From e6c1c4b7b56f930496fe27d15770272b5f6dfffe Mon Sep 17 00:00:00 2001 From: Wenhao Zhou <34303854+zhou1203@users.noreply.github.com> Date: Fri, 3 Mar 2023 11:30:39 +0800 Subject: [PATCH] Add iam v1beta1 APIs (#5502) update iam v1beta1 types && deprecate iam v1alpha2 apis Signed-off-by: wenhaozhou --- .../crds/iam.kubesphere.io_loginrecords.yaml | 2 +- pkg/apiserver/query/types.go | 1 - pkg/kapis/iam/v1alpha2/register.go | 34 ++ .../api/iam/v1beta1/category_types.go | 54 ---- .../api/iam/v1beta1/clusterrole_types.go | 49 --- .../src/kubesphere.io/api/iam/v1beta1/doc.go | 23 ++ .../api/iam/v1beta1/globalrole_types.go | 58 ---- .../kubesphere.io/api/iam/v1beta1/register.go | 9 +- .../api/iam/v1beta1/role_types.go | 49 --- .../api/iam/v1beta1/roletemplate_types.go | 56 ---- .../kubesphere.io/api/iam/v1beta1/types.go | 291 ++++++++++++++++++ .../api/iam/v1beta1/workspacerole_types.go | 51 --- .../api/iam/v1beta1/zz_generated.deepcopy.go | 286 ++++++++++++++++- 13 files changed, 638 insertions(+), 325 deletions(-) delete mode 100644 staging/src/kubesphere.io/api/iam/v1beta1/category_types.go delete mode 100644 staging/src/kubesphere.io/api/iam/v1beta1/clusterrole_types.go create mode 100644 staging/src/kubesphere.io/api/iam/v1beta1/doc.go delete mode 100644 staging/src/kubesphere.io/api/iam/v1beta1/globalrole_types.go delete mode 100644 staging/src/kubesphere.io/api/iam/v1beta1/role_types.go delete mode 100644 staging/src/kubesphere.io/api/iam/v1beta1/roletemplate_types.go create mode 100644 staging/src/kubesphere.io/api/iam/v1beta1/types.go delete mode 100644 staging/src/kubesphere.io/api/iam/v1beta1/workspacerole_types.go diff --git a/config/ks-core/crds/iam.kubesphere.io_loginrecords.yaml b/config/ks-core/crds/iam.kubesphere.io_loginrecords.yaml index 76cad7449..681893b93 100644 --- a/config/ks-core/crds/iam.kubesphere.io_loginrecords.yaml +++ b/config/ks-core/crds/iam.kubesphere.io_loginrecords.yaml @@ -67,7 +67,7 @@ spec: description: Successful login attempt or not type: boolean type: - description: Which authentication method used, BasicAuth/OAuth + description: Which authentication method used, Password/OAuth/Token type: string userAgent: description: User agent of login attempt diff --git a/pkg/apiserver/query/types.go b/pkg/apiserver/query/types.go index d0d3c3d88..4392c8e90 100644 --- a/pkg/apiserver/query/types.go +++ b/pkg/apiserver/query/types.go @@ -36,7 +36,6 @@ const ( ) // Query represents api search terms -// TODO add fieldSelector type Query struct { Pagination *Pagination diff --git a/pkg/kapis/iam/v1alpha2/register.go b/pkg/kapis/iam/v1alpha2/register.go index 84279f8c4..8c5c5025b 100644 --- a/pkg/kapis/iam/v1alpha2/register.go +++ b/pkg/kapis/iam/v1alpha2/register.go @@ -238,24 +238,28 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf ws.Route(ws.POST("/globalroles"). To(handler.CreateGlobalRole). Doc("Create global role."). + Deprecate(). Reads(iamv1alpha2.GlobalRole{}). Returns(http.StatusOK, api.StatusOK, iamv1alpha2.GlobalRole{}). Metadata(restfulspec.KeyOpenAPITags, []string{constants.GlobalRoleTag})) ws.Route(ws.DELETE("/globalroles/{globalrole}"). To(handler.DeleteGlobalRole). Doc("Delete global role."). + Deprecate(). Param(ws.PathParameter("globalrole", "global role name")). Returns(http.StatusOK, api.StatusOK, errors.None). Metadata(restfulspec.KeyOpenAPITags, []string{constants.GlobalRoleTag})) ws.Route(ws.PUT("/globalroles/{globalrole}"). To(handler.UpdateGlobalRole). Doc("Update global role."). + Deprecate(). Param(ws.PathParameter("globalrole", "global role name")). Reads(iamv1alpha2.GlobalRole{}). Returns(http.StatusOK, api.StatusOK, iamv1alpha2.GlobalRole{}). Metadata(restfulspec.KeyOpenAPITags, []string{constants.GlobalRoleTag})) ws.Route(ws.PATCH("/globalroles/{globalrole}"). To(handler.PatchGlobalRole). + Deprecate(). Doc("Patch global role."). Param(ws.PathParameter("globalrole", "global role name")). Reads(iamv1alpha2.GlobalRole{}). @@ -264,12 +268,14 