From 6452f8cc29fafed9ac29c181045f22a4515a94bc Mon Sep 17 00:00:00 2001 From: Marc Nuri Date: Wed, 2 Oct 2024 20:17:51 +0800 Subject: [PATCH] feat(openapi): add schemas for misc types Signed-off-by: Marc Nuri --- .../openapi/generator/cmd/openapi.go | 19 +- .../openapi/generator/go.mod | 3 +- .../openapi/generator/go.sum | 6 +- .../generator/pkg/openshift/openshift.go | 2 + .../generator/tools/generator/openapi.go | 4 + .../openapi/schemas/openshift-generated.json | 973 ++++++++++++++++++ 6 files changed, 1002 insertions(+), 5 deletions(-) diff --git a/kubernetes-model-generator/openapi/generator/cmd/openapi.go b/kubernetes-model-generator/openapi/generator/cmd/openapi.go index be4b17c7797..8547147e672 100644 --- a/kubernetes-model-generator/openapi/generator/cmd/openapi.go +++ b/kubernetes-model-generator/openapi/generator/cmd/openapi.go @@ -22,9 +22,15 @@ import ( "github.com/fabric8io/kubernetes-client/kubernetes-model-generator/openapi/generator/pkg/openapi" "github.com/fabric8io/kubernetes-client/kubernetes-model-generator/openapi/generator/pkg/openshift" "github.com/fabric8io/kubernetes-client/kubernetes-model-generator/openapi/generator/pkg/parser" + //openshiftbaremetaloperatorv1alpha1 "github.com/metal3-io/baremetal-operator/apis/metal3.io/v1alpha1" + openshiftcloudcredentialoperatorv1 "github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1" + openshiftclusternetworkoperatorv1 "github.com/openshift/cluster-network-operator/pkg/apis/network/v1" + operatorframeworkv1 "github.com/operator-framework/api/pkg/operators/v1" + operatorframeworkv1alpha1 "github.com/operator-framework/api/pkg/operators/v1alpha1" + olm "github.com/operator-framework/operator-lifecycle-manager/pkg/package-server/apis/operators/v1" "time" - //"github.com/openshift/api/openapi/generated_openapi" + openshiftconfigv1 "github.com/openshift/api/config/v1" "github.com/spf13/cobra" "k8s.io/kube-openapi/pkg/common" "k8s.io/kube-openapi/pkg/validation/spec" @@ -42,7 +48,16 @@ func init() { var openApiRun = func(cobraCmd *cobra.Command, args []string) { startTime := time.Now() - fmt.Printf("OpenAPI JSON schema generation started...\n") + fmt.Printf("OpenAPI JSON schema generation started...\n%s\n", []string{ + // Force imports so that modules are present in go.mod + openshiftconfigv1.SchemeGroupVersion.String(), + //openshiftbaremetaloperatorv1alpha1.GroupVersion.String(), + operatorframeworkv1alpha1.SchemeGroupVersion.String(), + operatorframeworkv1.GroupVersion.String(), + openshiftclusternetworkoperatorv1.GroupVersion.String(), + openshiftcloudcredentialoperatorv1.GroupVersion.String(), + olm.SchemeGroupVersion.String(), + }) var targetDirectory string if len(args) > 0 { targetDirectory = args[0] diff --git a/kubernetes-model-generator/openapi/generator/go.mod b/kubernetes-model-generator/openapi/generator/go.mod index 2249a7b669f..a6b20710a9d 100644 --- a/kubernetes-model-generator/openapi/generator/go.mod +++ b/kubernetes-model-generator/openapi/generator/go.mod @@ -8,9 +8,10 @@ require ( github.com/getkin/kin-openapi v0.125.0 // Match latest commit in the version branch (e.g. release-4.17) github.com/openshift/api v3.9.0+incompatible + github.com/openshift/cloud-credential-operator v0.0.0-20240910052617-d668c182b0e3 github.com/openshift/cluster-network-operator v0.0.0-20240912134426-a3188633549d github.com/operator-framework/api v0.27.0 - github.com/operator-framework/operator-lifecycle-manager v0.22.0 + github.com/operator-framework/operator-lifecycle-manager v0.0.0-00010101000000-000000000000 github.com/spf13/cobra v1.8.1 k8s.io/api v0.31.1 k8s.io/apiextensions-apiserver v0.31.1 diff --git a/kubernetes-model-generator/openapi/generator/go.sum b/kubernetes-model-generator/openapi/generator/go.sum index f71f35d28c8..d5ae7c6ad5d 100644 --- a/kubernetes-model-generator/openapi/generator/go.sum +++ b/kubernetes-model-generator/openapi/generator/go.sum @@ -196,6 +196,8 @@ github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQ github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/openshift/cloud-credential-operator v0.0.0-20240910052617-d668c182b0e3 h1:WQH/wm0E1I3zrmCnHtpaeaYduJalzL9qpDwAFLLVTNk= +github.com/openshift/cloud-credential-operator v0.0.0-20240910052617-d668c182b0e3/go.mod h1:4AWWBNPuWzPtT77xDONlObrazPlBCKXd+16lupnIrQc= github.com/openshift/cluster-network-operator v0.0.0-20240912134426-a3188633549d h1:9Xf/80gDpRc33FwCEJ6L2/DF1yU/4L6QjoYxKexDzvo= github.com/openshift/cluster-network-operator v0.0.0-20240912134426-a3188633549d/go.mod h1:qeN8u3CfzClFoykTdlvn0kKngBuVmb3VvWHA51UxiOI= github.com/operator-framework/operator-registry