v1alpha1

package
v0.26.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 11, 2024 License: Apache-2.0 Imports: 12 Imported by: 31

Documentation

Overview

+k8s:deepcopy-gen=package,register +groupName=apis.kcp.io +k8s:openapi-gen=true

Index

Constants

View Source 
const (
	// APIExportValid is a condition for APIBinding that reflects the validity of the referenced APIExport.
	APIExportValid conditionsv1alpha1.ConditionType = "APIExportValid"

	// APIExportInvalidReferenceReason is a reason for the APIExportValid condition of APIBinding that the referenced
	// APIExport reference is invalid.
	APIExportInvalidReferenceReason = "APIExportInvalidReference"
	// APIExportNotFoundReason is a reason for the APIExportValid condition that the referenced APIExport is not found.
	APIExportNotFoundReason = "APIExportNotFound"

	// APIResourceSchemaInvalidReason is a reason for the InitialBindingCompleted and BindingUpToDate conditions when one of generated CRD is invalid.
	APIResourceSchemaInvalidReason = "APIResourceSchemaInvalid"

	// InternalErrorReason is a reason used by multiple conditions that something went wrong.
	InternalErrorReason = "InternalError"

	// InitialBindingCompleted is a condition for APIBinding that indicates the initial binding completed successfully.
	// Once true, this can never be reset to false.
	InitialBindingCompleted conditionsv1alpha1.ConditionType = "InitialBindingCompleted"

	// WaitingForEstablishedReason is a reason for the InitialBindingCompleted condition that the bound CRDs are not ready.
	WaitingForEstablishedReason = "WaitingForEstablished"

	// BindingUpToDate is a condition for APIBinding that indicates that the APIs currently bound are up-to-date with
	// the binding's desired export.
	BindingUpToDate conditionsv1alpha1.ConditionType = "BindingUpToDate"

	// NamingConflictsReason is a reason for the BindingUpToDate condition that at least one API coming in from the APIBinding
	// has a naming conflict with other APIs.
	NamingConflictsReason = "NamingConflicts"

	// BindingResourceDeleteSuccess is a condition for APIBinding that indicates the resources relating this binding are deleted
	// successfully when the APIBinding is deleting.
	BindingResourceDeleteSuccess conditionsv1alpha1.ConditionType = "BindingResourceDeleteSuccess"

	// PermissionClaimsValid is a condition for APIBinding that indicates that the permission claims were valid or not.
	PermissionClaimsValid conditionsv1alpha1.ConditionType = "PermissionClaimsValid"

	// InvalidPermissionClaimsReason indicates there were unexpected and/or invalid permission claims (e.g. due to
	// identity mismatch).
	InvalidPermissionClaimsReason = "InvalidPermissionClaims"

	// PermissionClaimsApplied is a condition for APIBinding that indicates that all the accepted permission claims
	// have been applied.
	PermissionClaimsApplied conditionsv1alpha1.ConditionType = "PermissionClaimsApplied"
)

These are valid conditions of APIBinding.

View Source 
const (
	// AnnotationBoundCRDKey is the annotation key that indicates a CRD is for an APIExport (a "bound CRD").
	AnnotationBoundCRDKey = "apis.kcp.io/bound-crd"
	// AnnotationSchemaClusterKey is the annotation key for a bound CRD indicating the cluster name of the
	// APIResourceSchema for the CRD.
	AnnotationSchemaClusterKey = "apis.kcp.io/schema-cluster"
	// AnnotationSchemaNameKey is the annotation key for a bound CRD indicating the name of the APIResourceSchema for
	// the CRD.
	AnnotationSchemaNameKey = "apis.kcp.io/schema-name"
	// AnnotationAPIIdentityKey is the annotation key for a bound CRD indicating the identity hash of the APIExport
	// for the request. This data is synthetic; it is not stored in etcd and instead is only applied when retrieving
	// CRs for the CRD.
	AnnotationAPIIdentityKey = "apis.kcp.io/identity"
)

These are annotations for bound CRDs.

View Source 
const (
	APIExportIdentityValid conditionsv1alpha1.ConditionType = "IdentityValid"

	IdentityVerificationFailedReason = "IdentityVerificationFailed"
	IdentityGenerationFailedReason   = "IdentityGenerationFailed"

	APIExportVirtualWorkspaceURLsReady conditionsv1alpha1.ConditionType = "VirtualWorkspaceURLsReady"

	ErrorGeneratingURLsReason = "ErrorGeneratingURLs"
)

These are valid conditions of APIExport.

View Source 
const (
	// PartitionValid is a condition for APIExportEndpointSlice that reflects the validity of the referenced Partition.
	PartitionValid conditionsv1alpha1.ConditionType = "PartitionValid"

	APIExportEndpointSliceURLsReady conditionsv1alpha1.ConditionType = "EndpointURLsReady"

	// PartitionInvalidReferenceReason is a reason for the PartitionValid condition of APIExportEndpointSlice that the
	// Partition reference is invalid.
	PartitionInvalidReferenceReason = "PartitionInvalidReference"
)

These are valid conditions of APIExportEndpointSlice in addition to APIExportValid and related reasons defined with the APIBinding type.

View Source 
const (
	APIExportPermissionClaimLabelPrefix = "claimed.internal.apis.kcp.io/"
)
View Source 
const (
	// AnnotationAPIExportExtraKeyPrefix is the prefix of an annotation set on an APIExport to
	// provide extra info that will be made available to all APIBindings bound to this APIExport.
	// Any annotation with this prefix will be continuously synced to all the APIBindings bound to
	// this APIExport. If the annotation is removed from the APIExport, it will also be removed from
	// all APIBindings bound to this APIExport.
	AnnotationAPIExportExtraKeyPrefix = "extra.apis.kcp.io/"
)
View Source 
const (
	// InternalAPIBindingExportLabelKey is the label key on an APIBinding with the
	// base62(sha224(<clusterName>:<exportName>)) as value to filter bindings by export.
	InternalAPIBindingExportLabelKey = "internal.apis.kcp.io/export"
)
View Source 
const (
	// MaximalPermissionPolicyRBACUserGroupPrefix is the prefix for the user and group names
	// when verifying the APIExport.spec.maximalPermissionPolicy.
	MaximalPermissionPolicyRBACUserGroupPrefix = "apis.kcp.io:binding:"
)
View Source 
const (
	// SecretKeyAPIExportIdentity is the key in an identity secret for the identity of an APIExport.
	SecretKeyAPIExportIdentity = "key"
)

These are for APIExport identity.

