Add ACL optional field to Source API
Cherry-picked from 525be388ec
.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This commit is contained in:
parent
e15e0ac6b8
commit
058a016a60
|
@ -3,6 +3,7 @@ module github.com/fluxcd/source-controller/api
|
|||
go 1.16
|
||||
|
||||
require (
|
||||
github.com/fluxcd/pkg/apis/acl v0.0.1
|
||||
github.com/fluxcd/pkg/apis/meta v0.10.0
|
||||
k8s.io/apimachinery v0.21.3
|
||||
sigs.k8s.io/controller-runtime v0.9.5
|
||||
|
|
|
@ -91,6 +91,8 @@ github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMi
|
|||
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
|
||||
github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
|
||||
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
|
||||
github.com/fluxcd/pkg/apis/acl v0.0.1 h1:biCgZMjpDSv3Q4mZPikUJILx3t2MuNXR4Oa5jRQxaNQ=
|
||||
github.com/fluxcd/pkg/apis/acl v0.0.1/go.mod h1:y3qOXUFObVWk7jzOjubMnr/u18j1kCeSi6olycnxr/E=
|
||||
github.com/fluxcd/pkg/apis/meta v0.10.0 h1:N7wVGHC1cyPdT87hrDC7UwCwRwnZdQM46PBSLjG2rlE=
|
||||
github.com/fluxcd/pkg/apis/meta v0.10.0/go.mod h1:CW9X9ijMTpNe7BwnokiUOrLl/h13miwVr/3abEQLbKE=
|
||||
github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
|
||||
|
|
|
@ -17,9 +17,11 @@ limitations under the License.
|
|||
package v1beta1
|
||||
|
||||
import (
|
||||
"github.com/fluxcd/pkg/apis/meta"
|
||||
apimeta "k8s.io/apimachinery/pkg/api/meta"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
"github.com/fluxcd/pkg/apis/acl"
|
||||
"github.com/fluxcd/pkg/apis/meta"
|
||||
)
|
||||
|
||||
const (
|
||||
|
@ -74,6 +76,10 @@ type BucketSpec struct {
|
|||
// This flag tells the controller to suspend the reconciliation of this source.
|
||||
// +optional
|
||||
Suspend bool `json:"suspend,omitempty"`
|
||||
|
||||
// AccessFrom defines an Access Control List for allowing cross-namespace references to this object.
|
||||
// +optional
|
||||
AccessFrom *acl.AccessFrom `json:"accessFrom,omitempty"`
|
||||
}
|
||||
|
||||
const (
|
||||
|
|
|
@ -17,9 +17,11 @@ limitations under the License.
|
|||
package v1beta1
|
||||
|
||||
import (
|
||||
"github.com/fluxcd/pkg/apis/meta"
|
||||
apimeta "k8s.io/apimachinery/pkg/api/meta"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
"github.com/fluxcd/pkg/apis/acl"
|
||||
"github.com/fluxcd/pkg/apis/meta"
|
||||
)
|
||||
|
||||
const (
|
||||
|
@ -90,6 +92,10 @@ type GitRepositorySpec struct {
|
|||
|
||||
// Extra git repositories to map into the repository
|
||||
Include []GitRepositoryInclude `json:"include,omitempty"`
|
||||
|
||||
// AccessFrom defines an Access Control List for allowing cross-namespace references to this object.
|
||||
// +optional
|
||||
AccessFrom *acl.AccessFrom `json:"accessFrom,omitempty"`
|
||||
}
|
||||
|
||||
func (in *GitRepositoryInclude) GetFromPath() string {
|
||||
|
|
|
@ -17,9 +17,11 @@ limitations under the License.
|
|||
package v1beta1
|
||||
|
||||
import (
|
||||
"github.com/fluxcd/pkg/apis/meta"
|
||||
apimeta "k8s.io/apimachinery/pkg/api/meta"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
"github.com/fluxcd/pkg/apis/acl"
|
||||
"github.com/fluxcd/pkg/apis/meta"
|
||||
)
|
||||
|
||||
// HelmChartKind is the string representation of a HelmChart.
|
||||
|
@ -72,6 +74,10 @@ type HelmChartSpec struct {
|
|||
// This flag tells the controller to suspend the reconciliation of this source.
|
||||
// +optional
|
||||
Suspend bool `json:"suspend,omitempty"`
|
||||
|
||||
// AccessFrom defines an Access Control List for allowing cross-namespace references to this object.
