the defined custom resource.
	//
	// Note: the OpenAPI v3 schemas must be equal for all versions until CEL
	//       version migration is supported.
	//
	// +required
	// +listType=map
	// +listMapKey=name
	// +kubebuilder:validation:MinItems=1
	Versions []APIResourceVersion `json:"versions"`
}

APIResourceSchemaSpec defines the desired state of APIResourceSchema.

func (*APIResourceSchemaSpec) DeepCopy 

func (in *APIResourceSchemaSpec) DeepCopy() *APIResourceSchemaSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIResourceSchemaSpec.

func (*APIResourceSchemaSpec) DeepCopyInto 

func (in *APIResourceSchemaSpec) DeepCopyInto(out *APIResourceSchemaSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type APIResourceVersion 

type APIResourceVersion struct {
	// name is the version name, e.g. “v1”, “v2beta1”, etc.
	// The custom resources are served under this version at `/apis/<group>/<version>/...` if `served` is true.
	//
	// +required
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:Pattern=^v[1-9][0-9]*([a-z]+[1-9][0-9]*)?$
	Name string `json:"name"`
	// served is a flag enabling/disabling this version from being served via REST APIs
	//
	// +required
	// +kubebuilder:default=true
	Served bool `json:"served"`
	// storage indicates this version should be used when persisting custom resources to storage.
	// There must be exactly one version with storage=true.
	//
	// +required
	Storage bool `json:"storage"`
	// deprecated indicates this version of the custom resource API is deprecated.
	// When set to true, API requests to this version receive a warning header in the server response.
	// Defaults to false.
	//
	// +optional
	Deprecated bool `json:"deprecated,omitempty"`
	// deprecationWarning overrides the default warning returned to API clients.
	// May only be set when `deprecated` is true.
	// The default warning indicates this version is deprecated and recommends use
	// of the newest served version of equal or greater stability, if one exists.
	//
	// +optional
	DeprecationWarning *string `json:"deprecationWarning,omitempty"`
	// schema describes the structural schema used for validation, pruning, and defaulting
	// of this version of the custom resource.
	//
	// +required
	// +kubebuilder:pruning:PreserveUnknownFields
	// +structType=atomic
	Schema runtime.RawExtension `json:"schema"`
	// subresources specify what subresources this version of the defined custom resource have.
	//
	// +optional
	Subresources apiextensionsv1.CustomResourceSubresources `json:"subresources,omitempty"`
	// additionalPrinterColumns specifies additional columns returned in Table output.
	// See https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables for details.
	// If no columns are specified, a single column displaying the age of the custom resource is used.
	//
	// +optional
	// +listType=map
	// +listMapKey=name
	AdditionalPrinterColumns []apiextensionsv1.CustomResourceColumnDefinition `json:"additionalPrinterColumns,omitempty"`
}

APIResourceVersion describes one API version of a resource.

func (*APIResourceVersion) DeepCopy 

func (in *APIResourceVersion) DeepCopy() *APIResourceVersion

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIResourceVersion.

func (*APIResourceVersion) DeepCopyInto 

func (in *APIResourceVersion) DeepCopyInto(out *APIResourceVersion)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*APIResourceVersion) GetSchema 

func (v *APIResourceVersion) GetSchema() (*apiextensionsv1.JSONSchemaProps, error)

func (*APIResourceVersion) SetSchema 

func (v *APIResourceVersion) SetSchema(schema *apiextensionsv1.JSONSchemaProps) error

type BoundAPIResource 

type BoundAPIResource struct {
	// group is the group of the bound API. Empty string for the core API group.
	//
	// +required
	Group string `json:"group"`

	// resource is the resource of the bound API.
	//
	// kubebuilder:validation:MinLength=1
	// +required
	Resource string `json:"resource"`

	// Schema references the APIResourceSchema that is bound to this API.
	//
	// +required
	Schema BoundAPIResourceSchema `json:"schema"`