View Source 
const (
	// VersionPreservationAnnotationKeyPrefix is the prefix for the annotation key used to preserve fields from an API
	// version that would otherwise be lost during round-tripping to a different API version. An example key and value
	// might look like this: preserve.conversion.apis.kcp.io/v2: {"spec.someNewField": "someValue"}.
	VersionPreservationAnnotationKeyPrefix = "preserve.conversion.apis.kcp.io/"
)

Variables

View Source 
var (
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	AddToScheme   = SchemeBuilder.AddToScheme
)
View Source 
var SchemeGroupVersion = schema.GroupVersion{Group: apis.GroupName, Version: "v1alpha1"}

SchemeGroupVersion is group version used to register these objects.

Functions

func Kind 

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns back a Group qualified GroupKind.

func Resource 

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource.

Types

type APIBinding 

type APIBinding struct {
	metav1.TypeMeta `json:",inline"`
	// +optional
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec holds the desired state.
	// +required
	// +kubebuilder:validation:Required
	Spec APIBindingSpec `json:"spec,omitempty"`

	// Status communicates the observed state.
	// +optional
	Status APIBindingStatus `json:"status,omitempty"`
}

APIBinding enables a set of resources and their behaviour through an external service provider in this workspace.

The service provider uses an APIExport to expose the API.

+crd +genclient +genclient:nonNamespaced +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories=kcp +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=`.status.conditions[?(@.type=="Ready")].status`

func (*APIBinding) DeepCopy 

func (in *APIBinding) DeepCopy() *APIBinding

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIBinding.

func (*APIBinding) DeepCopyInto 

func (in *APIBinding) DeepCopyInto(out *APIBinding)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*APIBinding) DeepCopyObject 

func (in *APIBinding) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*APIBinding) GetConditions 

func (in *APIBinding) GetConditions() conditionsv1alpha1.Conditions

func (*APIBinding) SetConditions 

func (in *APIBinding) SetConditions(conditions conditionsv1alpha1.Conditions)

type APIBindingList 

type APIBindingList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata"`

	Items []APIBinding `json:"items"`
}

APIBindingList is a list of APIBinding resources

+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*APIBindingList) DeepCopy 

func (in *APIBindingList) DeepCopy() *APIBindingList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIBindingList.

func (*APIBindingList) DeepCopyInto 

func (in *APIBindingList) DeepCopyInto(out *APIBindingList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*APIBindingList) DeepCopyObject 

func (in *APIBindingList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type APIBindingPhaseType 

type APIBindingPhaseType string

APIBindingPhaseType is the type of the current phase of an APIBinding. 

const (
	APIBindingPhaseBinding APIBindingPhaseType = "Binding"
	APIBindingPhaseBound   APIBindingPhaseType = "Bound"
)

type APIBindingSpec 

type APIBindingSpec struct {
	// reference uniquely identifies an API to bind to.
	//
	// +required
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="APIExport reference must not be changed"
	Reference BindingReference `json:"reference"`

	// permissionClaims records decisions about permission claims requested by the API service provider.
	// Individual claims can be accepted or rejected. If accepted, the API service provider gets the
	// requested access to the specified resources in this workspace. Access is granted per
	// GroupResource, identity, and other properties.
	//
	// +optional
	PermissionClaims []AcceptablePermissionClaim `json:"permissionClaims,omitempty"`
}

APIBindingSpec records the APIs and implementations that are to be bound.

func (*APIBindingSpec) DeepCopy 

func (in *APIBindingSpec) DeepCopy() *APIBindingSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIBindingSpec.

func (*APIBindingSpec) DeepCopyInto 

func (in *APIBindingSpec) DeepCopyInto(out *APIBindingSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type APIBindingStatus 

type APIBindingStatus struct {
	// APIExportClusterName records the name (not path) of the logical cluster that contains the APIExport.
	//
	// +optional
	APIExportClusterName string `json:"apiExportClusterName,omitempty"`

	// boundResources records the state of bound APIs.
	//
	// +optional
	// +listType=map
	// +listMapKey=group
	// +listMapKey=resource
	BoundResources []BoundAPIResource `json:"boundResources,omitempty"`

	// phase is the current phase of the APIBinding:
	// - "": the APIBinding has just been created, waiting to be bound.
	// - Binding: the APIBinding is being bound.
	// - Bound: the APIBinding is bound and the referenced APIs are available in the workspace.
	//
	// +optional
	// +kubebuilder:validation:Enum="";Binding;Bound
	Phase APIBindingPhaseType `json:"phase,omitempty"`

	// conditions is a list of conditions that apply to the APIBinding.
	//
	// +optional
	Conditions conditionsv1alpha1.Conditions `json:"conditions,omitempty"`

	// appliedPermissionClaims is a list of the permission claims the system has seen and applied,
	// according to the requests of the API service provider in the APIExport and the acceptance
	// state in spec.permissionClaims.
	//
	// +optional
	AppliedPermissionClaims []PermissionClaim `json:"appliedPermissionClaims,omitempty"`

	// exportPermissionClaims records the permissions that the export provider is asking for
	// the binding to grant.
	// +optional
	ExportPermissionClaims []PermissionClaim `json:"exportPermissionClaims,omitempty"`
}

APIBindingStatus records which schemas are bound.

func (*APIBindingStatus) DeepCopy 

func (in *APIBindingStatus) DeepCopy() *APIBindingStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIBindingStatus.

func (*APIBindingStatus) DeepCopyInto 

func (in *APIBindingStatus) DeepCopyInto(out *APIBindingStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type APIConversion 

type APIConversion struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata"`