v1.47.0 h1:Imr7X/W6FmXczwpIOXfnX8d6Snr1dzwWxkMG+lLAfhg= @@ -341,8 +343,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de h1:F6qOa9AZTYJXOUEr4jDysRDLrm4PHePlge4v4TGAlxY= -google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo= +google.golang.org/genproto v0.0.0-20240311173647-c811ad7063a7 h1:ImUcDPHjTrAqNhlOkSocDLfG9rrNHH7w7uoKWPaWZ8s= +google.golang.org/genproto v0.0.0-20240311173647-c811ad7063a7/go.mod h1:/3XmxOjePkvmKrHuBy4zNFw7IzxJXtAgdpXi8Ll990U= google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 h1:+rdxYoE3E5htTEWIe15GlN6IfvbURM//Jt0mmkmm6ZU= google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117/go.mod h1:OimBR/bc1wPO9iV4NC2bpyjy3VnAwZh5EBPQdtaE5oo= google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA= diff --git a/kubernetes-model-generator/openapi/generator/pkg/openshift/openshift.go b/kubernetes-model-generator/openapi/generator/pkg/openshift/openshift.go index e9787466a15..5a5e4e65439 100644 --- a/kubernetes-model-generator/openapi/generator/pkg/openshift/openshift.go +++ b/kubernetes-model-generator/openapi/generator/pkg/openshift/openshift.go @@ -25,7 +25,9 @@ var PackagePatterns = []string{ // OpenShift APIs "github.com/openshift/api/.../v...", // CRDs don't provide info for reused types + //"github.com/metal3-io/baremetal-operator/apis/metal3.io/v...", "github.com/operator-framework/api/pkg/operators/v...", "github.com/operator-framework/operator-lifecycle-manager/pkg/package-server/apis/operators/v...", "github.com/openshift/cluster-network-operator/pkg/apis/.../v...", + "github.com/openshift/cloud-credential-operator/pkg/apis/.../v...", } diff --git a/kubernetes-model-generator/openapi/generator/tools/generator/openapi.go b/kubernetes-model-generator/openapi/generator/tools/generator/openapi.go index c1eb83b05be..8cd75692663 100644 --- a/kubernetes-model-generator/openapi/generator/tools/generator/openapi.go +++ b/kubernetes-model-generator/openapi/generator/tools/generator/openapi.go @@ -22,6 +22,8 @@ import ( "fmt" "github.com/fabric8io/kubernetes-client/kubernetes-model-generator/openapi/generator/pkg/openapi" "github.com/fabric8io/kubernetes-client/kubernetes-model-generator/openapi/generator/pkg/openshift" + //openshiftbaremetaloperatorv1alpha1 "github.com/metal3-io/baremetal-operator/apis/metal3.io/v1alpha1" + openshiftcloudcredentialoperatorv1 "github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1" openshiftclusternetworkoperatorv1 "github.com/openshift/cluster-network-operator/pkg/apis/network/v1" operatorframeworkv1 "github.com/operator-framework/api/pkg/operators/v1" operatorframeworkv1alpha1 "github.com/operator-framework/api/pkg/operators/v1alpha1" @@ -36,7 +38,9 @@ func main() { // Force imports so that modules are present in go.mod operatorframeworkv1alpha1.SchemeGroupVersion.String(), operatorframeworkv1.GroupVersion.String(), + //openshiftbaremetaloperatorv1alpha1.GroupVersion.String(), openshiftclusternetworkoperatorv1.GroupVersion.String(), + openshiftcloudcredentialoperatorv1.GroupVersion.String(), olm.SchemeGroupVersion.String(), }) err := (&openapi.GoGenerator{ diff --git a/kubernetes-model-generator/openapi/schemas/openshift-generated.json b/kubernetes-model-generator/openapi/schemas/openshift-generated.json index 922b7f730e5..f0bd9eb2c77 100644 --- a/kubernetes-model-generator/openapi/schemas/openshift-generated.json +++ b/kubernetes-model-generator/openapi/schemas/openshift-generated.json @@ -46215,6 +46215,979 @@ "Scope": "Namespaced" } }, + "io.openshift.cloudcredential.v1.AWSProviderSpec": { + "description": "AWSProviderSpec contains the required information to create a user policy in AWS.", + "type": "object", + "required": [ + "statementEntries" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "statementEntries": { + "description": "StatementEntries contains a list of policy statements that should be associated with this credentials access key.