	// storageVersions lists all versions of a resource that were ever persisted. Tracking these
	// versions allows a migration path for stored versions in etcd. The field is mutable
	// so a migration controller can finish a migration to another version (ensuring
	// no old objects are left in storage), and then remove the rest of the
	// versions from this list.
	//
	// Versions may not be removed while they exist in this list.
	//
	// +optional
	// +listType=set
	StorageVersions []string `json:"storageVersions,omitempty"`
}

BoundAPIResource describes a bound GroupVersionResource through an APIResourceSchema of an APIExport..

func (*BoundAPIResource) DeepCopy 

func (in *BoundAPIResource) DeepCopy() *BoundAPIResource

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BoundAPIResource.

func (*BoundAPIResource) DeepCopyInto 

func (in *BoundAPIResource) DeepCopyInto(out *BoundAPIResource)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BoundAPIResourceSchema 

type BoundAPIResourceSchema struct {
	// name is the bound APIResourceSchema name.
	//
	// +required
	// +kubebuilder:validation:MinLength=1
	Name string `json:"name"`

	// UID is the UID of the APIResourceSchema that is bound to this API.
	//
	// +required
	// +kubebuilder:validation:MinLength=1
	UID string `json:"UID"`

	// identityHash is the hash of the API identity that this schema is bound to.
	// The API identity determines the etcd prefix used to persist the object.
	// Different identity means that the objects are effectively served and stored
	// under a distinct resource. A CRD of the same GroupVersionResource uses a
	// different identity and hence a separate etcd prefix.
	//
	// +required
	// +kubebuilder:validation:MinLength=1
	IdentityHash string `json:"identityHash"`
}

BoundAPIResourceSchema is a reference to an APIResourceSchema.

func (*BoundAPIResourceSchema) DeepCopy 

func (in *BoundAPIResourceSchema) DeepCopy() *BoundAPIResourceSchema

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BoundAPIResourceSchema.

func (*BoundAPIResourceSchema) DeepCopyInto 

func (in *BoundAPIResourceSchema) DeepCopyInto(out *BoundAPIResourceSchema)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExportReference 

type ExportReference struct {
	// workspace is a reference to an APIExport in the same organization. The creator
	// of the APIBinding needs to have access to the APIExport with the verb `bind`
	// in order to bind to it.
	//
	// +optional
	Workspace *WorkspaceExportReference `json:"workspace,omitempty"`
}

ExportReference describes a reference to an APIExport. Exactly one of the fields must be set.

func (*ExportReference) DeepCopy 

func (in *ExportReference) DeepCopy() *ExportReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExportReference.

func (*ExportReference) DeepCopyInto 

func (in *ExportReference) DeepCopyInto(out *ExportReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GroupResource 

type GroupResource struct {
	// group is the name of an API group.
	// For core groups this is the empty string '""'.
	//
	// +kubebuilder:validation:Pattern=`^(|[a-z0-9]([-a-z0-9]*[a-z0-9](\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)?)$`
	// +optional
	Group string `json:"group,omitempty"`

	// resource is the name of the resource.
	// Note: it is worth noting that you can not ask for permissions for resource provided by a CRD
	// not provided by an api export.
	// +kubebuilder:validation:Pattern=`^[a-z][-a-z0-9]*[a-z0-9]$`
	// +required
	// +kubebuilder:Required
	Resource string `json:"resource"`
}

GroupResource identifies a resource.

func (*GroupResource) DeepCopy 

func (in *GroupResource) DeepCopy() *GroupResource

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupResource.

func (*GroupResource) DeepCopyInto 

func (in *GroupResource) DeepCopyInto(out *GroupResource)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Identity 

type Identity struct {
	// secretRef is a reference to a secret that contains the API identity in the 'key' file.
	//
	// +optional
	SecretRef *corev1.SecretReference `json:"secretRef,omitempty"`
}