	// Spec holds the desired state.
	Spec APIConversionSpec `json:"spec"`
}

APIConversion contains rules to convert between different API versions in an APIResourceSchema. The name must match the name of the APIResourceSchema for the conversions to take effect.

func (*APIConversion) DeepCopy 

func (in *APIConversion) DeepCopy() *APIConversion

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIConversion.

func (*APIConversion) DeepCopyInto 

func (in *APIConversion) DeepCopyInto(out *APIConversion)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*APIConversion) DeepCopyObject 

func (in *APIConversion) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type APIConversionList 

type APIConversionList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata"`

	Items []APIConversion `json:"items"`
}

APIConversionList is a list of APIConversion resources.

func (*APIConversionList) DeepCopy 

func (in *APIConversionList) DeepCopy() *APIConversionList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIConversionList.

func (*APIConversionList) DeepCopyInto 

func (in *APIConversionList) DeepCopyInto(out *APIConversionList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*APIConversionList) DeepCopyObject 

func (in *APIConversionList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type APIConversionRule 

type APIConversionRule struct {
	// field is a JSONPath expression to the field in the originating version of the object, relative to its root, such
	// as '.spec.name.first'.
	//
	// +required
	// +kubebuilder:validation:MinLength=1
	Field string `json:"field"`

	// destination is a JSONPath expression to the field in the target version of the object, relative to
	// its root, such as '.spec.name.first'.
	//
	// +required
	// +kubebuilder:validation:MinLength=1
	Destination string `json:"destination"`

	// transformation is an optional CEL expression used to execute user-specified rules to transform the
	// originating field -- identified by 'self' -- to the destination field.
	//
	// +optional
	Transformation string `json:"transformation,omitempty"`
}

APIConversionRule specifies how to convert a single field.

func (*APIConversionRule) DeepCopy 

func (in *APIConversionRule) DeepCopy() *APIConversionRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIConversionRule.

func (*APIConversionRule) DeepCopyInto 

func (in *APIConversionRule) DeepCopyInto(out *APIConversionRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type APIConversionSpec 

type APIConversionSpec struct {
	// conversions specify rules to convert between different API versions in an APIResourceSchema.
	//
	// +required
	// +listType=map
	// +listMapKey=from
	// +listMapKey=to
	Conversions []APIVersionConversion `json:"conversions"`
}

APIConversionSpec contains rules to convert between different API versions in an APIResourceSchema.

func (*APIConversionSpec) DeepCopy 

func (in *APIConversionSpec) DeepCopy() *APIConversionSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIConversionSpec.

func (*APIConversionSpec) DeepCopyInto 

func (in *APIConversionSpec) DeepCopyInto(out *APIConversionSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type APIExport 

type APIExport struct {
	metav1.TypeMeta `json:",inline"`
	// +optional
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec holds the desired state.
	//
	// +optional
	Spec APIExportSpec `json:"spec,omitempty"`

	// Status communicates the observed state.
	//
	// +optional
	Status APIExportStatus `json:"status,omitempty"`
}

APIExport registers an API and implementation to allow consumption by others through APIBindings.

+crd +genclient +genclient:nonNamespaced +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories=kcp +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=`.status.conditions[?(@.type=="VirtualWorkspaceURLsReady")].status`

func (*APIExport) DeepCopy 

func (in *APIExport) DeepCopy() *APIExport

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIExport.

func (*APIExport) DeepCopyInto 

func (in *APIExport) DeepCopyInto(out *APIExport)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*APIExport) DeepCopyObject 

func (in *APIExport) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*APIExport) GetConditions 

func (in *APIExport) GetConditions() conditionsv1alpha1.Conditions

func (*APIExport) SetConditions 

func (in *APIExport) SetConditions(conditions conditionsv1alpha1.Conditions)

type APIExportEndpoint 

type APIExportEndpoint struct {

	// url is an APIExport virtual workspace URL.
	URL string `json:"url"`
}

APIExportEndpoint contains the endpoint information of an APIExport service for a specific shard.

func (*APIExportEndpoint) DeepCopy 

func (in *APIExportEndpoint) DeepCopy() *APIExportEndpoint

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIExportEndpoint.

func (*APIExportEndpoint) DeepCopyInto 

func (in *APIExportEndpoint) DeepCopyInto(out *APIExportEndpoint)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type APIExportEndpointSlice 

type APIExportEndpointSlice struct {
	metav1.TypeMeta `json:",inline"`
	// +optional
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// spec holds the desired state:
	// - the targeted APIExport
	// - an optional partition for filtering
	Spec APIExportEndpointSliceSpec `json:"spec,omitempty"`

	// status communicates the observed state:
	// the filtered list of endpoints for the APIExport service.
	// +optional
	Status APIExportEndpointSliceStatus `json:"status,omitempty"`
}

APIExportEndpointSlice is a sink for the endpoints of an APIExport. These endpoints can be filtered by a Partition. They get consumed by the managers to start controllers and informers for the respective APIExport services.

func (*APIExportEndpointSlice) DeepCopy 

func (in *APIExportEndpointSlice) DeepCopy() *APIExportEndpointSlice

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIExportEndpointSlice.

func (*APIExportEndpointSlice) DeepCopyInto 

func (in *APIExportEndpointSlice) DeepCopyInto(out *APIExportEndpointSlice)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*APIExportEndpointSlice) DeepCopyObject 

func (in *APIExportEndpointSlice) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*APIExportEndpointSlice) GetConditions 

func (in *APIExportEndpointSlice) GetConditions() conditionsv1alpha1.Conditions

func (*APIExportEndpointSlice) SetConditions 

func (in *APIExportEndpointSlice) SetConditions(conditions conditionsv1alpha1.Conditions)

type APIExportEndpointSliceList 

type APIExportEndpointSliceList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata"`

	Items []APIExportEndpointSlice `json:"items"`
}

APIExportEndpointSliceList is a list of APIExportEndpointSlice resources.

func (*APIExportEndpointSliceList) DeepCopy 

func (in *APIExportEndpointSliceList) DeepCopy() *APIExportEndpointSliceList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIExportEndpointSliceList.

