v1alpha1

package
v0.1.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 8, 2025 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the ephemeral-access v1alpha1 API group +kubebuilder:object:generate=true +groupName=ephemeral-access.argoproj-labs.io

Index

Constants

This section is empty.

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "ephemeral-access.argoproj-labs.io", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type AccessBinding 

type AccessBinding struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec AccessBindingSpec `json:"spec,omitempty"`
}

AccessBinding is the Schema for the accessbindings API +kubebuilder:object:root=true

func (*AccessBinding) DeepCopy 

func (in *AccessBinding) DeepCopy() *AccessBinding

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessBinding.

func (*AccessBinding) DeepCopyInto 

func (in *AccessBinding) DeepCopyInto(out *AccessBinding)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AccessBinding) DeepCopyObject 

func (in *AccessBinding) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AccessBinding) RenderSubjects 

func (ab *AccessBinding) RenderSubjects(app, project *unstructured.Unstructured) ([]string, error)

RenderSubjects renders the access bindings subjects when the If condition is evaluated to true

type AccessBindingList 

type AccessBindingList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`

	Items []AccessBinding `json:"items"`
}

AccessBindingList contains a list of AccessBinding +kubebuilder:object:root=true

func (*AccessBindingList) DeepCopy 

func (in *AccessBindingList) DeepCopy() *AccessBindingList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessBindingList.

func (*AccessBindingList) DeepCopyInto 

func (in *AccessBindingList) DeepCopyInto(out *AccessBindingList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AccessBindingList) DeepCopyObject 

func (in *AccessBindingList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AccessBindingSpec 

type AccessBindingSpec struct {
	// RoleTemplateRef is the reference to the RoleTemplate this bindings grants
	// access to
	// +kubebuilder:validation:Required
	RoleTemplateRef RoleTemplateReference `json:"roleTemplateRef"`
	// Subjects is list of strings, supporting go template, that a user's group
	// claims must match at least one of to be allowed
	Subjects []string `json:"subjects"`
	// If is a condition that must be true to evaluate the subjects
	If *string `json:"if,omitempty"`
	// Ordinal defines an ordering number of this role compared to others.
	// AccessBindings associated with roles with higher privilege should
	// be set with lower ordinal value than AccessBindings associated with
	// roles with lesser privilege.
	Ordinal int `json:"ordinal,omitempty"`
	// FriendlyName defines a name for this role
	// +kubebuilder:validation:MaxLength=512
	FriendlyName *string `json:"friendlyName,omitempty"`
}

AccessBindingSpec defines the desired state of AccessBinding

func (*AccessBindingSpec) DeepCopy 

func (in *AccessBindingSpec) DeepCopy() *AccessBindingSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessBindingSpec.

func (*AccessBindingSpec) DeepCopyInto 

func (in *AccessBindingSpec) DeepCopyInto(out *AccessBindingSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessRequest 

type AccessRequest struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   AccessRequestSpec   `json:"spec,omitempty"`
	Status AccessRequestStatus `json:"status,omitempty"`
}

AccessRequest is the Schema for the accessrequests API +kubebuilder:object:root=true +kubebuilder:subresource:status +kubebuilder:resource:shortName=areq;areqs

func (*AccessRequest) DeepCopy 

func (in *AccessRequest) DeepCopy() *AccessRequest

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessRequest.

func (*AccessRequest) DeepCopyInto 

func (in *AccessRequest) DeepCopyInto(out *AccessRequest)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AccessRequest) DeepCopyObject 

func (in *AccessRequest) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AccessRequest) IsExpiring 

func (ar *AccessRequest) IsExpiring() bool

IsExpiring will return true if this AccessRequest is expired by verifying the .status.ExpiresAt field. Otherwise it returns false.

func (*AccessRequest) UpdateStatusHistory 

func (ar *AccessRequest) UpdateStatusHistory(newStatus Status, details string)

UpdateStatusHistory will update this AccessRequest status and history fields based on the given status and details. This function should only depend on the objects provided by this package. If any additional dependency is needed than this function should be moved to another package.

type AccessRequestHistory 

type AccessRequestHistory struct {
	// TransitionTime is the time the transition is observed
	TransitionTime metav1.Time `json:"transitionTime"`
	// RequestState is the new status assigned to this access request
	RequestState Status `json:"status"`
	// Details may contain detailed information about the transition
	Details *string `json:"details,omitempty"`
}

AccessRequestHistory contain the history of all status transitions associated with this access request

func (*AccessRequestHistory) DeepCopy 

func (in *AccessRequestHistory) DeepCopy() *AccessRequestHistory

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessRequestHistory.