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf ws.Route(ws.GET("/globalroles"). To(handler.ListGlobalRoles). Doc("List all global roles."). + Deprecate(). Returns(http.StatusOK, api.StatusOK, api.ListResult{Items: []interface{}{iamv1alpha2.GlobalRole{}}}). Metadata(restfulspec.KeyOpenAPITags, []string{constants.GlobalRoleTag})) ws.Route(ws.GET("/globalroles/{globalrole}"). To(handler.DescribeGlobalRole). Param(ws.PathParameter("globalrole", "global role name")). Doc("Retrieve global role details."). + Deprecate(). Returns(http.StatusOK, api.StatusOK, iamv1alpha2.GlobalRole{}). Metadata(restfulspec.KeyOpenAPITags, []string{constants.GlobalRoleTag})) @@ -277,18 +283,21 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf ws.Route(ws.POST("/clusterroles"). To(handler.CreateClusterRole). Doc("Create cluster role."). + Deprecate(). Reads(rbacv1.ClusterRole{}). Returns(http.StatusOK, api.StatusOK, rbacv1.ClusterRole{}). Metadata(restfulspec.KeyOpenAPITags, []string{constants.ClusterRoleTag})) ws.Route(ws.DELETE("/clusterroles/{clusterrole}"). To(handler.DeleteClusterRole). Doc("Delete cluster role."). + Deprecate(). Param(ws.PathParameter("clusterrole", "cluster role name")). Returns(http.StatusOK, api.StatusOK, errors.None). Metadata(restfulspec.KeyOpenAPITags, []string{constants.ClusterRoleTag})) ws.Route(ws.PUT("/clusterroles/{clusterrole}"). To(handler.UpdateClusterRole). Doc("Update cluster role."). + Deprecate(). Param(ws.PathParameter("clusterrole", "cluster role name")). Reads(rbacv1.ClusterRole{}). Returns(http.StatusOK, api.StatusOK, rbacv1.ClusterRole{}). @@ -296,6 +305,7 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf ws.Route(ws.PATCH("/clusterroles/{clusterrole}"). To(handler.PatchClusterRole). Doc("Patch cluster role."). + Deprecate(). Param(ws.PathParameter("clusterrole", "cluster role name")). Reads(rbacv1.ClusterRole{}). Returns(http.StatusOK, api.StatusOK, rbacv1.ClusterRole{}). @@ -303,12 +313,14 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf ws.Route(ws.GET("/clusterroles"). To(handler.ListClusterRoles). Doc("List all cluster roles."). + Deprecate(). Returns(http.StatusOK, api.StatusOK, api.ListResult{Items: []interface{}{rbacv1.ClusterRole{}}}). Metadata(restfulspec.KeyOpenAPITags, []string{constants.ClusterRoleTag})) ws.Route(ws.GET("/clusterroles/{clusterrole}"). To(handler.DescribeClusterRole). Param(ws.PathParameter("clusterrole", "cluster role name")). Doc("Retrieve cluster role details."). + Deprecate(). Returns(http.StatusOK, api.StatusOK, rbacv1.ClusterRole{}). Metadata(restfulspec.KeyOpenAPITags, []string{constants.ClusterRoleTag})) @@ -316,6 +328,7 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf ws.Route(ws.POST("/workspaces/{workspace}/workspaceroles"). To(handler.CreateWorkspaceRole). Doc("Create workspace role."). + Deprecate(). Reads(iamv1alpha2.WorkspaceRole{}). Returns(http.StatusOK, api.StatusOK, iamv1alpha2.WorkspaceRole{}). Param(ws.PathParameter("workspace", "workspace name")). @@ -323,6 +336,7 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf ws.Route(ws.DELETE("/workspaces/{workspace}/workspaceroles/{workspacerole}"). To(handler.DeleteWorkspaceRole). Doc("Delete workspace role."). + Deprecate(). Param(ws.PathParameter("workspace", "workspace name")). Param(ws.PathParameter("workspacerole", "workspace role name")). Returns(http.StatusOK, api.StatusOK, errors.None). @@ -330,6 +344,7 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf ws.Route(ws.PATCH("/workspaces/{workspace}/workspaceroles/{workspacerole}"). To(handler.PatchWorkspaceRole). Doc("Patch workspace role."). + Deprecate(). Param(ws.PathParameter("workspace", "workspace name")). Param(ws.PathParameter("workspacerole", "workspace role name")). Reads(iamv1alpha2.WorkspaceRole{}). @@ -338,6 +353,7 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf ws.Route(ws.PUT("/workspaces/{workspace}/workspaceroles/{workspacerole}"). To(handler.UpdateWorkspaceRole). Doc("Update workspace