From e2fe59e8c6e6e074b6b9e6058dac5ce0da24fdd9 Mon Sep 17 00:00:00 2001 From: Josh Michielsen Date: Tue, 18 Apr 2023 13:42:06 +0100 Subject: [PATCH] add target.mpas.ocm.software CRD & update boilerplate values (#1) --- Makefile | 2 +- PROJECT | 8 + api/v1alpha1/groupversion_info.go | 18 +-- api/v1alpha1/project_types.go | 18 +-- api/v1alpha1/target_types.go | 69 ++++++++ api/v1alpha1/zz_generated.deepcopy.go | 147 ++++++++++++++++-- .../crd/bases/mpas.ocm.software_targets.yaml | 74 +++++++++ config/crd/kustomization.yaml | 3 + .../crd/patches/cainjection_in_targets.yaml | 7 + config/crd/patches/webhook_in_targets.yaml | 16 ++ config/default/kustomization.yaml | 10 -- config/manager/manager.yaml | 43 +---- config/prometheus/kustomization.yaml | 2 - config/prometheus/monitor.yaml | 26 ---- config/rbac/leader_election_role.yaml | 4 +- config/rbac/leader_election_role_binding.yaml | 6 +- config/rbac/role.yaml | 2 +- config/rbac/role_binding.yaml | 4 +- config/rbac/service_account.yaml | 4 +- config/rbac/target_editor_role.yaml | 31 ++++ config/rbac/target_viewer_role.yaml | 27 ++++ config/samples/mpas_v1alpha1_target.yaml | 12 ++ controllers/project_controller.go | 18 +-- controllers/suite_test.go | 18 +-- hack/boilerplate.go.txt | 18 +-- 25 files changed, 413 insertions(+), 174 deletions(-) create mode 100644 api/v1alpha1/target_types.go create mode 100644 config/crd/bases/mpas.ocm.software_targets.yaml create mode 100644 config/crd/patches/cainjection_in_targets.yaml create mode 100644 config/crd/patches/webhook_in_targets.yaml delete mode 100644 config/prometheus/kustomization.yaml delete mode 100644 config/prometheus/monitor.yaml create mode 100644 config/rbac/target_editor_role.yaml create mode 100644 config/rbac/target_viewer_role.yaml create mode 100644 config/samples/mpas_v1alpha1_target.yaml diff --git a/Makefile b/Makefile index 57f9988..f847e32 100644 --- a/Makefile +++ b/Makefile @@ -40,7 +40,7 @@ help: ## Display this help. .PHONY: manifests manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. - $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases + $(CONTROLLER_GEN) rbac:roleName=mpas-project-manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases .PHONY: generate generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. diff --git a/PROJECT b/PROJECT index d324553..57eed84 100644 --- a/PROJECT +++ b/PROJECT @@ -17,4 +17,12 @@ resources: kind: Project path: github.com/open-component-model/mpas-project-controller/api/v1alpha1 version: v1alpha1 +- api: + crdVersion: v1 + namespaced: true + domain: ocm.software + group: mpas + kind: Target + path: github.com/open-component-model/mpas-project-controller/api/v1alpha1 + version: v1alpha1 version: "3" diff --git a/api/v1alpha1/groupversion_info.go b/api/v1alpha1/groupversion_info.go index b6a4603..8ed463d 100644 --- a/api/v1alpha1/groupversion_info.go +++ b/api/v1alpha1/groupversion_info.go @@ -1,18 +1,6 @@ -/* -Copyright 2023. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ +// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. +// +// SPDX-License-Identifier: Apache-2.0 // Package v1alpha1 contains API Schema definitions for the mpas v1alpha1 API group // +kubebuilder:object:generate=true diff --git a/api/v1alpha1/project_types.go b/api/v1alpha1/project_types.go index 799df3b..7fc1db6 100644 --- a/api/v1alpha1/project_types.go +++ b/api/v1alpha1/project_types.go @@ -1,18 +1,6 @@ -/* -Copyright 2023. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ +// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. +// +// SPDX-License-Identifier: Apache-2.0 package v1alpha1 diff --git a/api/v1alpha1/target_types.go b/api/v1alpha1/target_types.go new file mode 100644 index 0000000..cb2a8e0 --- /dev/null +++ b/api/v1alpha1/target_types.go @@ -0,0 +1,69 @@ +// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. +// +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// TargetSpec defines the desired state of Target +type TargetSpec struct { + // Type specifies the type of the target. Possible values are: kubernetes, ssh, ociRepository + // +required + // +kubebuilder:validation:Enum=kubernetes;ssh;ociRepository + Type string `json:"type"` + + Access *Access `json:"access,omitempty"` +} + +// TargetStatus defines the observed state of Target +type TargetStatus struct { + // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + // Important: Run "make" to regenerate code after modifying this file +} + +// Access defines the access information for a target +type Access struct { + // +required + SecretRef *TargetSecretRef `json:"secretRef"` +} + +// TargetSecretRef defines the reference to a secret within the cluster +type TargetSecretRef struct { + // +required + Name string `json:"name"` + + // Should we specify a default value? + // +optional + Namespace string `json:"namespace,omitempty"` +} + +//+kubebuilder:object:root=true +//+kubebuilder:subresource:status + +// Target is the Schema for the targets API +type Target struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec TargetSpec `json:"spec,omitempty"` + Status TargetStatus `json:"status,omitempty"` +} + +//+kubebuilder:object:root=true + +// TargetList contains a list of Target +type TargetList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Target `json:"items"` +} + +func init() { + SchemeBuilder.Register(&Target{}, &TargetList{}) +} diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 56f38c7..6c50e0c 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -1,21 +1,9 @@ //go:build !ignore_autogenerated // +build !ignore_autogenerated -/* -Copyright 2023. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ +// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. +// +// SPDX-License-Identifier: Apache-2.0 // Code generated by controller-gen. DO NOT EDIT. @@ -25,6 +13,26 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Access) DeepCopyInto(out *Access) { + *out = *in + if in.SecretRef != nil { + in, out := &in.SecretRef, &out.SecretRef + *out = new(TargetSecretRef) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Access. +func (in *Access) DeepCopy() *Access { + if in == nil { + return nil + } + out := new(Access) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Project) DeepCopyInto(out *Project) { *out = *in @@ -113,3 +121,112 @@ func (in *ProjectStatus) DeepCopy() *ProjectStatus { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Target) DeepCopyInto(out *Target) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + out.Status = in.Status +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Target. +func (in *Target) DeepCopy() *Target { + if in == nil { + return nil + } + out := new(Target) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Target) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TargetList) DeepCopyInto(out *TargetList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Target, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetList. +func (in *TargetList) DeepCopy() *TargetList { + if in == nil { + return nil + } + out := new(TargetList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TargetList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TargetSecretRef) DeepCopyInto(out *TargetSecretRef) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetSecretRef. +func (in *TargetSecretRef) DeepCopy() *TargetSecretRef { + if in == nil { + return nil + } + out := new(TargetSecretRef) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TargetSpec) DeepCopyInto(out *TargetSpec) { + *out = *in + if in.Access != nil { + in, out := &in.Access, &out.Access + *out = new(Access) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetSpec. +func (in *TargetSpec) DeepCopy() *TargetSpec { + if in == nil { + return nil + } + out := new(TargetSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TargetStatus) DeepCopyInto(out *TargetStatus) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetStatus. +func (in *TargetStatus) DeepCopy() *TargetStatus { + if in == nil { + return nil + } + out := new(TargetStatus) + in.DeepCopyInto(out) + return out +} diff --git a/config/crd/bases/mpas.ocm.software_targets.yaml b/config/crd/bases/mpas.ocm.software_targets.yaml new file mode 100644 index 0000000..27caea9 --- /dev/null +++ b/config/crd/bases/mpas.ocm.software_targets.yaml @@ -0,0 +1,74 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: targets.mpas.ocm.software +spec: + group: mpas.ocm.software + names: + kind: Target + listKind: TargetList + plural: targets + singular: target + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Target is the Schema for the targets API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TargetSpec defines the desired state of Target + properties: + access: + description: Access defines the access information for a target + properties: + secretRef: + description: TargetSecretRef defines the reference to a secret + within the cluster + properties: + name: + type: string + namespace: + description: Should we specify a default value? + type: string + required: + - name + type: object + required: + - secretRef + type: object + type: + description: 'Type specifies the type of the target. Possible values + are: kubernetes, ssh, ociRepository' + enum: + - kubernetes + - ssh + - ociRepository + type: string + required: + - type + type: object + status: + description: TargetStatus defines the observed state of Target + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index c17a40d..ec1e260 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -3,17 +3,20 @@ # It should be run by config/default resources: - bases/mpas.ocm.software_projects.yaml +- bases/mpas.ocm.software_targets.yaml #+kubebuilder:scaffold:crdkustomizeresource patchesStrategicMerge: # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. # patches here are for enabling the conversion webhook for each CRD #- patches/webhook_in_projects.yaml +#- patches/webhook_in_targets.yaml #+kubebuilder:scaffold:crdkustomizewebhookpatch # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. # patches here are for enabling the CA injection for each CRD #- patches/cainjection_in_projects.yaml +#- patches/cainjection_in_targets.yaml #+kubebuilder:scaffold:crdkustomizecainjectionpatch # the following config is for teaching kustomize how to do kustomization for CRDs. diff --git a/config/crd/patches/cainjection_in_targets.yaml b/config/crd/patches/cainjection_in_targets.yaml new file mode 100644 index 0000000..97a8063 --- /dev/null +++ b/config/crd/patches/cainjection_in_targets.yaml @@ -0,0 +1,7 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: targets.mpas.ocm.software diff --git a/config/crd/patches/webhook_in_targets.yaml b/config/crd/patches/webhook_in_targets.yaml new file mode 100644 index 0000000..466e918 --- /dev/null +++ b/config/crd/patches/webhook_in_targets.yaml @@ -0,0 +1,16 @@ +# The following patch enables a conversion webhook for the CRD +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: targets.mpas.ocm.software +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + namespace: system + name: webhook-service + path: /convert + conversionReviewVersions: + - v1 diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 5b558f2..656f84f 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,13 +1,3 @@ -# Adds namespace to all resources. -namespace: mpas-project-controller-system - -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -namePrefix: mpas-project-controller- - # Labels to add to all resources and selectors. #commonLabels: # someName: someValue diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 7e32f72..893fe25 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Namespace metadata: labels: - control-plane: controller-manager + control-plane: mpas-project-controller-manager app.kubernetes.io/name: namespace app.kubernetes.io/instance: system app.kubernetes.io/component: manager @@ -14,12 +14,12 @@ metadata: apiVersion: apps/v1 kind: Deployment metadata: - name: controller-manager + name: mpas-project-controller-manager namespace: system labels: - control-plane: controller-manager + control-plane: mpas-project-controller-manager app.kubernetes.io/name: deployment - app.kubernetes.io/instance: controller-manager + app.kubernetes.io/instance: mpas-project-controller-manager app.kubernetes.io/component: manager app.kubernetes.io/created-by: mpas-project-controller app.kubernetes.io/part-of: mpas-project-controller @@ -27,50 +27,23 @@ metadata: spec: selector: matchLabels: - control-plane: controller-manager + app: mpas-project-controller-manager replicas: 1 template: metadata: annotations: kubectl.kubernetes.io/default-container: manager labels: - control-plane: controller-manager + app: mpas-project-controller-manager spec: - # TODO(user): Uncomment the following code to configure the nodeAffinity expression - # according to the platforms which are supported by your solution. - # It is considered best practice to support multiple architectures. You can - # build your manager image using the makefile target docker-buildx. - # affinity: - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: kubernetes.io/arch - # operator: In - # values: - # - amd64 - # - arm64 - # - ppc64le - # - s390x - # - key: kubernetes.io/os - # operator: In - # values: - # - linux securityContext: runAsNonRoot: true - # TODO(user): For common cases that do not require escalating privileges - # it is recommended to ensure that all your Pods/Containers are restrictive. - # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted - # Please uncomment the following code if your project does NOT have to work on old Kubernetes - # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). - # seccompProfile: - # type: RuntimeDefault containers: - command: - /manager args: - --leader-elect - image: controller:latest + image: open-component-model/mpas-project-controller name: manager securityContext: allowPrivilegeEscalation: false @@ -98,5 +71,5 @@ spec: requests: cpu: 10m memory: 64Mi - serviceAccountName: controller-manager + serviceAccountName: mpas-project-controller-manager terminationGracePeriodSeconds: 10 diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml deleted file mode 100644 index ed13716..0000000 --- a/config/prometheus/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- monitor.yaml diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml deleted file mode 100644 index a54d3e2..0000000 --- a/config/prometheus/monitor.yaml +++ /dev/null @@ -1,26 +0,0 @@ - -# Prometheus Monitor Service (Metrics) -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - control-plane: controller-manager - app.kubernetes.io/name: servicemonitor - app.kubernetes.io/instance: controller-manager-metrics-monitor - app.kubernetes.io/component: metrics - app.kubernetes.io/created-by: mpas-project-controller - app.kubernetes.io/part-of: mpas-project-controller - app.kubernetes.io/managed-by: kustomize - name: controller-manager-metrics-monitor - namespace: system -spec: - endpoints: - - path: /metrics - port: https - scheme: https - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - tlsConfig: - insecureSkipVerify: true - selector: - matchLabels: - control-plane: controller-manager diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml index 37297ff..76c7377 100644 --- a/config/rbac/leader_election_role.yaml +++ b/config/rbac/leader_election_role.yaml @@ -4,12 +4,12 @@ kind: Role metadata: labels: app.kubernetes.io/name: role - app.kubernetes.io/instance: leader-election-role + app.kubernetes.io/instance: mpas-project-leader-election-role app.kubernetes.io/component: rbac app.kubernetes.io/created-by: mpas-project-controller app.kubernetes.io/part-of: mpas-project-controller app.kubernetes.io/managed-by: kustomize - name: leader-election-role + name: mpas-project-leader-election-role rules: - apiGroups: - "" diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index 