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.openshift.cloudcredential.v1.StatementEntry" + } + }, + "stsIAMRoleARN": { + "description": "stsIAMRoleARN is the Amazon Resource Name (ARN) of an IAM Role which was created manually for the associated CredentialsRequest. The presence of an stsIAMRoleARN within the AWSProviderSpec initiates creation of a secret containing IAM Role details necessary for assuming the IAM Role via Amazon's Secure Token Service.", + "type": "string" + } + }, + "x-fabric8-info": { + "Type": "object", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "AWSProviderSpec", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.AWSProviderStatus": { + "description": "AWSProviderStatus containes the status of the credentials request in AWS.", + "type": "object", + "required": [ + "user", + "policy" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "policy": { + "description": "Policy is the name of the policy attached to the user in AWS.", + "type": "string", + "default": "" + }, + "user": { + "description": "User is the name of the User created in AWS for these credentials.", + "type": "string", + "default": "" + } + }, + "x-fabric8-info": { + "Type": "object", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "AWSProviderStatus", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.AccessPolicy": { + "description": "AccessPolicy is a definition of an IAM access policy", + "type": "object", + "required": [ + "attributes", + "roles" + ], + "properties": { + "attributes": { + "description": "Attributes identify the resources to which this policy applies", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.openshift.cloudcredential.v1.ResourceAttribute" + } + }, + "roles": { + "description": "Roles are the IAM roles assigned to this policy", + "type": "array", + "items": { + "type": "string", + "default": "" + } + } + }, + "x-fabric8-info": { + "Type": "nested", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "AccessPolicy", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.AzureProviderSpec": { + "description": "AzureProviderSpec contains the required information to create RBAC role bindings for Azure.", + "type": "object", + "required": [ + "roleBindings" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "azureClientID": { + "description": "The following fields are only required for Azure Workload Identity. AzureClientID is the ID of the specific application you created in Azure", + "type": "string" + }, + "azureRegion": { + "description": "AzureRegion is the geographic region of the Azure service.", + "type": "string" + }, + "azureSubscriptionID": { + "description": "Each Azure subscription has an ID associated with it, as does the tenant to which a subscription belongs. AzureSubscriptionID is the ID of the subscription.", + "type": "string" + }, + "azureTenantID": { + "description": "AzureTenantID is the ID of the tenant to which the subscription belongs.", + "type": "string" + }, + "dataPermissions": { + "description": "DataPermissions is the list of Azure data permissions required to create a more fine-grained custom role to satisfy the CredentialsRequest. The DataPermissions field may be provided in addition to RoleBindings. When both fields are specified, the user-assigned managed identity will have union of permissions defined from both DataPermissions and RoleBindings.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "permissions": { + "description": "Permissions is the list of Azure permissions required to create a more fine-grained custom role to satisfy the CredentialsRequest. The Permissions field may be provided in addition to RoleBindings. When both fields are specified, the user-assigned managed identity will have union of permissions defined from both Permissions and RoleBindings.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "roleBindings": { + "description": "RoleBindings contains a list of roles that should be associated with the minted credential.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.openshift.cloudcredential.v1.RoleBinding" + } + } + }, + "x-fabric8-info": { + "Type": "object", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "AzureProviderSpec", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.AzureProviderStatus": { + "description": "AzureProviderStatus contains the status of the credentials request in Azure.", + "type": "object", + "required": [ + "name", + "appID", + "secretLastResourceVersion" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "appID": { + "description": "AppID is the application id of the service principal created in Azure for these credentials.", + "type": "string", + "default": "" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "ServicePrincipalName is the name of the service principal created in Azure for these credentials.", + "type": "string", + "default": "" + }, + "secretLastResourceVersion": { + "description": "SecretLastResourceVersion is the resource version of the secret resource that was last synced. Used to determine if the object has changed and requires a