role."). + Deprecate(). Param(ws.PathParameter("workspace", "workspace name")). Param(ws.PathParameter("workspacerole", "workspace role name")). Reads(iamv1alpha2.WorkspaceRole{}). @@ -346,12 +362,14 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf ws.Route(ws.GET("/workspaces/{workspace}/workspaceroles"). To(handler.ListWorkspaceRoles). Doc("List all workspace roles."). + Deprecate(). Param(ws.PathParameter("workspace", "workspace name")). Returns(http.StatusOK, api.StatusOK, api.ListResult{Items: []interface{}{iamv1alpha2.WorkspaceRole{}}}). Metadata(restfulspec.KeyOpenAPITags, []string{constants.WorkspaceRoleTag})) ws.Route(ws.GET("/workspaces/{workspace}/workspaceroles/{workspacerole}"). To(handler.DescribeWorkspaceRole). Doc("Retrieve workspace role details."). + Deprecate(). Param(ws.PathParameter("workspace", "workspace name")). Param(ws.PathParameter("workspacerole", "workspace role name")). Returns(http.StatusOK, api.StatusOK, iamv1alpha2.WorkspaceRole{}). @@ -361,6 +379,7 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf ws.Route(ws.POST("/namespaces/{namespace}/roles"). To(handler.CreateNamespaceRole). Doc("Create role in the specified namespace."). + Deprecate(). Reads(rbacv1.Role{}). Param(ws.PathParameter("namespace", "namespace")). Returns(http.StatusOK, api.StatusOK, rbacv1.Role{}). @@ -368,6 +387,7 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf ws.Route(ws.DELETE("/namespaces/{namespace}/roles/{role}"). To(handler.DeleteNamespaceRole). Doc("Delete role in the specified namespace."). + Deprecate(). Param(ws.PathParameter("namespace", "namespace")). Param(ws.PathParameter("role", "role name")). Returns(http.StatusOK, api.StatusOK, errors.None). @@ -375,6 +395,7 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf ws.Route(ws.PUT("/namespaces/{namespace}/roles/{role}"). To(handler.UpdateNamespaceRole). Doc("Update namespace role."). + Deprecate(). Param(ws.PathParameter("namespace", "namespace")). Param(ws.PathParameter("role", "role name")). Reads(rbacv1.Role{}). @@ -383,6 +404,7 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf ws.Route(ws.PATCH("/namespaces/{namespace}/roles/{role}"). To(handler.PatchNamespaceRole). Doc("Patch namespace role."). + Deprecate(). Param(ws.PathParameter("namespace", "namespace")). Param(ws.PathParameter("role", "role name")). Reads(rbacv1.Role{}). @@ -391,12 +413,14 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf ws.Route(ws.GET("/namespaces/{namespace}/roles"). To(handler.ListRoles). Doc("List all roles in the specified namespace."). + Deprecate(). Param(ws.PathParameter("namespace", "namespace")). Returns(http.StatusOK, api.StatusOK, api.ListResult{Items: []interface{}{rbacv1.Role{}}}). Metadata(restfulspec.KeyOpenAPITags, []string{constants.NamespaceRoleTag})) ws.Route(ws.GET("/namespaces/{namespace}/roles/{role}"). To(handler.DescribeNamespaceRole). Doc("Retrieve role details."). + Deprecate(). Param(ws.PathParameter("namespace", "namespace")). Param(ws.PathParameter("role", "role name")). Returns(http.StatusOK, api.StatusOK, rbacv1.Role{}). @@ -406,6 +430,7 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf ws.Route(ws.POST("/devops/{devops}/roles"). To(handler.CreateNamespaceRole). Doc("Create role in the specified devops project."). + Deprecate(). Reads(rbacv1.Role{}). Param(ws.PathParameter("devops", "devops project name")). Returns(http.StatusOK, api.StatusOK, rbacv1.Role{}). @@ -413,6 +438,7 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf ws.Route(ws.DELETE("/devops/{devops}/roles/{role}"). To(handler.DeleteNamespaceRole). Doc("Delete role in the specified devops project."). + Deprecate(). Param(ws.PathParameter("devops", "devops project name")). Param(ws.PathParameter("role", "role name")). Returns(http.StatusOK, api.StatusOK, errors.None). @@ -420,6 +446,7 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf ws.Route(ws.PUT("/devops/{devops}/roles/{role}"). To(handler.UpdateNamespaceRole). Doc("Update devops project