kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add Authorization / RBAC option to schema

This commit is contained in:
Justin Santa Barbara 2017-03-28 13:02:33 -04:00
parent a7a0b38123
commit 533efb7c51
6 changed files with 192 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
pkg/apis/kops/cluster.go
View File

@ -236,10 +236,24 @@ type ClusterSpec struct {
// API field controls how the API is exposed outside the cluster // API field controls how the API is exposed outside the cluster
API *AccessSpec `json:"api,omitempty"` API *AccessSpec `json:"api,omitempty"`
// Authorization field controls how the cluster is configured for authorization
Authorization *AuthorizationSpec `json:"authorization,omitempty"`
// Tags for AWS instance groups // Tags for AWS instance groups
CloudLabels map[string]string `json:"cloudLabels,omitempty"` CloudLabels map[string]string `json:"cloudLabels,omitempty"`
} }
type AuthorizationSpec struct {
RBAC *RBACAuthorizationSpec `json:"rbac,omitempty"`
}
func (s *AuthorizationSpec) IsEmpty() bool {
return s.RBAC == nil
}
type RBACAuthorizationSpec struct {
}
type AccessSpec struct { type AccessSpec struct {
DNS *DNSAccessSpec `json:"dns,omitempty"` DNS *DNSAccessSpec `json:"dns,omitempty"`
LoadBalancer *LoadBalancerAccessSpec `json:"loadBalancer,omitempty"` LoadBalancer *LoadBalancerAccessSpec `json:"loadBalancer,omitempty"`

14
pkg/apis/kops/v1alpha1/cluster.go
View File

@ -234,10 +234,24 @@ type ClusterSpec struct {
// API field controls how the API is exposed outside the cluster // API field controls how the API is exposed outside the cluster
API *AccessSpec `json:"api,omitempty"` API *AccessSpec `json:"api,omitempty"`
// Authorization field controls how the cluster is configured for authorization
Authorization *AuthorizationSpec `json:"authorization,omitempty"`
// Tags for AWS instance groups // Tags for AWS instance groups
CloudLabels map[string]string `json:"cloudLabels,omitempty"` CloudLabels map[string]string `json:"cloudLabels,omitempty"`
} }
type AuthorizationSpec struct {
RBAC *RBACAuthorizationSpec `json:"rbac,omitempty"`
}
func (s *AuthorizationSpec) IsEmpty() bool {
return s.RBAC == nil
}
type RBACAuthorizationSpec struct {
}
type AccessSpec struct { type AccessSpec struct {
DNS *DNSAccessSpec `json:"dns,omitempty"` DNS *DNSAccessSpec `json:"dns,omitempty"`
LoadBalancer *LoadBalancerAccessSpec `json:"loadBalancer,omitempty"` LoadBalancer *LoadBalancerAccessSpec `json:"loadBalancer,omitempty"`