sync.", + "type": "string", + "default": "" + } + }, + "x-fabric8-info": { + "Type": "object", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "AzureProviderStatus", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.CredentialsRequest": { + "description": "CredentialsRequest is the Schema for the credentialsrequests API", + "type": "object", + "required": [ + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "default": {}, + "$ref": "#/definitions/io.openshift.cloudcredential.v1.CredentialsRequestSpec" + }, + "status": { + "default": {}, + "$ref": "#/definitions/io.openshift.cloudcredential.v1.CredentialsRequestStatus" + } + }, + "x-fabric8-info": { + "Type": "object", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "CredentialsRequest", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.CredentialsRequestCondition": { + "description": "CredentialsRequestCondition contains details for any of the conditions on a CredentialsRequest object", + "type": "object", + "required": [ + "type", + "status" + ], + "properties": { + "lastProbeTime": { + "description": "LastProbeTime is the last time we probed the condition", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "lastTransitionTime": { + "description": "LastTransitionTime is the last time the condition transitioned from one status to another.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "message": { + "description": "Message is a human-readable message indicating details about the last transition", + "type": "string" + }, + "reason": { + "description": "Reason is a unique, one-word, CamelCase reason for the condition's last transition", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition", + "type": "string", + "default": "" + }, + "type": { + "description": "Type is the specific type of the condition", + "type": "string", + "default": "" + } + }, + "x-fabric8-info": { + "Type": "nested", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "CredentialsRequestCondition", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.CredentialsRequestList": { + "description": "CredentialsRequestList contains a list of CredentialsRequest", + "type": "object", + "required": [ + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.openshift.cloudcredential.v1.CredentialsRequest" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + }, + "x-fabric8-info": { + "Type": "list", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "CredentialsRequestList", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.CredentialsRequestSpec": { + "description": "CredentialsRequestSpec defines the desired state of CredentialsRequest", + "type": "object", + "required": [ + "secretRef" + ], + "properties": { + "cloudTokenPath": { + "description": "cloudTokenPath is the path where the Kubernetes ServiceAccount token (JSON Web Token) is mounted on the deployment for the workload requesting a credentials secret. The presence of this field in combination with fields such as spec.providerSpec.stsIAMRoleARN indicate that CCO should broker creation of a credentials secret containing fields necessary for token based authentication methods such as with the AWS Secure Token Service (STS).\n\ncloudTokenPath may also be used to specify the azure_federated_token_file path used in Azure configuration secrets generated by ccoctl. Defaults to \"/var/run/secrets/openshift/serviceaccount/token\".", + "type": "string" + }, + "providerSpec": { + "description": "ProviderSpec contains the cloud provider specific credentials specification.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + }, + "secretRef": { + "description": "SecretRef points to the secret where the credentials should be stored once generated.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + }, + "serviceAccountNames": { + "description": "ServiceAccountNames contains a list of ServiceAccounts that will use permissions associated with this CredentialsRequest. This is not used by CCO, but the information is needed for being able to properly set up access control in the cloud provider when the ServiceAccounts are used as part of the cloud credentials flow.