v1alpha1

package
v0.0.14 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 26, 2024 License: Apache-2.0 Imports: 4 Imported by: 3

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the validation v1alpha1 API group +kubebuilder:object:generate=true +groupName=validation.spectrocloud.labs

Index

Constants

This section is empty.

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "validation.spectrocloud.labs", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type ActionStr 

type ActionStr string

ActionStr is a type used for Action strings and DataAction strings. Alias exists to enable kubebuilder max string length validation for arrays of these. +kubebuilder:validation:MaxLength=200

type AzureAuth 

type AzureAuth struct {
	// If true, the AzureValidator will use the Azure SDK's default credential chain to authenticate.
	// Set to true if using WorkloadIdentityCredentials.
	Implicit bool `json:"implicit" yaml:"implicit"`
	// Name of a Secret in the same namespace as the AzureValidator that contains Azure credentials.
	// The secret data's keys and values are expected to align with valid Azure environment variable credentials,
	// per the options defined in https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#readme-environment-variables.
	SecretName string `json:"secretName,omitempty" yaml:"secretName,omitempty"`
}

AzureAuth defines authentication configuration for an AzureValidator.

func (*AzureAuth) DeepCopy 

func (in *AzureAuth) DeepCopy() *AzureAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAuth.

func (*AzureAuth) DeepCopyInto 

func (in *AzureAuth) DeepCopyInto(out *AzureAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AzureValidator 

type AzureValidator struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   AzureValidatorSpec   `json:"spec,omitempty"`
	Status AzureValidatorStatus `json:"status,omitempty"`
}

AzureValidator is the Schema for the azurevalidators API

func (*AzureValidator) DeepCopy 

func (in *AzureValidator) DeepCopy() *AzureValidator

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureValidator.

func (*AzureValidator) DeepCopyInto 

func (in *AzureValidator) DeepCopyInto(out *AzureValidator)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AzureValidator) DeepCopyObject 

func (in *AzureValidator) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AzureValidatorList 

type AzureValidatorList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AzureValidator `json:"items"`
}

AzureValidatorList contains a list of AzureValidator

func (*AzureValidatorList) DeepCopy 

func (in *AzureValidatorList) DeepCopy() *AzureValidatorList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureValidatorList.

func (*AzureValidatorList) DeepCopyInto 

func (in *AzureValidatorList) DeepCopyInto(out *AzureValidatorList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AzureValidatorList) DeepCopyObject 

func (in *AzureValidatorList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AzureValidatorSpec 

type AzureValidatorSpec struct {
	// Rules for validating that the correct role assignments have been created in Azure RBAC to
	// provide needed permissions.
	// +kubebuilder:validation:MaxItems=5
	// +kubebuilder:validation:XValidation:message="RBACRules must have unique names",rule="self.all(e, size(self.filter(x, x.name == e.name)) == 1)"
	RBACRules []RBACRule `json:"rbacRules,omitempty" yaml:"rbacRules,omitempty"`
	// Rules for validating that images exist in an Azure Compute Gallery published as a community
	// gallery.
	CommunityGalleryImageRules []CommunityGalleryImageRule `json:"communityGalleryImageRules,omitempty" yaml:"communityGalleryImageRules,omitempty"`
	Auth                       AzureAuth                   `json:"auth" yaml:"auth"`
}

AzureValidatorSpec defines the desired state of AzureValidator

func (*AzureValidatorSpec) DeepCopy 

func (in *AzureValidatorSpec) DeepCopy() *AzureValidatorSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureValidatorSpec.

func (*AzureValidatorSpec) DeepCopyInto 

func (in *AzureValidatorSpec) DeepCopyInto(out *AzureValidatorSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (AzureValidatorSpec) ResultCount 

func (s AzureValidatorSpec) ResultCount() int

ResultCount returns the number of validation results expected for an AzureValidatorSpec.

type AzureValidatorStatus 

type AzureValidatorStatus struct{}

AzureValidatorStatus defines the observed state of AzureValidator

func (*AzureValidatorStatus) DeepCopy 

func (in *AzureValidatorStatus) DeepCopy() *AzureValidatorStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureValidatorStatus.

func (*AzureValidatorStatus) DeepCopyInto 

func (in *AzureValidatorStatus) DeepCopyInto(out *AzureValidatorStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CommunityGallery added in v0.0.12 

type CommunityGallery struct {
	// Location is the location of the community gallery (e.g. "westus").
	// +kubebuilder:validation:MaxLength=50
	Location string `json:"location" yaml:"location"`
	// Name is the name of the community gallery.
	// +kubebuilder:validation:MaxLength=200
	Name string `json:"name" yaml:"name"`
}