func (*APIExportEndpointSliceList) DeepCopyInto 

func (in *APIExportEndpointSliceList) DeepCopyInto(out *APIExportEndpointSliceList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*APIExportEndpointSliceList) DeepCopyObject 

func (in *APIExportEndpointSliceList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type APIExportEndpointSliceSpec 

type APIExportEndpointSliceSpec struct {

	// export points to the API export.
	APIExport ExportBindingReference `json:"export"`

	// partition (optional) points to a partition that is used for filtering the endpoints
	// of the APIExport part of the slice.
	Partition string `json:"partition,omitempty"`
}

APIExportEndpointSliceSpec defines the desired state of the APIExportEndpointSlice.

func (*APIExportEndpointSliceSpec) DeepCopy 

func (in *APIExportEndpointSliceSpec) DeepCopy() *APIExportEndpointSliceSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIExportEndpointSliceSpec.

func (*APIExportEndpointSliceSpec) DeepCopyInto 

func (in *APIExportEndpointSliceSpec) DeepCopyInto(out *APIExportEndpointSliceSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type APIExportEndpointSliceStatus 

type APIExportEndpointSliceStatus struct {

	// conditions is a list of conditions that apply to the APIExportEndpointSlice.
	Conditions conditionsv1alpha1.Conditions `json:"conditions,omitempty"`

	// endpoints contains all the URLs of the APIExport service.
	APIExportEndpoints []APIExportEndpoint `json:"endpoints,omitempty"`
}

APIExportEndpointSliceStatus defines the observed state of APIExportEndpointSlice.

func (*APIExportEndpointSliceStatus) DeepCopy 

func (in *APIExportEndpointSliceStatus) DeepCopy() *APIExportEndpointSliceStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIExportEndpointSliceStatus.

func (*APIExportEndpointSliceStatus) DeepCopyInto 

func (in *APIExportEndpointSliceStatus) DeepCopyInto(out *APIExportEndpointSliceStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type APIExportList 

type APIExportList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata"`

	Items []APIExport `json:"items"`
}

APIExportList is a list of APIExport resources

+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*APIExportList) DeepCopy 

func (in *APIExportList) DeepCopy() *APIExportList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIExportList.

func (*APIExportList) DeepCopyInto 

func (in *APIExportList) DeepCopyInto(out *APIExportList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*APIExportList) DeepCopyObject 

func (in *APIExportList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type APIExportSpec 

type APIExportSpec struct {
	// latestResourceSchemas records the latest APIResourceSchemas that are exposed
	// with this APIExport.
	//
	// The schemas can be changed in the life-cycle of the APIExport. These changes
	// have no effect on existing APIBindings, but only on newly bound ones.
	//
	// For updating existing APIBindings, use an APIDeployment keeping bound
	// workspaces up-to-date.
	//
	// +optional
	// +listType=set
	LatestResourceSchemas []string `json:"latestResourceSchemas,omitempty"`

	// identity points to a secret that contains the API identity in the 'key' file.
	// The API identity determines an unique etcd prefix for objects stored via this
	// APIExport.
	//
	// Different APIExport in a workspace can share a common identity, or have different
	// ones. The identity (the secret) can also be transferred to another workspace
	// when the APIExport is moved.
	//
	// The identity is a secret of the API provider. The APIBindings referencing this APIExport
	// will store a derived, non-sensitive value of this identity.
	//
	// The identity of an APIExport cannot be changed. A derived, non-sensitive value of
	// the identity key is stored in the APIExport status and this value is immutable.
	//
	// The identity is defaulted. A secret with the name of the APIExport is automatically
	// created.
	//
	// +optional
	Identity *Identity `json:"identity,omitempty"`

	// maximalPermissionPolicy will allow for a service provider to set an upper bound on what is allowed
	// for a consumer of this API. If the policy is not set, no upper bound is applied,
	// i.e the consuming users can do whatever the user workspace allows the user to do.
	//
	// The policy consists of RBAC (Cluster)Roles and (Cluster)Bindings. A request of a user in
	// a workspace that binds to this APIExport via an APIBinding is additionally checked against
	// these rules, with the user name and the groups prefixed with `apis.kcp.io:binding:`.
	//
	// For example: assume a user `adam` with groups `system:authenticated` and `a-team` binds to
	// this APIExport in another workspace root:org:ws. Then a request in that workspace
	// against a resource of this APIExport is authorized as every other request in that workspace,
	// but in addition the RBAC policy here in the APIExport workspace has to grant access to the
	// user `apis.kcp.io:binding:adam` with the groups `apis.kcp.io:binding:system:authenticated`
	// and `apis.kcp.io:binding:a-team`.
	//
	// +optional
	MaximalPermissionPolicy *MaximalPermissionPolicy `json:"maximalPermissionPolicy,omitempty"`

	// permissionClaims make resources available in APIExport's virtual workspace that are not part
	// of the actual APIExport resources.
	//
	// PermissionClaims are optional and should be the least access necessary to complete the functions
	// that the service provider needs. Access is asked for on a GroupResource + identity basis.
	//
	// PermissionClaims must be accepted by the user's explicit acknowledgement. Hence, when claims
	// change, the respecting objects are not visible immediately.
	//
	// PermissionClaims overlapping with the APIExport resources are ignored.
	//
	// +optional
	// +listType=map
	// +listMapKey=group
	// +listMapKey=resource
	PermissionClaims []PermissionClaim `json:"permissionClaims,omitempty"`
}

APIExportSpec defines the desired state of APIExport.

func (*APIExportSpec) DeepCopy 

func (in *APIExportSpec) DeepCopy() *APIExportSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIExportSpec.

func (*APIExportSpec) DeepCopyInto 

func (in *APIExportSpec) DeepCopyInto(out *APIExportSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type APIExportStatus 

type APIExportStatus struct {
	// identityHash is the hash of the API identity key of this APIExport. This value
	// is immutable as soon as it is set.
	//
	// +optional
	IdentityHash string `json:"identityHash,omitempty"`