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + } + }, + "x-fabric8-info": { + "Type": "nested", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "CredentialsRequestSpec", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.CredentialsRequestStatus": { + "description": "CredentialsRequestStatus defines the observed state of CredentialsRequest", + "type": "object", + "required": [ + "provisioned", + "lastSyncGeneration" + ], + "properties": { + "conditions": { + "description": "Conditions includes detailed status for the CredentialsRequest", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.openshift.cloudcredential.v1.CredentialsRequestCondition" + } + }, + "lastSyncCloudCredsSecretResourceVersion": { + "description": "LastSyncCloudCredsSecretResourceVersion is the resource version of the cloud credentials secret resource when the credentials request resource was last synced. Used to determine if the cloud credentials have been updated since the last sync.", + "type": "string" + }, + "lastSyncGeneration": { + "description": "LastSyncGeneration is the generation of the credentials request resource that was last synced. Used to determine if the object has changed and requires a sync.", + "type": "integer", + "format": "int64", + "default": 0 + }, + "lastSyncTimestamp": { + "description": "LastSyncTimestamp is the time that the credentials were last synced.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "providerStatus": { + "description": "ProviderStatus contains cloud provider specific status.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + }, + "provisioned": { + "description": "Provisioned is true once the credentials have been initially provisioned.", + "type": "boolean", + "default": false + } + }, + "x-fabric8-info": { + "Type": "nested", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "CredentialsRequestStatus", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.GCPProviderSpec": { + "description": "GCPProviderSpec contains the required information to create a service account with policy bindings in GCP.", + "type": "object", + "required": [ + "predefinedRoles" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "audience": { + "description": "Audience that will be used with Workload Identity Federation. It should be formatted as follows: \"//iam.googleapis.com/projects/\u003cPROJECT_NUMBER\u003e/locations/global/workloadIdentityPools/\u003cPOOL_ID\u003e/providers/\u003cPROVIDER_ID\u003e\" For more information see https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#create-credential-config", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "permissions": { + "description": "Permissions is the list of GCP permissions required to create a more fine-grained custom role to satisfy the CredentialsRequest. The Permissions field may be provided in addition to PredefinedRoles. When both fields are specified, the service account will have union of permissions defined from both Permissions and PredefinedRoles.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "predefinedRoles": { + "description": "PredefinedRoles is the list of GCP pre-defined roles that the CredentialsRequest requires.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "serviceAccountEmail": { + "description": "ServiceAccountEmail that will be impersonated during Workload Identity Federation.", + "type": "string" + }, + "skipServiceCheck": { + "description": "SkipServiceCheck can be set to true to skip the check whether the requested roles or permissions have the necessary services enabled", + "type": "boolean" + } + }, + "x-fabric8-info": { + "Type": "object", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "GCPProviderSpec", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.GCPProviderStatus": { + "description": "GCPProviderStatus contains the status of the GCP credentials request.", + "type": "object", + "required": [ + "serviceAccountID" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "roleID": { + "description": "RoleID is the ID of the custom role created in GCP for the requested permissions apart from permissions granted by the pre-defined roles. RoleID is set by the Cloud Credential Operator controllers and should not be set manually.", + "type": "string" + }, + "serviceAccountID": { + "description": "ServiceAccountID is the ID of the service account created in GCP for the requested credentials.", + "type": "string", + "default": "" + } + }, + "x-fabric8-info": { + "Type": "object", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "GCPProviderStatus", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.IBMCloudPowerVSProviderSpec": { + "description": "IBMCloudPowerVSProviderSpec is the specification of the credentials request in IBM Cloud Power VS.", + "type": "object", + "required": [ + "policies" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "policies": { + "description": "Policies are a list of access policies to create for the generated credentials", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.openshift.cloudcredential.v1.AccessPolicy" + } + } + }, + "x-fabric8-info": { + "Type": "object", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "IBMCloudPowerVSProviderSpec", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.IBMCloudPowerVSProviderStatus": { + "description": "IBMCloudPowerVSProviderStatus contains the status of the IBM Cloud Power VS credentials request.