CommunityGallery is a community gallery in a particular location.

func (*CommunityGallery) DeepCopy added in v0.0.12 

func (in *CommunityGallery) DeepCopy() *CommunityGallery

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommunityGallery.

func (*CommunityGallery) DeepCopyInto added in v0.0.12 

func (in *CommunityGallery) DeepCopyInto(out *CommunityGallery)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CommunityGalleryImageRule added in v0.0.12 

type CommunityGalleryImageRule struct {
	// Name is a unique identifier for the rule in the validator. Used to ensure conditions do not
	// overwrite each other.
	// +kubebuilder:validation:MaxLength=200
	Name string `json:"name" yaml:"name"`
	// Gallery is the community gallery.
	Gallery CommunityGallery `json:"gallery" yaml:"gallery"`
	// Images is a list of image names.
	//+kubebuilder:validation:MinItems=1
	//+kubebuilder:validation:MaxItems=1000
	Images []string `json:"images" yaml:"images"`
	// SubscriptionID is the ID of the subscription.
	SubscriptionID string `json:"subscriptionID" yaml:"subscriptionID"`
}

CommunityGalleryImageRule verifies that one or more images in a community gallery exist and are accessible by a particular subscription.

func (*CommunityGalleryImageRule) DeepCopy added in v0.0.12 

func (in *CommunityGalleryImageRule) DeepCopy() *CommunityGalleryImageRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommunityGalleryImageRule.

func (*CommunityGalleryImageRule) DeepCopyInto added in v0.0.12 

func (in *CommunityGalleryImageRule) DeepCopyInto(out *CommunityGalleryImageRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PermissionSet 

type PermissionSet struct {
	// Actions is a list of actions that the role must be able to perform. Must not contain any
	// wildcards. If not specified, the role is assumed to already be able to perform all required
	// actions.
	//+kubebuilder:validation:MaxItems=1000
	//+kubebuilder:validation:XValidation:message="Actions cannot have wildcards.",rule="self.all(item, !item.contains('*'))"
	Actions []ActionStr `json:"actions,omitempty" yaml:"actions,omitempty"`
	// DataActions is a list of data actions that the role must be able to perform. Must not
	// contain any wildcards. If not provided, the role is assumed to already be able to perform
	// all required data actions.
	//+kubebuilder:validation:MaxItems=1000
	//+kubebuilder:validation:XValidation:message="DataActions cannot have wildcards.",rule="self.all(item, !item.contains('*'))"
	DataActions []ActionStr `json:"dataActions,omitempty" yaml:"dataActions,omitempty"`
	// Scope is the minimum scope of the role. Role assignments found at higher level scopes will
	// satisfy this. For example, a role assignment found with subscription scope will satisfy a
	// permission set where the role scope specified is a resource group within that subscription.
	Scope string `json:"scope" yaml:"scope"`
}

PermissionSet is part of an RBAC rule and verifies that a security principal has the specified permissions (via role assignments) at the specified scope. Scope can be either subscription, resource group, or resource.

func (*PermissionSet) DeepCopy 

func (in *PermissionSet) DeepCopy() *PermissionSet

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSet.

func (*PermissionSet) DeepCopyInto 

func (in *PermissionSet) DeepCopyInto(out *PermissionSet)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RBACRule 

type RBACRule struct {
	// Unique identifier for the rule in the validator. Used to ensure conditions do not overwrite
	// each other.
	Name string `json:"name" yaml:"name"`
	// The permissions that the principal must have. If the principal has permissions less than
	// this, validation will fail. If the principal has permissions equal to or more than this
	// (e.g., inherited permissions from higher level scope, more roles than needed) validation
	// will pass.
	//+kubebuilder:validation:MinItems=1
	//+kubebuilder:validation:MaxItems=20
	//+kubebuilder:validation:XValidation:message="Each permission set must have Actions, DataActions, or both defined",rule="self.all(item, size(item.actions) > 0 || size(item.dataActions) > 0)"
	Permissions []PermissionSet `json:"permissionSets" yaml:"permissionSets"`
	// The principal being validated. This can be any type of principal - Device, ForeignGroup,
	// Group, ServicePrincipal, or User.
	PrincipalID string `json:"principalId" yaml:"principalId"`
}

RBACRule verifies that a security principal has permissions via role assignments and that no deny assignments deny the permissions.

func (*RBACRule) DeepCopy 

func (in *RBACRule) DeepCopy() *RBACRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RBACRule.

func (*RBACRule) DeepCopyInto 

func (in *RBACRule) DeepCopyInto(out *RBACRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.