72
pkg/apis/kops/v1alpha1/zz_generated.conversion.go
View File

@ -37,6 +37,8 @@ func RegisterConversions(scheme *runtime.Scheme) error {
return scheme.AddGeneratedConversionFuncs( return scheme.AddGeneratedConversionFuncs(
Convert_v1alpha1_AccessSpec_To_kops_AccessSpec, Convert_v1alpha1_AccessSpec_To_kops_AccessSpec,
Convert_kops_AccessSpec_To_v1alpha1_AccessSpec, Convert_kops_AccessSpec_To_v1alpha1_AccessSpec,
Convert_v1alpha1_AuthorizationSpec_To_kops_AuthorizationSpec,
Convert_kops_AuthorizationSpec_To_v1alpha1_AuthorizationSpec,
Convert_v1alpha1_CNINetworkingSpec_To_kops_CNINetworkingSpec, Convert_v1alpha1_CNINetworkingSpec_To_kops_CNINetworkingSpec,
Convert_kops_CNINetworkingSpec_To_v1alpha1_CNINetworkingSpec, Convert_kops_CNINetworkingSpec_To_v1alpha1_CNINetworkingSpec,
Convert_v1alpha1_CalicoNetworkingSpec_To_kops_CalicoNetworkingSpec, Convert_v1alpha1_CalicoNetworkingSpec_To_kops_CalicoNetworkingSpec,
@ -101,6 +103,8 @@ func RegisterConversions(scheme *runtime.Scheme) error {
Convert_kops_LoadBalancerAccessSpec_To_v1alpha1_LoadBalancerAccessSpec, Convert_kops_LoadBalancerAccessSpec_To_v1alpha1_LoadBalancerAccessSpec,
Convert_v1alpha1_NetworkingSpec_To_kops_NetworkingSpec, Convert_v1alpha1_NetworkingSpec_To_kops_NetworkingSpec,
Convert_kops_NetworkingSpec_To_v1alpha1_NetworkingSpec, Convert_kops_NetworkingSpec_To_v1alpha1_NetworkingSpec,
Convert_v1alpha1_RBACAuthorizationSpec_To_kops_RBACAuthorizationSpec,
Convert_kops_RBACAuthorizationSpec_To_v1alpha1_RBACAuthorizationSpec,
Convert_v1alpha1_WeaveNetworkingSpec_To_kops_WeaveNetworkingSpec, Convert_v1alpha1_WeaveNetworkingSpec_To_kops_WeaveNetworkingSpec,
Convert_kops_WeaveNetworkingSpec_To_v1alpha1_WeaveNetworkingSpec, Convert_kops_WeaveNetworkingSpec_To_v1alpha1_WeaveNetworkingSpec,
) )
@ -158,6 +162,40 @@ func Convert_kops_AccessSpec_To_v1alpha1_AccessSpec(in *kops.AccessSpec, out *Ac
return autoConvert_kops_AccessSpec_To_v1alpha1_AccessSpec(in, out, s) return autoConvert_kops_AccessSpec_To_v1alpha1_AccessSpec(in, out, s)
} }
func autoConvert_v1alpha1_AuthorizationSpec_To_kops_AuthorizationSpec(in *AuthorizationSpec, out *kops.AuthorizationSpec, s conversion.Scope) error {
if in.RBAC != nil {
in, out := &in.RBAC, &out.RBAC
*out = new(kops.RBACAuthorizationSpec)
if err := Convert_v1alpha1_RBACAuthorizationSpec_To_kops_RBACAuthorizationSpec(*in, *out, s); err != nil {
return err
}
} else {
out.RBAC = nil
}
return nil
}
func Convert_v1alpha1_AuthorizationSpec_To_kops_AuthorizationSpec(in *AuthorizationSpec, out *kops.AuthorizationSpec, s conversion.Scope) error {
return autoConvert_v1alpha1_AuthorizationSpec_To_kops_AuthorizationSpec(in, out, s)
}
func autoConvert_kops_AuthorizationSpec_To_v1alpha1_AuthorizationSpec(in *kops.AuthorizationSpec, out *AuthorizationSpec, s conversion.Scope) error {
if in.RBAC != nil {
in, out := &in.RBAC, &out.RBAC
*out = new(RBACAuthorizationSpec)
if err := Convert_kops_RBACAuthorizationSpec_To_v1alpha1_RBACAuthorizationSpec(*in, *out, s); err != nil {
return err
}
} else {
out.RBAC = nil
}
return nil
}
func Convert_kops_AuthorizationSpec_To_v1alpha1_AuthorizationSpec(in *kops.AuthorizationSpec, out *AuthorizationSpec, s conversion.Scope) error {
return autoConvert_kops_AuthorizationSpec_To_v1alpha1_AuthorizationSpec(in, out, s)
}
func autoConvert_v1alpha1_CNINetworkingSpec_To_kops_CNINetworkingSpec(in *CNINetworkingSpec, out *kops.CNINetworkingSpec, s conversion.Scope) error { func autoConvert_v1alpha1_CNINetworkingSpec_To_kops_CNINetworkingSpec(in *CNINetworkingSpec, out *kops.CNINetworkingSpec, s conversion.Scope) error {
return nil return nil
} }
@ -451,6 +489,15 @@ func autoConvert_v1alpha1_ClusterSpec_To_kops_ClusterSpec(in *ClusterSpec, out *
} else { } else {
out.API = nil out.API = nil
} }
if in.Authorization != nil {
in, out := &in.Authorization, &out.Authorization
*out = new(kops.AuthorizationSpec)
if err := Convert_v1alpha1_AuthorizationSpec_To_kops_AuthorizationSpec(*in, *out, s); err != nil {
return err
}
} else {
out.Authorization = nil
}
out.CloudLabels = in.CloudLabels out.CloudLabels = in.CloudLabels
return nil return nil
} }
@ -598,6 +645,15 @@ func autoConvert_kops_ClusterSpec_To_v1alpha1_ClusterSpec(in *kops.ClusterSpec,
} else { } else {
out.API = nil out.API = nil
} }
if in.Authorization != nil {
in, out := &in.Authorization, &out.Authorization
*out = new(AuthorizationSpec)
if err := Convert_kops_AuthorizationSpec_To_v1alpha1_AuthorizationSpec(*in, *out, s); err != nil {
return err
}
} else {
out.Authorization = nil
}
out.CloudLabels = in.CloudLabels out.CloudLabels = in.CloudLabels
return nil return nil
} }
@ -1552,6 +1608,22 @@ func Convert_kops_NetworkingSpec_To_v1alpha1_NetworkingSpec(in *kops.NetworkingS
return autoConvert_kops_NetworkingSpec_To_v1alpha1_NetworkingSpec(in, out, s) return autoConvert_kops_NetworkingSpec_To_v1alpha1_NetworkingSpec(in, out, s)
} }
func autoConvert_v1alpha1_RBACAuthorizationSpec_To_kops_RBACAuthorizationSpec(in *RBACAuthorizationSpec, out *kops.RBACAuthorizationSpec, s conversion.Scope) error {
return nil
}
func Convert_v1alpha1_RBACAuthorizationSpec_To_kops_RBACAuthorizationSpec(in *RBACAuthorizationSpec, out *kops.RBACAuthorizationSpec, s conversion.Scope) error {
return autoConvert_v1alpha1_RBACAuthorizationSpec_To_kops_RBACAuthorizationSpec(in, out, s)
}
func autoConvert_kops_RBACAuthorizationSpec_To_v1alpha1_RBACAuthorizationSpec(in *kops.RBACAuthorizationSpec, out *RBACAuthorizationSpec, s conversion.Scope) error {
return nil
}
func Convert_kops_RBACAuthorizationSpec_To_v1alpha1_RBACAuthorizationSpec(in *kops.RBACAuthorizationSpec, out *RBACAuthorizationSpec, s conversion.Scope) error {
return autoConvert_kops_RBACAuthorizationSpec_To_v1alpha1_RBACAuthorizationSpec(in, out, s)
}
func autoConvert_v1alpha1_WeaveNetworkingSpec_To_kops_WeaveNetworkingSpec(in *WeaveNetworkingSpec, out *kops.WeaveNetworkingSpec, s conversion.Scope) error { func autoConvert_v1alpha1_WeaveNetworkingSpec_To_kops_WeaveNetworkingSpec(in *WeaveNetworkingSpec, out *kops.WeaveNetworkingSpec, s conversion.Scope) error {
return nil return nil
} }