	// conditions is a list of conditions that apply to the APIExport.
	//
	// +optional
	Conditions conditionsv1alpha1.Conditions `json:"conditions,omitempty"`

	// virtualWorkspaces contains all APIExport virtual workspace URLs.
	//
	// Deprecated: use APIExportEndpointSlice.status.endpoints instead
	//
	// +optional
	VirtualWorkspaces []VirtualWorkspace `json:"virtualWorkspaces,omitempty"`
}

APIExportStatus defines the observed state of APIExport.

func (*APIExportStatus) DeepCopy 

func (in *APIExportStatus) DeepCopy() *APIExportStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIExportStatus.

func (*APIExportStatus) DeepCopyInto 

func (in *APIExportStatus) DeepCopyInto(out *APIExportStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type APIResourceSchema 

type APIResourceSchema struct {
	metav1.TypeMeta `json:",inline"`
	// +optional
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec holds the desired state.
	//
	// +optional
	Spec APIResourceSchemaSpec `json:"spec,omitempty"`
}

APIResourceSchema describes a resource, identified by (group, version, resource, schema).

An APIResourceSchema is immutable and cannot be deleted if they are referenced by an APIExport in the same workspace.

+crd +genclient +genclient:nonNamespaced +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:resource:scope=Cluster,categories=kcp +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"

func CRDToAPIResourceSchema 

func CRDToAPIResourceSchema(crd *apiextensionsv1.CustomResourceDefinition, prefix string) (*APIResourceSchema, error)

CRDToAPIResourceSchema converts a CustomResourceDefinition to an APIResourceSchema. The name of the returned APIResourceSchema is in the form of <prefix>.<crd.Name>.

func (*APIResourceSchema) DeepCopy 

func (in *APIResourceSchema) DeepCopy() *APIResourceSchema

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIResourceSchema.

func (*APIResourceSchema) DeepCopyInto 

func (in *APIResourceSchema) DeepCopyInto(out *APIResourceSchema)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*APIResourceSchema) DeepCopyObject 

func (in *APIResourceSchema) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type APIResourceSchemaList 

type APIResourceSchemaList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata"`

	Items []APIResourceSchema `json:"items"`
}

APIResourceSchemaList is a list of APIResourceSchema resources

+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*APIResourceSchemaList) DeepCopy 

func (in *APIResourceSchemaList) DeepCopy() *APIResourceSchemaList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIResourceSchemaList.

func (*APIResourceSchemaList) DeepCopyInto 

func (in *APIResourceSchemaList) DeepCopyInto(out *APIResourceSchemaList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*APIResourceSchemaList) DeepCopyObject 

func (in *APIResourceSchemaList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type APIResourceSchemaSpec 

type APIResourceSchemaSpec struct {
	// group is the API group of the defined custom resource. Empty string means the
	// core API group. 	The resources are served under `/apis/<group>/...` or `/api` for the core group.
	//
	// +required
	Group string `json:"group"`

	// names specify the resource and kind names for the custom resource.
	//
	// +required
	Names apiextensionsv1.CustomResourceDefinitionNames `json:"names"`
	// scope indicates whether the defined custom resource is cluster- or namespace-scoped.
	// Allowed values are `Cluster` and `Namespaced`.
	//
	// +required
	// +kubebuilder:validation:Enum=Cluster;Namespaced
	Scope apiextensionsv1.ResourceScope `json:"scope"`

	// versions is the API version of the defined custom resource.
	//
	// Note: the OpenAPI v3 schemas must be equal for all versions until CEL
	//       version migration is supported.
	//
	// +required
	// +listType=map
	// +listMapKey=name
	// +kubebuilder:validation:MinItems=1
	Versions []APIResourceVersion `json:"versions"`

	// nameValidation can be used to configure name validation for bound APIs.
	// Allowed values are `DNS1123Subdomain` and `PathSegmentName`.
	// - DNS1123Subdomain: a lowercase RFC 1123 subdomain must consist of lower case
	//   alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.
	//   Regex used is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
	// - PathSegmentName: validates the name can be safely encoded as a path segment.
	//   The name may not be '.' or '..' and the name may not contain '/' or '%'.
	//
	// Defaults to `DNS1123Subdomain`, matching the behaviour of CRDs.
	//
	// +optional
	// +kubebuilder:validation:Enum=DNS1123Subdomain;PathSegmentName
	// +kubebuilder:default=DNS1123Subdomain
	NameValidation string `json:"nameValidation,omitempty"`

	// conversion defines conversion settings for the defined custom resource.
	// +optional
	Conversion *CustomResourceConversion `json:"conversion,omitempty"`
}

APIResourceSchemaSpec defines the desired state of APIResourceSchema. +kubebuilder:validation:XValidation:message="Conversion must be specified when multiple versions exist",rule="size(self.versions) == 1 || (size(self.versions) > 1 && has(self.conversion))"

func (*APIResourceSchemaSpec) DeepCopy 

func (in *APIResourceSchemaSpec) DeepCopy() *APIResourceSchemaSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIResourceSchemaSpec.

func (*APIResourceSchemaSpec) DeepCopyInto 

func (in *APIResourceSchemaSpec) DeepCopyInto(out *APIResourceSchemaSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type APIResourceVersion 

type APIResourceVersion struct {
	// name is the version name, e.g. “v1”, “v2beta1”, etc.
	// The custom resources are served under this version at `/apis/<group>/<version>/...` if `served` is true.
	//
	// +required
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:Pattern=^v[1-9][0-9]*([a-z]+[1-9][0-9]*)?$
	Name string `json:"name"`
	// served is a flag enabling/disabling this version from being served via REST APIs
	//
	// +required
	// +kubebuilder:default=true
	Served bool `json:"served"`
	// storage indicates this version should be used when persisting custom resources to storage.
	// There must be exactly one version with storage=true.
	//
	// +required
	Storage bool `json:"storage"`

