From 058a016a602753e3936ce5a757e1861dc1db3fd8 Mon Sep 17 00:00:00 2001 From: Stefan Prodan Date: Tue, 10 Aug 2021 17:35:41 +0300 Subject: [PATCH] Add ACL optional field to Source API Cherry-picked from 525be388ec4fe7ec482ba757c2df3b84eb4454d9. Signed-off-by: Stefan Prodan --- api/go.mod | 1 + api/go.sum | 2 + api/v1beta1/bucket_types.go | 8 +- api/v1beta1/gitrepository_types.go | 8 +- api/v1beta1/helmchart_types.go | 8 +- api/v1beta1/helmrepository_types.go | 8 +- api/v1beta1/zz_generated.deepcopy.go | 21 ++++ .../source.toolkit.fluxcd.io_buckets.yaml | 18 +++ ...rce.toolkit.fluxcd.io_gitrepositories.yaml | 18 +++ .../source.toolkit.fluxcd.io_helmcharts.yaml | 18 +++ ...ce.toolkit.fluxcd.io_helmrepositories.yaml | 18 +++ docs/api/source.md | 114 +++++++++++++++++- go.sum | 2 + hack/api-docs/config.json | 4 + 14 files changed, 243 insertions(+), 5 deletions(-) diff --git a/api/go.mod b/api/go.mod index c86b3eb1..7c44a738 100644 --- a/api/go.mod +++ b/api/go.mod @@ -3,6 +3,7 @@ module github.com/fluxcd/source-controller/api go 1.16 require ( + github.com/fluxcd/pkg/apis/acl v0.0.1 github.com/fluxcd/pkg/apis/meta v0.10.0 k8s.io/apimachinery v0.21.3 sigs.k8s.io/controller-runtime v0.9.5 diff --git a/api/go.sum b/api/go.sum index 4b8ebacb..eeecb7a3 100644 --- a/api/go.sum +++ b/api/go.sum @@ -91,6 +91,8 @@ github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMi github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/fluxcd/pkg/apis/acl v0.0.1 h1:biCgZMjpDSv3Q4mZPikUJILx3t2MuNXR4Oa5jRQxaNQ= +github.com/fluxcd/pkg/apis/acl v0.0.1/go.mod h1:y3qOXUFObVWk7jzOjubMnr/u18j1kCeSi6olycnxr/E= github.com/fluxcd/pkg/apis/meta v0.10.0 h1:N7wVGHC1cyPdT87hrDC7UwCwRwnZdQM46PBSLjG2rlE= github.com/fluxcd/pkg/apis/meta v0.10.0/go.mod h1:CW9X9ijMTpNe7BwnokiUOrLl/h13miwVr/3abEQLbKE= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= diff --git a/api/v1beta1/bucket_types.go b/api/v1beta1/bucket_types.go index e046eaa8..41b732d1 100644 --- a/api/v1beta1/bucket_types.go +++ b/api/v1beta1/bucket_types.go @@ -17,9 +17,11 @@ limitations under the License. package v1beta1 import ( - "github.com/fluxcd/pkg/apis/meta" apimeta "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/fluxcd/pkg/apis/acl" + "github.com/fluxcd/pkg/apis/meta" ) const ( @@ -74,6 +76,10 @@ type BucketSpec struct { // This flag tells the controller to suspend the reconciliation of this source. // +optional Suspend bool `json:"suspend,omitempty"` + + // AccessFrom defines an Access Control List for allowing cross-namespace references to this object. + // +optional + AccessFrom *acl.AccessFrom `json:"accessFrom,omitempty"` } const ( diff --git a/api/v1beta1/gitrepository_types.go b/api/v1beta1/gitrepository_types.go index b2471df0..bab79ca5 100644 --- a/api/v1beta1/gitrepository_types.go +++ b/api/v1beta1/gitrepository_types.go @@ -17,9 +17,11 @@ limitations under the License. package v1beta1 import ( - "github.com/fluxcd/pkg/apis/meta" apimeta "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/fluxcd/pkg/apis/acl" + "github.com/fluxcd/pkg/apis/meta" ) const ( @@ -90,6 +92,10 @@ type GitRepositorySpec struct { // Extra git repositories to map into the repository Include []GitRepositoryInclude `json:"include,omitempty"` + + // AccessFrom defines an Access Control List for allowing cross-namespace references to this object. + // +optional + AccessFrom *acl.AccessFrom `json:"accessFrom,omitempty"` } func (in *GitRepositoryInclude) GetFromPath() string { diff --git a/api/v1beta1/helmchart_types.go b/api/v1beta1/helmchart_types.go index 01fde150..a6aa189e 100644 --- a/api/v1beta1/helmchart_types.go +++ b/api/v1beta1/helmchart_types.go @@ -17,9 +17,11 @@ limitations under the License. package