14
pkg/apis/kops/v1alpha2/cluster.go
View File

@ -156,10 +156,24 @@ type ClusterSpec struct {
// API field controls how the API is exposed outside the cluster // API field controls how the API is exposed outside the cluster
API *AccessSpec `json:"api,omitempty"` API *AccessSpec `json:"api,omitempty"`
// Authorization field controls how the cluster is configured for authorization
Authorization *AuthorizationSpec `json:"authorization,omitempty"`
// Tags for AWS resources // Tags for AWS resources
CloudLabels map[string]string `json:"cloudLabels,omitempty"` CloudLabels map[string]string `json:"cloudLabels,omitempty"`
} }
type AuthorizationSpec struct {
RBAC *RBACAuthorizationSpec `json:"rbac,omitempty"`
}
func (s *AuthorizationSpec) IsEmpty() bool {
return s.RBAC == nil
}
type RBACAuthorizationSpec struct {
}
type AccessSpec struct { type AccessSpec struct {
DNS *DNSAccessSpec `json:"dns,omitempty"` DNS *DNSAccessSpec `json:"dns,omitempty"`
LoadBalancer *LoadBalancerAccessSpec `json:"loadBalancer,omitempty"` LoadBalancer *LoadBalancerAccessSpec `json:"loadBalancer,omitempty"`