	//nolint:gocritic
	// deprecated indicates this version of the custom resource API is deprecated.
	// When set to true, API requests to this version receive a warning header in the server response.
	// Defaults to false.
	//
	// +optional
	Deprecated bool `json:"deprecated,omitempty"`
	// deprecationWarning overrides the default warning returned to API clients.
	// May only be set when `deprecated` is true.
	// The default warning indicates this version is deprecated and recommends use
	// of the newest served version of equal or greater stability, if one exists.
	//
	// +optional
	DeprecationWarning *string `json:"deprecationWarning,omitempty"`
	// schema describes the structural schema used for validation, pruning, and defaulting
	// of this version of the custom resource.
	//
	// +required
	// +kubebuilder:pruning:PreserveUnknownFields
	// +structType=atomic
	Schema runtime.RawExtension `json:"schema"`
	// subresources specify what subresources this version of the defined custom resource have.
	//
	// +optional
	Subresources apiextensionsv1.CustomResourceSubresources `json:"subresources,omitempty"`
	// additionalPrinterColumns specifies additional columns returned in Table output.
	// See https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables for details.
	// If no columns are specified, a single column displaying the age of the custom resource is used.
	//
	// +optional
	// +listType=map
	// +listMapKey=name
	AdditionalPrinterColumns []apiextensionsv1.CustomResourceColumnDefinition `json:"additionalPrinterColumns,omitempty"`
}

APIResourceVersion describes one API version of a resource.

func (*APIResourceVersion) DeepCopy 

func (in *APIResourceVersion) DeepCopy() *APIResourceVersion

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIResourceVersion.

func (*APIResourceVersion) DeepCopyInto 

func (in *APIResourceVersion) DeepCopyInto(out *APIResourceVersion)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*APIResourceVersion) GetSchema 

func (v *APIResourceVersion) GetSchema() (*apiextensionsv1.JSONSchemaProps, error)

func (*APIResourceVersion) SetSchema 

func (v *APIResourceVersion) SetSchema(schema *apiextensionsv1.JSONSchemaProps) error

type APIVersionConversion 

type APIVersionConversion struct {
	// from is the source version.
	//
	// +required
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:Pattern=^v[1-9][0-9]*([a-z]+[1-9][0-9]*)?$
	From string `json:"from"`

	// to is the target version.
	//
	// +required
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:Pattern=^v[1-9][0-9]*([a-z]+[1-9][0-9]*)?$
	To string `json:"to"`

	// rules contains field-specific conversion expressions.
	//
	// +required
	// +listType=map
	// +listMapKey=destination
	Rules []APIConversionRule `json:"rules"`

	// preserve contains a list of JSONPath expressions to fields to preserve in the originating version
	// of the object, relative to its root, such as '.spec.name.first'.
	//
	// +optional
	Preserve []string `json:"preserve,omitempty"`
}

APIVersionConversion contains rules to convert between two specific API versions in an APIResourceSchema. Additionally, to avoid data loss when round-tripping from a version that contains a new field to one that doesn't and back again, you can specify a list of fields to preserve (these are stored in annotations).

func (*APIVersionConversion) DeepCopy 

func (in *APIVersionConversion) DeepCopy() *APIVersionConversion

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIVersionConversion.

func (*APIVersionConversion) DeepCopyInto 

func (in *APIVersionConversion) DeepCopyInto(out *APIVersionConversion)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AcceptablePermissionClaim 

type AcceptablePermissionClaim struct {
	PermissionClaim `json:",inline"`

	// +required
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=Accepted;Rejected
	State AcceptablePermissionClaimState `json:"state"`
}

AcceptablePermissionClaim is a PermissionClaim that records if the user accepts or rejects it.

func (*AcceptablePermissionClaim) DeepCopy 

func (in *AcceptablePermissionClaim) DeepCopy() *AcceptablePermissionClaim

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AcceptablePermissionClaim.

func (*AcceptablePermissionClaim) DeepCopyInto 

func (in *AcceptablePermissionClaim) DeepCopyInto(out *AcceptablePermissionClaim)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AcceptablePermissionClaimState 

type AcceptablePermissionClaimState string
const (
	ClaimAccepted AcceptablePermissionClaimState = "Accepted"
	ClaimRejected AcceptablePermissionClaimState = "Rejected"
)

type BindingReference 

type BindingReference struct {
	// export is a reference to an APIExport by cluster name and export name.
	// The creator of the APIBinding needs to have access to the APIExport with the
	// verb `bind` in order to bind to it.
	//
	// +optional
	Export *ExportBindingReference `json:"export,omitempty"`
}

BindingReference describes a reference to an APIExport. Exactly one of the fields must be set.

func (*BindingReference) DeepCopy 

func (in *BindingReference) DeepCopy() *BindingReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BindingReference.

func (*BindingReference) DeepCopyInto 

func (in *BindingReference) DeepCopyInto(out *BindingReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BoundAPIResource 

type BoundAPIResource struct {
	// group is the group of the bound API. Empty string for the core API group.
	//
	// +required
	Group string `json:"group"`

	// resource is the resource of the bound API.
	//
	// kubebuilder:validation:MinLength=1
	// +required
	Resource string `json:"resource"`

	// Schema references the APIResourceSchema that is bound to this API.
	//
	// +required
	Schema BoundAPIResourceSchema `json:"schema"`

	// storageVersions lists all versions of a resource that were ever persisted. Tracking these
	// versions allows a migration path for stored versions in etcd. The field is mutable
	// so a migration controller can finish a migration to another version (ensuring
	// no old objects are left in storage), and then remove the rest of the
	// versions from this list.
	//
	// Versions may not be removed while they exist in this list.
	//
	// +optional
	// +listType=set
	StorageVersions []string `json:"storageVersions,omitempty"`
}

BoundAPIResource describes a bound GroupVersionResource through an APIResourceSchema of an APIExport..

func (*BoundAPIResource) DeepCopy 

func (in *BoundAPIResource) DeepCopy() *BoundAPIResource

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BoundAPIResource.

func (*BoundAPIResource) DeepCopyInto 

func (in *BoundAPIResource) DeepCopyInto(out *BoundAPIResource)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BoundAPIResourceSchema 

type BoundAPIResourceSchema struct {
	// name is the bound APIResourceSchema name.
	//
	// +required
	// +kubebuilder:validation:MinLength=1
	Name string `json:"name"`