|
||||
// +optional
|
||||
AccessFrom *acl.AccessFrom `json:"accessFrom,omitempty"`
|
||||
}
|
||||
|
||||
const (
|
||||
|
|
|
@ -17,9 +17,11 @@ limitations under the License.
|
|||
package v1beta1
|
||||
|
||||
import (
|
||||
"github.com/fluxcd/pkg/apis/meta"
|
||||
apimeta "k8s.io/apimachinery/pkg/api/meta"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
"github.com/fluxcd/pkg/apis/acl"
|
||||
"github.com/fluxcd/pkg/apis/meta"
|
||||
)
|
||||
|
||||
const (
|
||||
|
@ -66,6 +68,10 @@ type HelmRepositorySpec struct {
|
|||
// This flag tells the controller to suspend the reconciliation of this source.
|
||||
// +optional
|
||||
Suspend bool `json:"suspend,omitempty"`
|
||||
|
||||
// AccessFrom defines an Access Control List for allowing cross-namespace references to this object.
|
||||
// +optional
|
||||
AccessFrom *acl.AccessFrom `json:"accessFrom,omitempty"`
|
||||
}
|
||||
|
||||
// HelmRepositoryStatus defines the observed state of the HelmRepository.
|
||||
|
|
|
@ -21,6 +21,7 @@ limitations under the License.
|
|||
package v1beta1
|
||||
|
||||
import (
|
||||
"github.com/fluxcd/pkg/apis/acl"
|
||||
"github.com/fluxcd/pkg/apis/meta"
|
||||
"k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
|
@ -120,6 +121,11 @@ func (in *BucketSpec) DeepCopyInto(out *BucketSpec) {
|
|||
*out = new(string)
|
||||
**out = **in
|
||||
}
|
||||
if in.AccessFrom != nil {
|
||||
in, out := &in.AccessFrom, &out.AccessFrom
|
||||
*out = new(acl.AccessFrom)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BucketSpec.
|
||||
|
@ -284,6 +290,11 @@ func (in *GitRepositorySpec) DeepCopyInto(out *GitRepositorySpec) {
|
|||
*out = make([]GitRepositoryInclude, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.AccessFrom != nil {
|
||||
in, out := &in.AccessFrom, &out.AccessFrom
|
||||
*out = new(acl.AccessFrom)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitRepositorySpec.
|
||||
|
@ -420,6 +431,11 @@ func (in *HelmChartSpec) DeepCopyInto(out *HelmChartSpec) {
|
|||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.AccessFrom != nil {
|
||||
in, out := &in.AccessFrom, &out.AccessFrom
|
||||
*out = new(acl.AccessFrom)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmChartSpec.
|
||||
|
@ -533,6 +549,11 @@ func (in *HelmRepositorySpec) DeepCopyInto(out *HelmRepositorySpec) {
|
|||
*out = new(v1.Duration)
|
||||
**out = **in
|
||||
}
|
||||
if in.AccessFrom != nil {
|
||||
in, out := &in.AccessFrom, &out.AccessFrom
|
||||
*out = new(acl.AccessFrom)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmRepositorySpec.
|
||||
|
|
|
@ -45,6 +45,24 @@ spec:
|
|||
spec:
|
||||
description: BucketSpec defines the desired state of an S3 compatible bucket
|
||||
properties:
|
||||
accessFrom:
|
||||
description: AccessFrom defines an Access Control List for allowing cross-namespace references to this object.
|
||||
properties:
|
||||
namespaceSelectors:
|
||||
description: NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in this list are evaluated using a logical OR operation.
|
||||
items:
|
||||
description: NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels matches all namespaces in a cluster.
|
||||
properties:
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- namespaceSelectors
|
||||
type: object
|
||||
bucketName:
|
||||
description: The bucket name.
|
||||
type: string
|
||||
|
|
|
@ -47,6 +47,24 @@ spec:
|
|||
spec:
|
||||
description: GitRepositorySpec defines the desired state of a Git repository.
|
||||
properties:
|
||||
accessFrom:
|
||||
description: AccessFrom defines an Access Control List for allowing cross-namespace references to this object.
|
||||
properties:
|
||||
namespaceSelectors:
|
||||
description: NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in this list are evaluated using a logical OR operation.
|
||||
items:
|
||||
description: NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels matches all namespaces in a cluster.
|
||||
properties:
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- namespaceSelectors
|
||||
type: object
|
||||
gitImplementation:
|
||||
default: go-git
|
||||
description: Determines which git client library to use. Defaults to go-git, valid values are ('go-git', 'libgit2').