72
pkg/apis/kops/v1alpha2/zz_generated.conversion.go
View File

@ -37,6 +37,8 @@ func RegisterConversions(scheme *runtime.Scheme) error {
return scheme.AddGeneratedConversionFuncs( return scheme.AddGeneratedConversionFuncs(
Convert_v1alpha2_AccessSpec_To_kops_AccessSpec, Convert_v1alpha2_AccessSpec_To_kops_AccessSpec,
Convert_kops_AccessSpec_To_v1alpha2_AccessSpec, Convert_kops_AccessSpec_To_v1alpha2_AccessSpec,
Convert_v1alpha2_AuthorizationSpec_To_kops_AuthorizationSpec,
Convert_kops_AuthorizationSpec_To_v1alpha2_AuthorizationSpec,
Convert_v1alpha2_BastionSpec_To_kops_BastionSpec, Convert_v1alpha2_BastionSpec_To_kops_BastionSpec,
Convert_kops_BastionSpec_To_v1alpha2_BastionSpec, Convert_kops_BastionSpec_To_v1alpha2_BastionSpec,
Convert_v1alpha2_CNINetworkingSpec_To_kops_CNINetworkingSpec, Convert_v1alpha2_CNINetworkingSpec_To_kops_CNINetworkingSpec,
@ -105,6 +107,8 @@ func RegisterConversions(scheme *runtime.Scheme) error {
Convert_kops_LoadBalancerAccessSpec_To_v1alpha2_LoadBalancerAccessSpec, Convert_kops_LoadBalancerAccessSpec_To_v1alpha2_LoadBalancerAccessSpec,
Convert_v1alpha2_NetworkingSpec_To_kops_NetworkingSpec, Convert_v1alpha2_NetworkingSpec_To_kops_NetworkingSpec,
Convert_kops_NetworkingSpec_To_v1alpha2_NetworkingSpec, Convert_kops_NetworkingSpec_To_v1alpha2_NetworkingSpec,
Convert_v1alpha2_RBACAuthorizationSpec_To_kops_RBACAuthorizationSpec,
Convert_kops_RBACAuthorizationSpec_To_v1alpha2_RBACAuthorizationSpec,
Convert_v1alpha2_TopologySpec_To_kops_TopologySpec, Convert_v1alpha2_TopologySpec_To_kops_TopologySpec,
Convert_kops_TopologySpec_To_v1alpha2_TopologySpec, Convert_kops_TopologySpec_To_v1alpha2_TopologySpec,
Convert_v1alpha2_WeaveNetworkingSpec_To_kops_WeaveNetworkingSpec, Convert_v1alpha2_WeaveNetworkingSpec_To_kops_WeaveNetworkingSpec,
@ -164,6 +168,40 @@ func Convert_kops_AccessSpec_To_v1alpha2_AccessSpec(in *kops.AccessSpec, out *Ac
return autoConvert_kops_AccessSpec_To_v1alpha2_AccessSpec(in, out, s) return autoConvert_kops_AccessSpec_To_v1alpha2_AccessSpec(in, out, s)
} }
func autoConvert_v1alpha2_AuthorizationSpec_To_kops_AuthorizationSpec(in *AuthorizationSpec, out *kops.AuthorizationSpec, s conversion.Scope) error {
if in.RBAC != nil {
in, out := &in.RBAC, &out.RBAC
*out = new(kops.RBACAuthorizationSpec)
if err := Convert_v1alpha2_RBACAuthorizationSpec_To_kops_RBACAuthorizationSpec(*in, *out, s); err != nil {
return err
}
} else {
out.RBAC = nil
}
return nil
}
func Convert_v1alpha2_AuthorizationSpec_To_kops_AuthorizationSpec(in *AuthorizationSpec, out *kops.AuthorizationSpec, s conversion.Scope) error {
return autoConvert_v1alpha2_AuthorizationSpec_To_kops_AuthorizationSpec(in, out, s)
}
func autoConvert_kops_AuthorizationSpec_To_v1alpha2_AuthorizationSpec(in *kops.AuthorizationSpec, out *AuthorizationSpec, s conversion.Scope) error {
if in.RBAC != nil {
in, out := &in.RBAC, &out.RBAC
*out = new(RBACAuthorizationSpec)
if err := Convert_kops_RBACAuthorizationSpec_To_v1alpha2_RBACAuthorizationSpec(*in, *out, s); err != nil {
return err
}
} else {
out.RBAC = nil
}
return nil
}
func Convert_kops_AuthorizationSpec_To_v1alpha2_AuthorizationSpec(in *kops.AuthorizationSpec, out *AuthorizationSpec, s conversion.Scope) error {
return autoConvert_kops_AuthorizationSpec_To_v1alpha2_AuthorizationSpec(in, out, s)