	// UID is the UID of the APIResourceSchema that is bound to this API.
	//
	// +required
	// +kubebuilder:validation:MinLength=1
	UID string `json:"UID"`

	// identityHash is the hash of the API identity that this schema is bound to.
	// The API identity determines the etcd prefix used to persist the object.
	// Different identity means that the objects are effectively served and stored
	// under a distinct resource. A CRD of the same GroupVersionResource uses a
	// different identity and hence a separate etcd prefix.
	//
	// +required
	// +kubebuilder:validation:MinLength=1
	IdentityHash string `json:"identityHash"`
}

BoundAPIResourceSchema is a reference to an APIResourceSchema.

func (*BoundAPIResourceSchema) DeepCopy 

func (in *BoundAPIResourceSchema) DeepCopy() *BoundAPIResourceSchema

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BoundAPIResourceSchema.

func (*BoundAPIResourceSchema) DeepCopyInto 

func (in *BoundAPIResourceSchema) DeepCopyInto(out *BoundAPIResourceSchema)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConversionStrategyType added in v0.24.0 

type ConversionStrategyType string

ConversionStrategyType describes different conversion types.

type CustomResourceConversion added in v0.24.0 

type CustomResourceConversion struct {
	// strategy specifies how custom resources are converted between versions. Allowed values are:
	// - `"None"`: The converter only change the apiVersion and would not touch any other field in the custom resource.
	// - `"Webhook"`: API Server will call to an external webhook to do the conversion. Additional information
	//   is needed for this option. This requires spec.preserveUnknownFields to be false, and spec.conversion.webhook to be set.
	// +kubebuilder:validation:Enum=None;Webhook
	Strategy ConversionStrategyType `json:"strategy"`

	// webhook describes how to call the conversion webhook. Required when `strategy` is set to `"Webhook"`.
	// +optional
	Webhook *WebhookConversion `json:"webhook,omitempty"`
}

CustomResourceConversion describes how to convert different versions of a CR. +kubebuilder:validation:XValidation:message="Webhook must be specified if strategy=Webhook",rule="(self.strategy == 'None' && !has(self.webhook)) || (self.strategy == 'Webhook' && has(self.webhook))"

func (*CustomResourceConversion) DeepCopy added in v0.24.0 

func (in *CustomResourceConversion) DeepCopy() *CustomResourceConversion

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomResourceConversion.

func (*CustomResourceConversion) DeepCopyInto added in v0.24.0 

func (in *CustomResourceConversion) DeepCopyInto(out *CustomResourceConversion)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExportBindingReference 

type ExportBindingReference struct {
	// path is a logical cluster path where the APIExport is defined.
	// If the path is unset, the logical cluster of the APIBinding is used.
	//
	// +optional
	// +kubebuilder:validation:Pattern:="^[a-z0-9]([-a-z0-9]*[a-z0-9])?(:[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
	Path string `json:"path,omitempty"`

	// name is the name of the APIExport that describes the API.
	//
	// +required
	// +kubebuilder:validation:Required
	// +kube:validation:MinLength=1
	Name string `json:"name"`
}

ExportBindingReference is a reference to an APIExport by cluster and name.

func (*ExportBindingReference) DeepCopy 

func (in *ExportBindingReference) DeepCopy() *ExportBindingReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExportBindingReference.

func (*ExportBindingReference) DeepCopyInto 

func (in *ExportBindingReference) DeepCopyInto(out *ExportBindingReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GroupResource 

type GroupResource struct {
	// group is the name of an API group.
	// For core groups this is the empty string '""'.
	//
	// +kubebuilder:validation:Pattern=`^(|[a-z0-9]([-a-z0-9]*[a-z0-9](\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)?)$`
	// +optional
	Group string `json:"group,omitempty"`

	// resource is the name of the resource.
	// Note: it is worth noting that you can not ask for permissions for resource provided by a CRD
	// not provided by an api export.
	// +kubebuilder:validation:Pattern=`^[a-z][-a-z0-9]*[a-z0-9]$`
	// +required
	// +kubebuilder:validation:Required
	Resource string `json:"resource"`
}

GroupResource identifies a resource.

func (*GroupResource) DeepCopy 

func (in *GroupResource) DeepCopy() *GroupResource

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupResource.

func (*GroupResource) DeepCopyInto 

func (in *GroupResource) DeepCopyInto(out *GroupResource)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Identity 

type Identity struct {
	// secretRef is a reference to a secret that contains the API identity in the 'key' file.
	//
	// +optional
	SecretRef *corev1.SecretReference `json:"secretRef,omitempty"`
}

Identity defines the identity of an APIExport, i.e. determines the etcd prefix data of this APIExport are stored under.

func (*Identity) DeepCopy 

func (in *Identity) DeepCopy() *Identity

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Identity.

func (*Identity) DeepCopyInto 

func (in *Identity) DeepCopyInto(out *Identity)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LocalAPIExportPolicy 

type LocalAPIExportPolicy struct{}

LocalAPIExportPolicy is a maximal permission policy that checks RBAC in the workspace of the API Export.