Identity defines the identity of an APIExport, i.e. determines the etcd prefix data of this APIExport are stored under.

func (*Identity) DeepCopy 

func (in *Identity) DeepCopy() *Identity

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Identity.

func (*Identity) DeepCopyInto 

func (in *Identity) DeepCopyInto(out *Identity)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LocalAPIExportPolicy 

type LocalAPIExportPolicy struct{}

LocalAPIExportPolicy will tell the APIBinding authorizer to check policy in the local namespace of the API Export

func (*LocalAPIExportPolicy) DeepCopy 

func (in *LocalAPIExportPolicy) DeepCopy() *LocalAPIExportPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalAPIExportPolicy.

func (*LocalAPIExportPolicy) DeepCopyInto 

func (in *LocalAPIExportPolicy) DeepCopyInto(out *LocalAPIExportPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MaximalPermissionPolicy 

type MaximalPermissionPolicy struct {
	// local is policy that is defined in same namespace as API Export.
	// +optional
	Local *LocalAPIExportPolicy `json:"local,omitempty"`
}

MaximalPermissionPolicy is a wrapper type around the multiple options that would be allowed.

func (*MaximalPermissionPolicy) DeepCopy 

func (in *MaximalPermissionPolicy) DeepCopy() *MaximalPermissionPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MaximalPermissionPolicy.

func (*MaximalPermissionPolicy) DeepCopyInto 

func (in *MaximalPermissionPolicy) DeepCopyInto(out *MaximalPermissionPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PermissionClaim 

type PermissionClaim struct {
	GroupResource `json:","`

	// This is the identity for a given APIExport that the APIResourceSchema belongs to.
	// The hash can be found on APIExport and APIResourceSchema's status.
	// It will be empty for core types.
	// Note that one must look this up for a particular KCP instance.
	// +optional
	IdentityHash string `json:"identityHash,omitempty"`
}

PermissionClaim identifies an object by GR and identity hash. It's purpose is to determine the added permisions that a service provider may request and that a consumer may accept and alllow the service provider access to.

func (*PermissionClaim) DeepCopy 

func (in *PermissionClaim) DeepCopy() *PermissionClaim

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionClaim.

func (*PermissionClaim) DeepCopyInto 

func (in *PermissionClaim) DeepCopyInto(out *PermissionClaim)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (PermissionClaim) Equal 

func (p PermissionClaim) Equal(claim PermissionClaim) bool

func (PermissionClaim) String 

func (p PermissionClaim) String() string

type VirtualWorkspace 

type VirtualWorkspace struct {
	// url is an APIExport virtual workspace URL.
	//
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:format:URL
	// +required
	URL string `json:"url"`
}

func (*VirtualWorkspace) DeepCopy 

func (in *VirtualWorkspace) DeepCopy() *VirtualWorkspace

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualWorkspace.

func (*VirtualWorkspace) DeepCopyInto 

func (in *VirtualWorkspace) DeepCopyInto(out *VirtualWorkspace)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WorkspaceExportReference 

type WorkspaceExportReference struct {
	// path is an absolute reference to a workspace, e.g. root:org:ws. The workspace must
	// be some ancestor or a child of some ancestor. If it is unset, the path of the APIBinding
	// is used.
	// +optional
	// +kubebuilder:validation:Pattern:="^root(:[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
	Path string `json:"path,omitempty"`

	// Name of the APIExport that describes the API.
	//
	// +required
	// +kubebuilder:validation:Required
	// +kube:validation:MinLength=1
	ExportName string `json:"exportName"`
}

WorkspaceExportReference describes an API and backing implementation that are provided by an actor in the specified Workspace.

func (*WorkspaceExportReference) DeepCopy 

func (in *WorkspaceExportReference) DeepCopy() *WorkspaceExportReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceExportReference.

func (*WorkspaceExportReference) DeepCopyInto 

func (in *WorkspaceExportReference) DeepCopyInto(out *WorkspaceExportReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.