func (*AccessRequestHistory) DeepCopyInto 

func (in *AccessRequestHistory) DeepCopyInto(out *AccessRequestHistory)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (AccessRequestHistory) String 

func (h AccessRequestHistory) String() string

type AccessRequestList 

type AccessRequestList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AccessRequest `json:"items"`
}

AccessRequestList contains a list of AccessRequest +kubebuilder:object:root=true

func (*AccessRequestList) DeepCopy 

func (in *AccessRequestList) DeepCopy() *AccessRequestList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessRequestList.

func (*AccessRequestList) DeepCopyInto 

func (in *AccessRequestList) DeepCopyInto(out *AccessRequestList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AccessRequestList) DeepCopyObject 

func (in *AccessRequestList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AccessRequestSpec 

type AccessRequestSpec struct {
	// Duration defines the ammount of time that the elevated access
	// will be granted once approved
	Duration metav1.Duration `json:"duration"`
	// TargetRoleName defines the role name the user will be assigned
	// to once the access is approved
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
	Role TargetRole `json:"role"`
	// Application defines the Argo CD Application to assign the elevated
	// permission
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
	Application TargetApplication `json:"application"`
	// Subject defines the subject for this access request
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
	Subject Subject `json:"subject"`
}

AccessRequestSpec defines the desired state of AccessRequest

func (*AccessRequestSpec) DeepCopy 

func (in *AccessRequestSpec) DeepCopy() *AccessRequestSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessRequestSpec.

func (*AccessRequestSpec) DeepCopyInto 

func (in *AccessRequestSpec) DeepCopyInto(out *AccessRequestSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessRequestStatus 

type AccessRequestStatus struct {
	RequestState     Status                 `json:"requestState,omitempty"`
	TargetProject    string                 `json:"targetProject,omitempty"`
	ExpiresAt        *metav1.Time           `json:"expiresAt,omitempty"`
	RoleTemplateHash string                 `json:"roleTemplateHash,omitempty"`
	RoleName         string                 `json:"roleName,omitempty"`
	History          []AccessRequestHistory `json:"history,omitempty"`
}

AccessRequestStatus defines the observed state of AccessRequest

func (*AccessRequestStatus) DeepCopy 

func (in *AccessRequestStatus) DeepCopy() *AccessRequestStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessRequestStatus.

func (*AccessRequestStatus) DeepCopyInto 

func (in *AccessRequestStatus) DeepCopyInto(out *AccessRequestStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RoleTemplate 

type RoleTemplate struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   RoleTemplateSpec   `json:"spec,omitempty"`
	Status RoleTemplateStatus `json:"status,omitempty"`
}

RoleTemplate is the Schema for the roletemplates API +kubebuilder:object:root=true +kubebuilder:subresource:status

func (*RoleTemplate) AppProjectRoleName 

func (rt *RoleTemplate) AppProjectRoleName(appName, namespace string) string

roleName will return the role name to be used in the AppProject

func (*RoleTemplate) DeepCopy 

func (in *RoleTemplate) DeepCopy() *RoleTemplate

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleTemplate.

func (*RoleTemplate) DeepCopyInto 

func (in *RoleTemplate) DeepCopyInto(out *RoleTemplate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RoleTemplate) DeepCopyObject 

func (in *RoleTemplate) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*RoleTemplate) Render 

func (rt *RoleTemplate) Render(projName, appName, appNs string) (*RoleTemplate, error)

Render will return a new RoleTemplate instance with the templates replaced by the given projName, appName and appNs. The RoleTemplate fields that accept templated values are 'rt.Spec.Description' and 'rt.Spec.Policies'.

type RoleTemplateList 

type RoleTemplateList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []RoleTemplate `json:"items"`
}

RoleTemplateList contains a list of RoleTemplate +kubebuilder:object:root=true

func (*RoleTemplateList) DeepCopy 

func (in *RoleTemplateList) DeepCopy() *RoleTemplateList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleTemplateList.

func (*RoleTemplateList) DeepCopyInto 

func (in *RoleTemplateList) DeepCopyInto(out *RoleTemplateList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RoleTemplateList) DeepCopyObject 

func (in *RoleTemplateList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type RoleTemplateReference 

type RoleTemplateReference struct {
	// Name of the role template object
	// +kubebuilder:validation:Required
	Name string `json:"name"`
}

RoleTemplateReference is a reference to a RoleTemplate

func (*RoleTemplateReference) DeepCopy 

func (in *RoleTemplateReference) DeepCopy() *RoleTemplateReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleTemplateReference.