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + } + }, + "x-fabric8-info": { + "Type": "object", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "IBMCloudPowerVSProviderStatus", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.IBMCloudProviderSpec": { + "description": "IBMCloudProviderSpec is the specification of the credentials request in IBM Cloud.", + "type": "object", + "required": [ + "policies" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "policies": { + "description": "Policies are a list of access policies to create for the generated credentials", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.openshift.cloudcredential.v1.AccessPolicy" + } + } + }, + "x-fabric8-info": { + "Type": "object", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "IBMCloudProviderSpec", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.IBMCloudProviderStatus": { + "description": "IBMCloudProviderStatus contains the status of the IBM Cloud credentials request.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + } + }, + "x-fabric8-info": { + "Type": "object", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "IBMCloudProviderStatus", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.KubevirtProviderSpec": { + "description": "KubevirtProviderSpec the specification of the credentials request in Kubevirt.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + } + }, + "x-fabric8-info": { + "Type": "object", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "KubevirtProviderSpec", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.KubevirtProviderStatus": { + "description": "KubevirtProviderSpec contains the status of the credentials request in Kubevirt.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + } + }, + "x-fabric8-info": { + "Type": "object", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "KubevirtProviderStatus", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.NutanixProviderSpec": { + "description": "NutanixProviderSpec the specification of the credentials request in Nutanix.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + } + }, + "x-fabric8-info": { + "Type": "object", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "NutanixProviderSpec", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.NutanixProviderStatus": { + "description": "NutanixProviderStatus contains the status of the credentials request in Nutanix.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + } + }, + "x-fabric8-info": { + "Type": "object", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "NutanixProviderStatus", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.OpenStackProviderSpec": { + "description": "OpenStackProviderSpec the specification of the credentials request in OpenStack.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + } + }, + "x-fabric8-info": { + "Type": "object", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "OpenStackProviderSpec", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.OpenStackProviderStatus": { + "description": "OpenStackProviderStatus contains the status of the credentials request in OpenStack.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + } + }, + "x-fabric8-info": { + "Type": "object", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "OpenStackProviderStatus", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.OvirtProviderSpec": { + "description": "OvirtProviderSpec the specification of the credentials request in Ovirt.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + } + }, + "x-fabric8-info": { + "Type": "object", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "OvirtProviderSpec", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.OvirtProviderStatus": { + "description": "OvirtProviderStatus contains the status of the credentials request in Ovirt.