1796cbb..b9217cc 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -3,7 +3,7 @@ kind: RoleBinding metadata: labels: app.kubernetes.io/name: rolebinding - app.kubernetes.io/instance: leader-election-rolebinding + app.kubernetes.io/instance: mpas-project-leader-election-rolebinding app.kubernetes.io/component: rbac app.kubernetes.io/created-by: mpas-project-controller app.kubernetes.io/part-of: mpas-project-controller @@ -12,8 +12,8 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: leader-election-role + name: mpas-project-leader-election-role subjects: - kind: ServiceAccount - name: controller-manager + name: mpas-project-controller-manager namespace: system diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index c78ea8f..dd472e3 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null - name: manager-role + name: mpas-project-manager-role rules: - apiGroups: - mpas.ocm.software diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index dcd8539..6e263c4 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -3,12 +3,12 @@ kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/name: clusterrolebinding - app.kubernetes.io/instance: manager-rolebinding + app.kubernetes.io/instance: mpas-project-manager-rolebinding app.kubernetes.io/component: rbac app.kubernetes.io/created-by: mpas-project-controller app.kubernetes.io/part-of: mpas-project-controller app.kubernetes.io/managed-by: kustomize - name: manager-rolebinding + name: mpas-project-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml index ebb1d26..6b73fb4 100644 --- a/config/rbac/service_account.yaml +++ b/config/rbac/service_account.yaml @@ -3,10 +3,10 @@ kind: ServiceAccount metadata: labels: app.kubernetes.io/name: serviceaccount - app.kubernetes.io/instance: controller-manager + app.kubernetes.io/instance: mpas-project-controller-manager app.kubernetes.io/component: rbac app.kubernetes.io/created-by: mpas-project-controller app.kubernetes.io/part-of: mpas-project-controller app.kubernetes.io/managed-by: kustomize - name: controller-manager + name: mpas-project-controller-manager namespace: system diff --git a/config/rbac/target_editor_role.yaml b/config/rbac/target_editor_role.yaml new file mode 100644 index 0000000..415a000 --- /dev/null +++ b/config/rbac/target_editor_role.yaml @@ -0,0 +1,31 @@ +# permissions for end users to edit targets. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: target-editor-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: mpas-project-controller + app.kubernetes.io/part-of: mpas-project-controller + app.kubernetes.io/managed-by: kustomize + name: target-editor-role +rules: +- apiGroups: + - mpas.ocm.software + resources: + - targets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mpas.ocm.software + resources: + - targets/status + verbs: + - get diff --git a/config/rbac/target_viewer_role.yaml b/config/rbac/target_viewer_role.yaml new file mode 100644 index 0000000..f135392 --- /dev/null +++ b/config/rbac/target_viewer_role.yaml @@ -0,0 +1,27 @@ +# permissions for end users to view targets. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: target-viewer-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: mpas-project-controller + app.kubernetes.io/part-of: mpas-project-controller + app.kubernetes.io/managed-by: kustomize + name: target-viewer-role +rules: +- apiGroups: + - mpas.ocm.software + resources: + - targets + verbs: + - get + - list + - watch +- apiGroups: + - mpas.ocm.software + resources: + - targets/status + verbs: + - get diff --git a/config/samples/mpas_v1alpha1_target.yaml b/config/samples/mpas_v1alpha1_target.yaml new file mode 100644 index 0000000..fbbe453 --- /dev/null +++ b/config/samples/mpas_v1alpha1_target.yaml @@ -0,0 +1,12 @@ +apiVersion: mpas.ocm.software/v1alpha1 +kind: Target +metadata: + labels: + app.kubernetes.io/name: target + app.kubernetes.io/instance: target-sample + app.kubernetes.io/part-of: mpas-project-controller + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/created-by: mpas-project-controller + name: target-sample +spec: + # TODO(user): Add fields here diff --git a/controllers/project_controller.go b/controllers/project_controller.go index 2c948b4..b4e8f3c 100644 --- a/controllers/project_controller.go +++ b/controllers/project_controller.go @@ -1,18 +1,6 @@ -/* -Copyright 2023. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ +// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. +// +// SPDX-License-Identifier: Apache-2.0 package controllers diff --git a/controllers/suite_test.go b/controllers/suite_test.go index cbb4d0d..a8636e9 100644 --- a/controllers/suite_test.go +++ b/controllers/suite_test.go @@ -1,18 +1,6 @@ -/* -Copyright 2023. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ +// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. +// +// SPDX-License-Identifier: Apache-2.0 package controllers diff --git a/hack/boilerplate.go.txt b/hack/boilerplate.go.txt index 65b8622..e827261 100644 --- a/hack/boilerplate.go.txt +++ b/hack/boilerplate.go.txt @@ -1,15 +1,3 @@ -/* -Copyright 2023. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ \ No newline at end of file +// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. +// +// SPDX-License-Identifier: Apache-2.0 \ No newline at end of file