|
||||
|
|
|
@ -56,6 +56,24 @@ spec:
|
|||
spec:
|
||||
description: HelmChartSpec defines the desired state of a Helm chart.
|
||||
properties:
|
||||
accessFrom:
|
||||
description: AccessFrom defines an Access Control List for allowing cross-namespace references to this object.
|
||||
properties:
|
||||
namespaceSelectors:
|
||||
description: NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in this list are evaluated using a logical OR operation.
|
||||
items:
|
||||
description: NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels matches all namespaces in a cluster.
|
||||
properties:
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- namespaceSelectors
|
||||
type: object
|
||||
chart:
|
||||
description: The name or path the Helm chart is available at in the SourceRef.
|
||||
type: string
|
||||
|
|
|
@ -47,6 +47,24 @@ spec:
|
|||
spec:
|
||||
description: HelmRepositorySpec defines the reference to a Helm repository.
|
||||
properties:
|
||||
accessFrom:
|
||||
description: AccessFrom defines an Access Control List for allowing cross-namespace references to this object.
|
||||
properties:
|
||||
namespaceSelectors:
|
||||
description: NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in this list are evaluated using a logical OR operation.
|
||||
items:
|
||||
description: NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels matches all namespaces in a cluster.
|
||||
properties:
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- namespaceSelectors
|
||||
type: object
|
||||
interval:
|
||||
description: The interval at which to check the upstream for updates.
|
||||
type: string
|
||||
|
|
|
@ -200,6 +200,20 @@ bool
|
|||
<p>This flag tells the controller to suspend the reconciliation of this source.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<code>accessFrom</code><br>
|
||||
<em>
|
||||
<a href="https://godoc.org/github.com/fluxcd/pkg/apis/acl#AccessFrom">
|
||||
github.com/fluxcd/pkg/apis/acl.AccessFrom
|
||||
</a>
|
||||
</em>
|
||||
</td>
|
||||
<td>
|
||||
<em>(Optional)</em>
|
||||
<p>AccessFrom defines an Access Control List for allowing cross-namespace references to this object.</p>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</td>
|
||||
</tr>
|
||||
|
@ -427,6 +441,20 @@ This option is available only when using the ‘go-git’ GitImplementat
|
|||
<p>Extra git repositories to map into the repository</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<code>accessFrom</code><br>
|
||||
<em>
|
||||
<a href="https://godoc.org/github.com/fluxcd/pkg/apis/acl#AccessFrom">
|
||||
github.com/fluxcd/pkg/apis/acl.AccessFrom
|
||||
</a>
|
||||
</em>
|
||||
</td>
|
||||
<td>
|
||||
<em>(Optional)</em>
|
||||
<p>AccessFrom defines an Access Control List for allowing cross-namespace references to this object.</p>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</td>
|
||||
</tr>
|
||||
|
@ -610,6 +638,20 @@ bool
|
|||
<p>This flag tells the controller to suspend the reconciliation of this source.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<code>accessFrom</code><br>
|
||||
<em>
|
||||
<a href="https://godoc.org/github.com/fluxcd/pkg/apis/acl#AccessFrom">
|
||||
github.com/fluxcd/pkg/apis/acl.AccessFrom
|
||||
</a>
|
||||
</em>
|
||||
</td>
|
||||
<td>
|
||||
<em>(Optional)</em>
|
||||
<p>AccessFrom defines an Access Control List for allowing cross-namespace references to this object.</p>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</td>
|
||||
</tr>
|
||||
|
@ -772,6 +814,20 @@ bool
|
|||
<p>This flag tells the controller to suspend the reconciliation of this source.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<code>accessFrom</code><br>
|
||||
<em>
|
||||
<a href="https://godoc.org/github.com/fluxcd/pkg/apis/acl#AccessFrom">
|
||||
github.com/fluxcd/pkg/apis/acl.AccessFrom
|
||||
</a>
|
||||
</em>
|
||||
</td>
|
||||
<td>
|
||||
<em>(Optional)</em>
|
||||
<p>AccessFrom defines an Access Control List for allowing cross-namespace references to this object.</p>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</td>