}
func autoConvert_v1alpha2_BastionSpec_To_kops_BastionSpec(in *BastionSpec, out *kops.BastionSpec, s conversion.Scope) error { func autoConvert_v1alpha2_BastionSpec_To_kops_BastionSpec(in *BastionSpec, out *kops.BastionSpec, s conversion.Scope) error {
out.BastionPublicName = in.BastionPublicName out.BastionPublicName = in.BastionPublicName
out.IdleTimeoutSeconds = in.IdleTimeoutSeconds out.IdleTimeoutSeconds = in.IdleTimeoutSeconds
@ -487,6 +525,15 @@ func autoConvert_v1alpha2_ClusterSpec_To_kops_ClusterSpec(in *ClusterSpec, out *
} else { } else {
out.API = nil out.API = nil
} }
if in.Authorization != nil {
in, out := &in.Authorization, &out.Authorization
*out = new(kops.AuthorizationSpec)
if err := Convert_v1alpha2_AuthorizationSpec_To_kops_AuthorizationSpec(*in, *out, s); err != nil {
return err
}
} else {
out.Authorization = nil
}
out.CloudLabels = in.CloudLabels out.CloudLabels = in.CloudLabels
return nil return nil
} }
@ -648,6 +695,15 @@ func autoConvert_kops_ClusterSpec_To_v1alpha2_ClusterSpec(in *kops.ClusterSpec,
} else { } else {
out.API = nil out.API = nil
} }
if in.Authorization != nil {
in, out := &in.Authorization, &out.Authorization
*out = new(AuthorizationSpec)
if err := Convert_kops_AuthorizationSpec_To_v1alpha2_AuthorizationSpec(*in, *out, s); err != nil {
return err
}
} else {
out.Authorization = nil
}
out.CloudLabels = in.CloudLabels out.CloudLabels = in.CloudLabels
return nil return nil
} }
@ -1650,6 +1706,22 @@ func Convert_kops_NetworkingSpec_To_v1alpha2_NetworkingSpec(in *kops.NetworkingS
return autoConvert_kops_NetworkingSpec_To_v1alpha2_NetworkingSpec(in, out, s) return autoConvert_kops_NetworkingSpec_To_v1alpha2_NetworkingSpec(in, out, s)
} }
func autoConvert_v1alpha2_RBACAuthorizationSpec_To_kops_RBACAuthorizationSpec(in *RBACAuthorizationSpec, out *kops.RBACAuthorizationSpec, s conversion.Scope) error {
return nil
}
func Convert_v1alpha2_RBACAuthorizationSpec_To_kops_RBACAuthorizationSpec(in *RBACAuthorizationSpec, out *kops.RBACAuthorizationSpec, s conversion.Scope) error {
return autoConvert_v1alpha2_RBACAuthorizationSpec_To_kops_RBACAuthorizationSpec(in, out, s)
}
func autoConvert_kops_RBACAuthorizationSpec_To_v1alpha2_RBACAuthorizationSpec(in *kops.RBACAuthorizationSpec, out *RBACAuthorizationSpec, s conversion.Scope) error {
return nil
}
func Convert_kops_RBACAuthorizationSpec_To_v1alpha2_RBACAuthorizationSpec(in *kops.RBACAuthorizationSpec, out *RBACAuthorizationSpec, s conversion.Scope) error {
return autoConvert_kops_RBACAuthorizationSpec_To_v1alpha2_RBACAuthorizationSpec(in, out, s)
}
func autoConvert_v1alpha2_TopologySpec_To_kops_TopologySpec(in *TopologySpec, out *kops.TopologySpec, s conversion.Scope) error { func autoConvert_v1alpha2_TopologySpec_To_kops_TopologySpec(in *TopologySpec, out *kops.TopologySpec, s conversion.Scope) error {
out.Masters = in.Masters out.Masters = in.Masters
out.Nodes = in.Nodes out.Nodes = in.Nodes

6
pkg/model/components/apiserver.go
View File

@ -75,6 +75,12 @@ func (b *KubeAPIServerOptionsBuilder) BuildOptions(o interface{}) error {
} }
} }
if clusterSpec.Authorization != nil {
if clusterSpec.Authorization.RBAC != nil {
clusterSpec.KubeAPIServer.AuthorizationMode = fi.String("RBAC")
}
}
return nil return nil
} }