In order to avoid conflicts the user and group name will be prefixed with "apis.kcp.io:binding:".

func (*LocalAPIExportPolicy) DeepCopy 

func (in *LocalAPIExportPolicy) DeepCopy() *LocalAPIExportPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalAPIExportPolicy.

func (*LocalAPIExportPolicy) DeepCopyInto 

func (in *LocalAPIExportPolicy) DeepCopyInto(out *LocalAPIExportPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MaximalPermissionPolicy 

type MaximalPermissionPolicy struct {
	// local is the policy that is defined in same workspace as the API Export.
	// +optional
	Local *LocalAPIExportPolicy `json:"local,omitempty"`
}

MaximalPermissionPolicy is a wrapper type around the multiple options that would be allowed.

func (*MaximalPermissionPolicy) DeepCopy 

func (in *MaximalPermissionPolicy) DeepCopy() *MaximalPermissionPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MaximalPermissionPolicy.

func (*MaximalPermissionPolicy) DeepCopyInto 

func (in *MaximalPermissionPolicy) DeepCopyInto(out *MaximalPermissionPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PermissionClaim 

type PermissionClaim struct {
	GroupResource `json:",inline"`

	// all claims all resources for the given group/resource.
	// This is mutually exclusive with resourceSelector.
	// +optional
	All bool `json:"all,omitempty"`

	// resourceSelector is a list of claimed resource selectors.
	//
	// +optional
	ResourceSelector []ResourceSelector `json:"resourceSelector,omitempty"`

	// This is the identity for a given APIExport that the APIResourceSchema belongs to.
	// The hash can be found on APIExport and APIResourceSchema's status.
	// It will be empty for core types.
	// Note that one must look this up for a particular KCP instance.
	// +optional
	IdentityHash string `json:"identityHash,omitempty"`
}

PermissionClaim identifies an object by GR and identity hash. Its purpose is to determine the added permissions that a service provider may request and that a consumer may accept and allow the service provider access to.

+kubebuilder:validation:XValidation:rule="(has(self.all) && self.all) != (has(self.resourceSelector) && size(self.resourceSelector) > 0)",message="either \"all\" or \"resourceSelector\" must be set"

func (*PermissionClaim) DeepCopy 

func (in *PermissionClaim) DeepCopy() *PermissionClaim

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionClaim.

func (*PermissionClaim) DeepCopyInto 

func (in *PermissionClaim) DeepCopyInto(out *PermissionClaim)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (PermissionClaim) Equal 

func (p PermissionClaim) Equal(claim PermissionClaim) bool

func (PermissionClaim) String 

func (p PermissionClaim) String() string

type ResourceSelector 

type ResourceSelector struct {
	// name of an object within a claimed group/resource.
	// It matches the metadata.name field of the underlying object.
	// If namespace is unset, all objects matching that name will be claimed.
	//
	// +optional
	// +kubebuilder:validation:Pattern="^([a-z0-9][-a-z0-9_.]*)?[a-z0-9]$"
	// +kubebuilder:validation:MaxLength=253
	// +kubebuilder:validation:MinLength=1
	Name string `json:"name,omitempty"`

	// namespace containing the named object. Matches metadata.namespace field.
	// If "name" is unset, all objects from the namespace are being claimed.
	//
	// +optional
	// +kubebuilder:validation:MinLength=1
	Namespace string `json:"namespace,omitempty"`
}

+kubebuilder:validation:XValidation:rule="has(self.__namespace__) || has(self.name)",message="at least one field must be set"

func (*ResourceSelector) DeepCopy 

func (in *ResourceSelector) DeepCopy() *ResourceSelector

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceSelector.

func (*ResourceSelector) DeepCopyInto 

func (in *ResourceSelector) DeepCopyInto(out *ResourceSelector)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VirtualWorkspace 

type VirtualWorkspace struct {
	// url is an APIExport virtual workspace URL.
	//
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:format:URL
	// +required
	URL string `json:"url"`
}

func (*VirtualWorkspace) DeepCopy 

func (in *VirtualWorkspace) DeepCopy() *VirtualWorkspace

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualWorkspace.

func (*VirtualWorkspace) DeepCopyInto 

func (in *VirtualWorkspace) DeepCopyInto(out *VirtualWorkspace)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookClientConfig added in v0.24.0 

type WebhookClientConfig struct {
	// url gives the location of the webhook, in standard URL form
	// (`scheme://host:port/path`).
	//
	// Please note that using `localhost` or `127.0.0.1` as a `host` is
	// risky unless you take great care to run this webhook on all hosts
	// which run an apiserver which might need to make calls to this
	// webhook. Such installs are likely to be non-portable, i.e., not easy
	// to turn up in a new cluster.
	//
	// The scheme must be "https"; the URL must begin with "https://".
	//
	// A path is optional, and if present may be any string permissible in
	// a URL. You may use the path to pass an arbitrary string to the
	// webhook, for example, a cluster identifier.
	//
	// Attempting to use a user or basic auth e.g. "user:password@" is not
	// allowed. Fragments ("#...") and query parameters ("?...") are not
	// allowed, either.
	//
	// Note: kcp does not support provided service names like Kubernetes does.
	// +kubebuilder:validation:Format=uri
	URL string `json:"url,omitempty"`

	// caBundle is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
	// If unspecified, system trust roots on the apiserver are used.
	// +optional
	CABundle []byte `json:"caBundle,omitempty"`
}

WebhookClientConfig contains the information to make a TLS connection with the webhook.

func (*WebhookClientConfig) DeepCopy added in v0.24.0 

func (in *WebhookClientConfig) DeepCopy() *WebhookClientConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookClientConfig.

func (*WebhookClientConfig) DeepCopyInto added in v0.24.0 

func (in *WebhookClientConfig) DeepCopyInto(out *WebhookClientConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookConversion added in v0.24.0 

type WebhookConversion struct {
	// clientConfig is the instructions for how to call the webhook if strategy is `Webhook`.
	// +optional
	ClientConfig *WebhookClientConfig `json:"clientConfig,omitempty"`

	// conversionReviewVersions is an ordered list of preferred `ConversionReview`
	// versions the Webhook expects. The API server will use the first version in
	// the list which it supports. If none of the versions specified in this list
	// are supported by API server, conversion will fail for the custom resource.
	// If a persisted Webhook configuration specifies allowed versions and does not
	// include any versions known to the API Server, calls to the webhook will fail.
	// +listType=atomic
	ConversionReviewVersions []string `json:"conversionReviewVersions"`
}

WebhookConversion describes how to call a conversion webhook

func (*WebhookConversion) DeepCopy added in v0.24.0 

func (in *WebhookConversion) DeepCopy() *WebhookConversion

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookConversion.

func (*WebhookConversion) DeepCopyInto added in v0.24.0 

func (in *WebhookConversion) DeepCopyInto(out *WebhookConversion)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.