|
||||
</tr>
|
||||
|
@ -1020,6 +1076,20 @@ bool
|
|||
<p>This flag tells the controller to suspend the reconciliation of this source.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<code>accessFrom</code><br>
|
||||
<em>
|
||||
<a href="https://godoc.org/github.com/fluxcd/pkg/apis/acl#AccessFrom">
|
||||
github.com/fluxcd/pkg/apis/acl.AccessFrom
|
||||
</a>
|
||||
</em>
|
||||
</td>
|
||||
<td>
|
||||
<em>(Optional)</em>
|
||||
<p>AccessFrom defines an Access Control List for allowing cross-namespace references to this object.</p>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
|
@ -1407,6 +1477,20 @@ This option is available only when using the ‘go-git’ GitImplementat
|
|||
<p>Extra git repositories to map into the repository</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<code>accessFrom</code><br>
|
||||
<em>
|
||||
<a href="https://godoc.org/github.com/fluxcd/pkg/apis/acl#AccessFrom">
|
||||
github.com/fluxcd/pkg/apis/acl.AccessFrom
|
||||
</a>
|
||||
</em>
|
||||
</td>
|
||||
<td>
|
||||
<em>(Optional)</em>
|
||||
<p>AccessFrom defines an Access Control List for allowing cross-namespace references to this object.</p>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
|
@ -1683,6 +1767,20 @@ bool
|
|||
<p>This flag tells the controller to suspend the reconciliation of this source.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<code>accessFrom</code><br>
|
||||
<em>
|
||||
<a href="https://godoc.org/github.com/fluxcd/pkg/apis/acl#AccessFrom">
|
||||
github.com/fluxcd/pkg/apis/acl.AccessFrom
|
||||
</a>
|
||||
</em>
|
||||
</td>
|
||||
<td>
|
||||
<em>(Optional)</em>
|
||||
<p>AccessFrom defines an Access Control List for allowing cross-namespace references to this object.</p>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
|
@ -1878,6 +1976,20 @@ bool
|
|||
<p>This flag tells the controller to suspend the reconciliation of this source.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<code>accessFrom</code><br>
|
||||
<em>
|
||||
<a href="https://godoc.org/github.com/fluxcd/pkg/apis/acl#AccessFrom">
|
||||
github.com/fluxcd/pkg/apis/acl.AccessFrom
|
||||
</a>
|
||||
</em>
|
||||
</td>
|
||||
<td>
|
||||
<em>(Optional)</em>
|
||||
<p>AccessFrom defines an Access Control List for allowing cross-namespace references to this object.</p>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
|
@ -2032,4 +2144,4 @@ string
|
|||
<p>Source interface must be supported by all API types.</p>
|
||||
<div class="admonition note">
|
||||
<p class="last">This page was automatically generated with <code>gen-crd-api-reference-docs</code></p>
|
||||
</div>
|
||||
</div>
|
||||
|
|
2
go.sum
2
go.sum
|
@ -255,6 +255,8 @@ github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
|
|||
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
|
||||
github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
|
||||
github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
|
||||
github.com/fluxcd/pkg/apis/acl v0.0.1 h1:biCgZMjpDSv3Q4mZPikUJILx3t2MuNXR4Oa5jRQxaNQ=
|
||||
github.com/fluxcd/pkg/apis/acl v0.0.1/go.mod h1:y3qOXUFObVWk7jzOjubMnr/u18j1kCeSi6olycnxr/E=
|
||||
github.com/fluxcd/pkg/apis/meta v0.10.0 h1:N7wVGHC1cyPdT87hrDC7UwCwRwnZdQM46PBSLjG2rlE=
|
||||
github.com/fluxcd/pkg/apis/meta v0.10.0/go.mod h1:CW9X9ijMTpNe7BwnokiUOrLl/h13miwVr/3abEQLbKE=
|
||||
github.com/fluxcd/pkg/gittestserver v0.4.2 h1:XqoiemTnnUNldnOw8N7OTdalu2iZp1FTRhp9uUauDJQ=
|
||||
|
|
|
@ -22,6 +22,10 @@
|
|||
{
|
||||
"typeMatchPrefix": "^github.com/fluxcd/pkg/apis/meta",
|
||||
"docsURLTemplate": "https://godoc.org/github.com/fluxcd/pkg/apis/meta#{{ .TypeIdentifier }}"
|
||||
},
|
||||
{
|
||||
"typeMatchPrefix": "^github.com/fluxcd/pkg/apis/acl",
|
||||
"docsURLTemplate": "https://godoc.org/github.com/fluxcd/pkg/apis/acl#{{ .TypeIdentifier }}"
|
||||
}
|
||||
],
|
||||
"typeDisplayNamePrefixOverrides": {
|
||||
|
|
Loading…
Reference in New Issue