func (*RoleTemplateReference) DeepCopyInto 

func (in *RoleTemplateReference) DeepCopyInto(out *RoleTemplateReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RoleTemplateSpec 

type RoleTemplateSpec struct {
	Name        string   `json:"name"`
	Description string   `json:"description,omitempty"`
	Policies    []string `json:"policies"`
}

RoleTemplateSpec defines the desired state of RoleTemplate

func (*RoleTemplateSpec) DeepCopy 

func (in *RoleTemplateSpec) DeepCopy() *RoleTemplateSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleTemplateSpec.

func (*RoleTemplateSpec) DeepCopyInto 

func (in *RoleTemplateSpec) DeepCopyInto(out *RoleTemplateSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RoleTemplateStatus 

type RoleTemplateStatus struct {
	Synced   bool   `json:"synced"`
	Message  string `json:"message,omitempty"`
	SyncHash string `json:"syncHash"`
}

RoleTemplateStatus defines the observed state of RoleTemplate

func (*RoleTemplateStatus) DeepCopy 

func (in *RoleTemplateStatus) DeepCopy() *RoleTemplateStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleTemplateStatus.

func (*RoleTemplateStatus) DeepCopyInto 

func (in *RoleTemplateStatus) DeepCopyInto(out *RoleTemplateStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Status 

type Status string

Status defines the different stages a given access request can be at a given time. +kubebuilder:validation:Enum=initiated;requested;granted;expired;denied;invalid 

const (
	// InitiatedStatus is the stage that defines the access request as initiated
	InitiatedStatus Status = "initiated"

	// RequestedStatus is the stage that defines the access request as pending
	RequestedStatus Status = "requested"

	// GrantedStatus is the stage that defines the access request as granted
	GrantedStatus Status = "granted"

	// ExpiredStatus is the stage that defines the access request as expired
	ExpiredStatus Status = "expired"

	// DeniedStatus is the stage that defines the access request as refused
	DeniedStatus Status = "denied"

	// InvalidStatus is the used to identify invalid access requests
	InvalidStatus Status = "invalid"
)

type Subject 

type Subject struct {
	// Username refers to the entity requesting the elevated permission
	Username string `json:"username"`
}

Subject defines the user details to get elevated permissions assigned

func (*Subject) DeepCopy 

func (in *Subject) DeepCopy() *Subject

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Subject.

func (*Subject) DeepCopyInto 

func (in *Subject) DeepCopyInto(out *Subject)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TargetApplication 

type TargetApplication struct {
	// Name refers to the Argo CD Application name
	Name string `json:"name"`
	// Namespace refers to the namespace where the Argo CD Application lives
	Namespace string `json:"namespace"`
}

TargetApplication defines the Argo CD AppProject to assign the elevated permission

func (*TargetApplication) DeepCopy 

func (in *TargetApplication) DeepCopy() *TargetApplication

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetApplication.

func (*TargetApplication) DeepCopyInto 

func (in *TargetApplication) DeepCopyInto(out *TargetApplication)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TargetRole 

type TargetRole struct {
	// TemplateName defines the role template the user will be assigned
	// +kubebuilder:validation:Required
	TemplateRef TargetRoleTemplate `json:"templateRef"`
	// Ordinal defines an ordering number of this role compared to others
	Ordinal int `json:"ordinal,omitempty"`
	// FriendlyName defines a name for this role
	// +kubebuilder:validation:MaxLength=512
	FriendlyName *string `json:"friendlyName,omitempty"`
}

TargetRole defines the role that is requested

func (*TargetRole) DeepCopy 

func (in *TargetRole) DeepCopy() *TargetRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetRole.

func (*TargetRole) DeepCopyInto 

func (in *TargetRole) DeepCopyInto(out *TargetRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TargetRoleTemplate 

type TargetRoleTemplate struct {
	// Name refers to the RoleTemplate name
	// +kubebuilder:validation:MaxLength=512
	Name string `json:"name"`
	// Namespace refers to the namespace where the RoleTemplate lives
	Namespace string `json:"namespace"`
}

TargetRoleTemplate defines the reference to the RoleTemplate to be associated with the AccessRequest

func (*TargetRoleTemplate) DeepCopy 

func (in *TargetRoleTemplate) DeepCopy() *TargetRoleTemplate

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetRoleTemplate.

func (*TargetRoleTemplate) DeepCopyInto 

func (in *TargetRoleTemplate) DeepCopyInto(out *TargetRoleTemplate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.