v1beta1 import ( - "github.com/fluxcd/pkg/apis/meta" apimeta "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/fluxcd/pkg/apis/acl" + "github.com/fluxcd/pkg/apis/meta" ) // HelmChartKind is the string representation of a HelmChart. @@ -72,6 +74,10 @@ type HelmChartSpec struct { // This flag tells the controller to suspend the reconciliation of this source. // +optional Suspend bool `json:"suspend,omitempty"` + + // AccessFrom defines an Access Control List for allowing cross-namespace references to this object. + // +optional + AccessFrom *acl.AccessFrom `json:"accessFrom,omitempty"` } const ( diff --git a/api/v1beta1/helmrepository_types.go b/api/v1beta1/helmrepository_types.go index 40f918d2..400eb83f 100644 --- a/api/v1beta1/helmrepository_types.go +++ b/api/v1beta1/helmrepository_types.go @@ -17,9 +17,11 @@ limitations under the License. package v1beta1 import ( - "github.com/fluxcd/pkg/apis/meta" apimeta "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/fluxcd/pkg/apis/acl" + "github.com/fluxcd/pkg/apis/meta" ) const ( @@ -66,6 +68,10 @@ type HelmRepositorySpec struct { // This flag tells the controller to suspend the reconciliation of this source. // +optional Suspend bool `json:"suspend,omitempty"` + + // AccessFrom defines an Access Control List for allowing cross-namespace references to this object. + // +optional + AccessFrom *acl.AccessFrom `json:"accessFrom,omitempty"` } // HelmRepositoryStatus defines the observed state of the HelmRepository. diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go index fd20920d..443f17a3 100644 --- a/api/v1beta1/zz_generated.deepcopy.go +++ b/api/v1beta1/zz_generated.deepcopy.go @@ -21,6 +21,7 @@ limitations under the License. package v1beta1 import ( + "github.com/fluxcd/pkg/apis/acl" "github.com/fluxcd/pkg/apis/meta" "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -120,6 +121,11 @@ func (in *BucketSpec) DeepCopyInto(out *BucketSpec) { *out = new(string) **out = **in } + if in.AccessFrom != nil { + in, out := &in.AccessFrom, &out.AccessFrom + *out = new(acl.AccessFrom) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BucketSpec. @@ -284,6 +290,11 @@ func (in *GitRepositorySpec) DeepCopyInto(out *GitRepositorySpec) { *out = make([]GitRepositoryInclude, len(*in)) copy(*out, *in) } + if in.AccessFrom != nil { + in, out := &in.AccessFrom, &out.AccessFrom + *out = new(acl.AccessFrom) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitRepositorySpec. @@ -420,6 +431,11 @@ func (in *HelmChartSpec) DeepCopyInto(out *HelmChartSpec) { *out = make([]string, len(*in)) copy(*out, *in) } + if in.AccessFrom != nil { + in, out := &in.AccessFrom, &out.AccessFrom + *out = new(acl.AccessFrom) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmChartSpec. @@ -533,6 +549,11 @@ func (in *HelmRepositorySpec) DeepCopyInto(out *HelmRepositorySpec) { *out = new(v1.Duration) **out = **in } + if in.AccessFrom != nil { + in, out := &in.AccessFrom, &out.AccessFrom + *out = new(acl.AccessFrom) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmRepositorySpec. diff --git a/config/crd/bases/source.toolkit.fluxcd.io_buckets.yaml b/config/crd/bases/source.toolkit.fluxcd.io_buckets.yaml index d56295d1..f0e37ff6 100644 --- a/config/crd/bases/source.toolkit.fluxcd.io_buckets.yaml +++ b/config/crd/bases/source.toolkit.fluxcd.io_buckets.yaml @@ -45,6 +45,24 @@ spec: spec: description: BucketSpec defines the desired state of an S3 compatible bucket properties: + accessFrom: + description: AccessFrom defines an Access Control List for allowing cross-namespace references to this object. + properties: + namespaceSelectors: + description: NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in this list