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + } + }, + "x-fabric8-info": { + "Type": "object", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "OvirtProviderStatus", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.ProviderCodec": { + "description": "ProviderCodec is a runtime codec for providers.", + "type": "object", + "required": [ + "encoder", + "decoder" + ], + "properties": { + "decoder": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.Decoder" + }, + "encoder": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.Encoder" + } + }, + "x-fabric8-info": { + "Type": "nested", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "ProviderCodec", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.ResourceAttribute": { + "description": "ResourceAttribute is an attribute associated with a resource.", + "type": "object", + "required": [ + "name", + "value" + ], + "properties": { + "name": { + "description": "Name is the name of an attribute.", + "type": "string", + "default": "" + }, + "operator": { + "description": "Operator is the operator of an attribute.", + "type": "string" + }, + "value": { + "description": "Value is the value of an attribute.", + "type": "string", + "default": "" + } + }, + "x-fabric8-info": { + "Type": "nested", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "ResourceAttribute", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.RoleBinding": { + "description": "RoleBinding models part of the Azure RBAC Role Binding", + "type": "object", + "required": [ + "role" + ], + "properties": { + "role": { + "description": "Role defines a set of permissions that should be associated with the minted credential.", + "type": "string", + "default": "" + } + }, + "x-fabric8-info": { + "Type": "nested", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "RoleBinding", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.StatementEntry": { + "description": "StatementEntry models an AWS policy statement entry.", + "type": "object", + "required": [ + "effect", + "action", + "resource" + ], + "properties": { + "action": { + "description": "Action describes the particular AWS service actions that should be allowed or denied. (i.e. ec2:StartInstances, iam:ChangePassword)", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "effect": { + "description": "Effect indicates if this policy statement is to Allow or Deny.", + "type": "string", + "default": "" + }, + "policyCondition": { + "description": "PolicyCondition specifies under which condition StatementEntry will apply", + "type": "object", + "additionalProperties": { + "type": "object", + "additionalProperties": { + "type": "object" + } + } + }, + "resource": { + "description": "Resource specifies the object(s) this statement should apply to. (or \"*\" for all)", + "type": "string", + "default": "" + } + }, + "x-fabric8-info": { + "Type": "nested", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "StatementEntry", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.VSpherePermission": { + "description": "VSpherePermission captures the details of the privileges being requested for the list of entities.", + "type": "object", + "required": [ + "privileges" + ], + "properties": { + "privileges": { + "description": "Privileges is the list of access being requested.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + } + }, + "x-fabric8-info": { + "Type": "nested", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "VSpherePermission", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.VSphereProviderSpec": { + "description": "VSphereProviderSpec contains the required information to create RBAC role bindings for VSphere.", + "type": "object", + "required": [ + "permissions" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "permissions": { + "description": "Permissions contains a list of groups of privileges that are being requested.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.openshift.cloudcredential.v1.VSpherePermission" + } + } + }, + "x-fabric8-info": { + "Type": "object", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "VSphereProviderSpec", + "Scope": "Namespaced" + } + }, + "io.openshift.cloudcredential.v1.VSphereProviderStatus": { + "description": "VSphereProviderStatus contains the status of the credentials request in VSphere.", + "type": "object", + "required": [ + "secretLastResourceVersion" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "secretLastResourceVersion": { + "description": "SecretLastResourceVersion is the resource version of the secret resource that was last synced. Used to determine if the object has changed and requires a sync.", + "type": "string", + "default": "" + } + }, + "x-fabric8-info": { + "Type": "object", + "Group": "cloudcredential.openshift.io", + "Version": "v1", + "Kind": "VSphereProviderStatus", + "Scope": "Namespaced" + } + }, "io.openshift.config.kubecontrolplane.v1.AggregatorConfig": { "description": "AggregatorConfig holds information required to make the aggregator function.", "type": "object",