This commit replaces the local ACL-related API types, and the func for
checking access, with their standarised forms in fluxcd/pkg/apis/acl
and fluxcd/pkg/runtime/acl respectively.
The test case for "When the ACL is empty, it denies access" needed
adjustment because the zero value of acl.AccessFrom is not valid -- it
needs an explicit list of namespace selectors. Providing `nil` in the
test case is the equivalent of providing a zero value.
Signed-off-by: Michael Bridgen <michael@weave.works>
- add `AccessFrom` to ImageRepositorySpec for granting cross-namespace access to repositories
- change `ImageRepositoryRef` type from local reference to namespaced reference
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
The schema is the same, which means this is a case of
- copying over the type definitions;
- changing the "stored" CRD version;
- giving a CRD conversion of None, meaning just change the apiVersion;
- using the new API package in the controller code;
- moving the API docs to v1beta1
Signed-off-by: Michael Bridgen <michael@weave.works>
The image automation part of the API has changed structure (see [1]),
and had a version bump from `v1alpha1` to `v1alpha2`. Since the types
here are also in `image.toolkit.fluxcd.io`, there will be less
complication if they also get a version bump even though they aren't
changing.
[1] https://github.com/fluxcd/image-automation-controller/pull/139
Signed-off-by: Michael Bridgen <michael@weave.works>
This comes with less baggage than the corev1 original.
(While I was here, I updated the fallback controller-gen version to
0.4.1, which gives much better error messages.)
Signed-off-by: Michael Bridgen <michael@weave.works>
This implements the design in #89, so you can provide a TLS
certificate and key to use for authentication; and, a CA certificate
for when you are using self-signed certs.
Unlike other GOTK controllers, the certificate secret is separate to
the credentials secret. This is because the credentials secret is more
likely to be a dockerconfigjson secret (i.e., created with
docker create secret docker-registry ...
or its equivalent).
Signed-off-by: Michael Bridgen <michael@weave.works>
Michael Bridgen
Stefan Prodan