are evaluated using a logical OR operation. + items: + description: NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels matches all namespaces in a cluster. + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + type: array + required: + - namespaceSelectors + type: object bucketName: description: The bucket name. type: string diff --git a/config/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml b/config/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml index 13e03e21..fee0fb61 100644 --- a/config/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml +++ b/config/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml @@ -47,6 +47,24 @@ spec: spec: description: GitRepositorySpec defines the desired state of a Git repository. properties: + accessFrom: + description: AccessFrom defines an Access Control List for allowing cross-namespace references to this object. + properties: + namespaceSelectors: + description: NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in this list are evaluated using a logical OR operation. + items: + description: NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels matches all namespaces in a cluster. + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + type: array + required: + - namespaceSelectors + type: object gitImplementation: default: go-git description: Determines which git client library to use. Defaults to go-git, valid values are ('go-git', 'libgit2'). diff --git a/config/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml b/config/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml index 250b2e7b..a5380d36 100644 --- a/config/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml +++ b/config/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml @@ -56,6 +56,24 @@ spec: spec: description: HelmChartSpec defines the desired state of a Helm chart. properties: + accessFrom: + description: AccessFrom defines an Access Control List for allowing cross-namespace references to this object. + properties: + namespaceSelectors: + description: NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in this list are evaluated using a logical OR operation. + items: + description: NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels matches all namespaces in a cluster. + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + type: array + required: + - namespaceSelectors + type: object chart: description: The name or path the Helm chart is available at in the SourceRef. type: string diff --git a/config/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml b/config/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml index 5ff669a6..52d496e3 100644 --- a/config/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml +++ b/config/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml @@ -47,6 +47,24 @@ spec: spec: description: HelmRepositorySpec defines the reference to a Helm repository. properties: + accessFrom: + description: AccessFrom defines an Access Control List for allowing cross-namespace references to this object. + properties: + namespaceSelectors: + description: NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in this list are evaluated using a logical OR operation. + items: + description: NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels matches all namespaces in a cluster. + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + type: array + required: + - namespaceSelectors + type: object interval: description: The interval at which to check the upstream for updates. type: string diff --git a/docs/api/source.md b/docs/api/source.md index 8caec265..ba84a7c6 100644 --- a/docs/api/source.md +++ b/docs/api/source.md @@ -200,6 +200,20 @@ bool

This flag tells the controller to suspend the reconciliation of this source.

+ + +accessFrom
+ + +github.com/fluxcd/pkg/apis/acl.AccessFrom + + + + +(Optional) +

AccessFrom defines an Access Control List for allowing cross-namespace references to this object.

+ + @@ -427,6 +441,20 @@ This option is available only when using the ‘go-git’ GitImplementat

Extra git repositories to map into the repository

+ + +accessFrom
+ + +github.com/fluxcd/pkg/apis/acl.AccessFrom + + + + +(Optional) +

AccessFrom defines an Access Control List for allowing cross-namespace references to this object.

+ + @@ -610,6 +638,20 @@ bool

This flag tells the controller to suspend the reconciliation of this source.

+ + +accessFrom
+ + +github.com/fluxcd/pkg/apis/acl.AccessFrom + + + + +(Optional) +

AccessFrom defines an Access Control List for allowing cross-namespace references to this object.

+ + @@ -772,6 +814,20 @@ bool

This flag tells the controller to suspend the reconciliation of this source.

+ + +accessFrom
+ + +github.com/fluxcd/pkg/apis/acl.AccessFrom + + + + +(Optional) +

AccessFrom defines an Access Control List for allowing cross-namespace references to this object.

+ + @@ -1020,6 +1076,20 @@ bool

This flag tells the controller to suspend the reconciliation of this source.

+ + +accessFrom
+ + +github.com/fluxcd/pkg/apis/acl.AccessFrom + + + + +(Optional) +

AccessFrom defines an Access Control List for allowing cross-namespace references to this object.

+ + @@ -1407,6 +1477,20 @@ This option is available only when using the ‘go-git’ GitImplementat

Extra git repositories to map into the repository

+ + +accessFrom
+ + +github.com/fluxcd/pkg/apis/acl.AccessFrom + + + + +(Optional) +

AccessFrom defines an Access Control List for allowing cross-namespace references to this object.

+ + @@ -1683,6 +1767,20 @@ bool

This flag tells the controller to suspend the reconciliation of this source.

+ + +accessFrom
+ + +github.com/fluxcd/pkg/apis/acl.AccessFrom + + + + +(Optional) +

AccessFrom defines an Access Control List for allowing cross-namespace references to this object.

+ + @@ -1878,6 +1976,20 @@ bool

This flag tells the controller to suspend the reconciliation of this source.

+ + +accessFrom
+ + +github.com/fluxcd/pkg/apis/acl.AccessFrom + + + + +(Optional) +

AccessFrom defines an Access Control List for allowing cross-namespace references to this object.

+ + @@ -2032,4 +2144,4 @@ string

Source interface must be supported by all API types.

This page was automatically generated with gen-crd-api-reference-docs

-
\ No newline at end of file + diff --git a/go.sum b/go.sum index a252cf16..9f77e27b 100644 --- a/go.sum +++ b/go.sum @@ -255,6 +255,8 @@ github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/fluxcd/pkg/apis/acl v0.0.1 h1:biCgZMjpDSv3Q4mZPikUJILx3t2MuNXR4Oa5jRQxaNQ= +github.com/fluxcd/pkg/apis/acl v0.0.1/go.mod h1:y3qOXUFObVWk7jzOjubMnr/u18j1kCeSi6olycnxr/E= github.com/fluxcd/pkg/apis/meta v0.10.0 h1:N7wVGHC1cyPdT87hrDC7UwCwRwnZdQM46PBSLjG2rlE= github.com/fluxcd/pkg/apis/meta v0.10.0/go.mod h1:CW9X9ijMTpNe7BwnokiUOrLl/h13miwVr/3abEQLbKE= github.com/fluxcd/pkg/gittestserver v0.4.2 h1:XqoiemTnnUNldnOw8N7OTdalu2iZp1FTRhp9uUauDJQ= diff --git a/hack/api-docs/config.json b/hack/api-docs/config.json index 45c96840..26c4082f 100644 --- a/hack/api-docs/config.json +++ b/hack/api-docs/config.json @@ -22,6 +22,10 @@ { "typeMatchPrefix": "^github.com/fluxcd/pkg/apis/meta", "docsURLTemplate": "https://godoc.org/github.com/fluxcd/pkg/apis/meta#{{ .TypeIdentifier }}" + }, + { + "typeMatchPrefix": "^github.com/fluxcd/pkg/apis/acl", + "docsURLTemplate": "https://godoc.org/github.com/fluxcd/pkg/apis/acl#{{ .TypeIdentifier }}" } ], "typeDisplayNamePrefixOverrides": {