role."). + Deprecate(). Param(ws.PathParameter("devops", "devops project name")). Param(ws.PathParameter("role", "role name")). Reads(rbacv1.Role{}). @@ -428,6 +455,7 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf ws.Route(ws.PATCH("/devops/{devops}/roles/{role}"). To(handler.PatchNamespaceRole). Doc("Patch devops project role."). + Deprecate(). Param(ws.PathParameter("devops", "devops project name")). Param(ws.PathParameter("role", "role name")). Reads(rbacv1.Role{}). @@ -436,12 +464,14 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf ws.Route(ws.GET("/devops/{devops}/roles"). To(handler.ListRoles). Doc("List all roles in the specified devops project."). + Deprecate(). Param(ws.PathParameter("devops", "devops project name")). Returns(http.StatusOK, api.StatusOK, api.ListResult{Items: []interface{}{rbacv1.Role{}}}). Metadata(restfulspec.KeyOpenAPITags, []string{constants.DevOpsProjectRoleTag})) ws.Route(ws.GET("/devops/{devops}/roles/{role}"). To(handler.DescribeNamespaceRole). Doc("Retrieve devops project role details."). + Deprecate(). Param(ws.PathParameter("devops", "devops project name")). Param(ws.PathParameter("role", "role name")). Returns(http.StatusOK, api.StatusOK, rbacv1.Role{}). @@ -573,6 +603,7 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf ws.Route(ws.POST("/namespaces/{namespace}/rolebindings"). To(handler.CreateRoleBinding). Doc("Create rolebinding in the specified namespace."). + Deprecate(). Reads([]v1.RoleBinding{}). Param(ws.PathParameter("namespace", "namespace")). Returns(http.StatusOK, api.StatusOK, []v1.RoleBinding{}). @@ -584,6 +615,7 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf Param(ws.PathParameter("namespace", "groupbinding name")). Param(ws.PathParameter("rolebinding", "groupbinding name")). Doc("Delete rolebinding under namespace."). + Deprecate(). Returns(http.StatusOK, api.StatusOK, errors.None). Metadata(restfulspec.KeyOpenAPITags, []string{constants.GroupTag})) @@ -593,6 +625,7 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf Param(ws.PathParameter("workspace", "workspace name")). Reads([]iamv1alpha2.WorkspaceRoleBinding{}). Doc("Create group's workspacerolebindings of the workspace."). + Deprecate(). Returns(http.StatusOK, api.StatusOK, []iamv1alpha2.WorkspaceRoleBinding{}). Metadata(restfulspec.KeyOpenAPITags, []string{constants.GroupTag})) @@ -601,6 +634,7 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf Param(ws.PathParameter("workspace", "workspace name")). Param(ws.PathParameter("rolebinding", "groupbinding name")). Doc("Delete workspacerolebinding."). + Deprecate(). Returns(http.StatusOK, api.StatusOK, errors.None). Metadata(restfulspec.KeyOpenAPITags, []string{constants.GroupTag})) diff --git a/staging/src/kubesphere.io/api/iam/v1beta1/category_types.go b/staging/src/kubesphere.io/api/iam/v1beta1/category_types.go deleted file mode 100644 index 1e7c07168..000000000 --- a/staging/src/kubesphere.io/api/iam/v1beta1/category_types.go +++ /dev/null @@ -1,54 +0,0 @@ -/* -Copyright 2023. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! -// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. - -// CategorySpec defines the desired state of Category -type CategorySpec struct { - // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - // Important: Run "make" to regenerate code after modifying this file - - DisplayName map[string]string `json:"displayName,omitempty"` - Description map[string]string `json:"description,omitempty"` - Icon string `json:"icon,omitempty"` -} - -//+kubebuilder:object:root=true -//+kubebuilder:resource:categories=iam,scope=Cluster - -// Category is the Schema for the categories API -type Category struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec CategorySpec `json:"spec,omitempty"` -} - -//+kubebuilder:object:root=true - -// CategoryList contains a list of Category -type CategoryList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []Category `json:"items"` -} diff --git a/staging/src/kubesphere.io/api/iam/v1beta1/clusterrole_types.go b/staging/src/kubesphere.io/api/iam/v1beta1/clusterrole_types.go deleted file mode 100644 index d03563beb..000000000 --- a/staging/src/kubesphere.io/api/iam/v1beta1/clusterrole_types.go +++ /dev/null @@ -1,49 +0,0 @@ -/* -Copyright 2023. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! -// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. - -//+kubebuilder:object:root=true -//+kubebuilder:resource:categories=iam,scope=Cluster - -// ClusterRole is the Schema for the clusterroles API -type ClusterRole struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - // AggregationRoleTemplates means which RoleTemplates are composed this Role - AggregationRoleTemplates AggregationRoleTemplates `json:"aggregationRoleTemplates,omitempty"` - - // Rules holds all the PolicyRules for this WorkspaceRole - Rules rbacv1.PolicyRule `json:"rules,omitempty"` -} - -//+kubebuilder:object:root=true - -// ClusterRoleList contains a list of ClusterRole -type ClusterRoleList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []ClusterRole `json:"items"` -} diff --git a/staging/src/kubesphere.io/api/iam/v1beta1/doc.go b/staging/src/kubesphere.io/api/iam/v1beta1/doc.go new file mode 100644 index 000000000..97fd7e830 --- /dev/null +++ b/staging/src/kubesphere.io/api/iam/v1beta1/doc.go @@ -0,0 +1,23 @@ +/* +Copyright 2019 The KubeSphere Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1beta1 contains API Schema definitions for the iam v1beta1 API group +// +k8s:openapi-gen=true +// +kubebuilder:object:generate=true +// +k8s:conversion-gen=kubesphere.io/api/iam +// +k8s:defaulter-gen=TypeMeta +// +groupName=iam.kubesphere.io +package v1beta1 diff --git a/staging/src/kubesphere.io/api/iam/v1beta1/globalrole_types.go b/staging/src/kubesphere.io/api/iam/v1beta1/globalrole_types.go deleted file mode 100644 index b55eefefa..000000000 --- a/staging/src/kubesphere.io/api/iam/v1beta1/globalrole_types.go +++ /dev/null @@ -1,58 +0,0 @@ -/* -Copyright 2023. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! -// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. - -type AggregationRoleTemplates struct { - // TemplateNames select rules from RoleTemplate`s rules by RoleTemplate name - TemplateNames []string `json:"templateNames,omitempty"` - - // Selector select rules from RoleTemplate`s rules by labels - Selector metav1.LabelSelector `json:"selector,omitempty"` -} - -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status -//+kubebuilder:resource:categories=iam,scope=Cluster - -// GlobalRole is the Schema for the globalroles API -type GlobalRole struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - // AggregationRoleTemplates means which RoleTemplates are composed this Role - AggregationRoleTemplates AggregationRoleTemplates `json:"aggregationRoleTemplates,omitempty"` - - // Rules holds all the PolicyRules for this WorkspaceRole - Rules rbacv1.PolicyRule `json:"rules"` -} - -//+kubebuilder:object:root=true - -// GlobalRoleList contains a list of GlobalRole -type GlobalRoleList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []GlobalRole `json:"items"` -} diff --git a/staging/src/kubesphere.io/api/iam/v1beta1/register.go b/staging/src/kubesphere.io/api/iam/v1beta1/register.go index 4def0c5bd..9564d22c8 100644 --- a/staging/src/kubesphere.io/api/iam/v1beta1/register.go +++ b/staging/src/kubesphere.io/api/iam/v1beta1/register.go @@ -18,7 +18,6 @@ limitations under the License. // +k8s:openapi-gen=true // +kubebuilder:object:generate=true // +groupName=iam.kubesphere.io - package v1beta1 import ( @@ -58,6 +57,14 @@ func addKnownTypes(scheme *runtime.Scheme) error { &GlobalRoleList{}, &RoleTemplate{}, &RoleTemplateList{}, + &RoleBinding{}, + &RoleBindingList{}, + &ClusterRoleBinding{}, + &ClusterRoleBindingList{}, + &WorkspaceRoleBinding{}, + &WorkspaceRoleBindingList{}, + &GlobalRoleBinding{}, + &GlobalRoleBindingList{}, ) metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil diff --git a/staging/src/kubesphere.io/api/iam/v1beta1/role_types.go b/staging/src/kubesphere.io/api/iam/v1beta1/role_types.go deleted file mode 100644 index f26e7f44e..000000000 --- a/staging/src/kubesphere.io/api/iam/v1beta1/role_types.go +++ /dev/null @@ -1,49 +0,0 @@ -/* -Copyright 2023. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! -// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. - -//+kubebuilder:object:root=true -//+kubebuilder:resource:categories=iam,scope=Namspaced - -// Role is the Schema for the roles API -type Role struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - // AggregationRoleTemplates means which RoleTemplates are composed this Role - AggregationRoleTemplates AggregationRoleTemplates `json:"aggregationRoleTemplates,omitempty"` - - // Rules holds all the PolicyRules for this WorkspaceRole - Rules rbacv1.PolicyRule `json:"rules,omitempty"` -} - -//+kubebuilder:object:root=true - -// RoleList contains a list of Role -type RoleList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []Role `json:"items"` -} diff --git a/staging/src/kubesphere.io/api/iam/v1beta1/roletemplate_types.go b/staging/src/kubesphere.io/api/iam/v1beta1/roletemplate_types.go deleted file mode 100644 index 0a2eba7fa..000000000 --- a/staging/src/kubesphere.io/api/iam/v1beta1/roletemplate_types.go +++ /dev/null @@ -1,56 +0,0 @@ -/* -Copyright 2023. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! -// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. - -// RoleTemplateSpec defines the desired state of RoleTemplate -type RoleTemplateSpec struct { - // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - // Important: Run "make" to regenerate code after modifying this file - - // DisplayName represent the name displays at console, this field - DisplayName map[string]string `json:"displayName,omitempty"` - Description map[string]string `json:"description,omitempty"` - Rules []rbacv1.PolicyRule `json:"rules"` -} - -//+kubebuilder:object:root=true -//+kubebuilder:resource:categories=iam,scope=Cluster - -// RoleTemplate is the Schema for the roletemplates API -type RoleTemplate struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec RoleTemplateSpec `json:"spec,omitempty"` -} - -//+kubebuilder:object:root=true - -// RoleTemplateList contains a list of RoleTemplate -type RoleTemplateList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []RoleTemplate `json:"items"` -} diff --git a/staging/src/kubesphere.io/api/iam/v1beta1/types.go b/staging/src/kubesphere.io/api/iam/v1beta1/types.go new file mode 100644 index 000000000..a7a7ebf5f --- /dev/null +++ b/staging/src/kubesphere.io/api/iam/v1beta1/types.go @@ -0,0 +1,291 @@ +package v1beta1 + +import ( + rbacv1 "k8s.io/api/rbac/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +const ( + UserReferenceLabel = "iam.kubesphere.io/user-ref" + ResourcesPluralUser = "users" +) + +// CategorySpec defines the desired state of Category +type CategorySpec struct { + DisplayName map[string]string `json:"displayName,omitempty"` + Description map[string]string `json:"description,omitempty"` + Icon string `json:"icon,omitempty"` +} + +//+kubebuilder:object:root=true +//+kubebuilder:resource:categories=iam,scope=Cluster + +// Category is the Schema for the categories API +type Category struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec CategorySpec `json:"spec,omitempty"` +} + +//+kubebuilder:object:root=true +//+kubebuilder:resource:categories=iam,scope=Cluster + +// CategoryList contains a list of Category +type CategoryList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Category `json:"items"` +} + +// AggregationRoleTemplates indicates which roleTemplate the role is composed of. +// If the aggregation selector is not empty, the templateNames will be overwritten by the templates list by selector. +type AggregationRoleTemplates struct { + // TemplateNames select rules from RoleTemplate`s rules by RoleTemplate name + TemplateNames []string `json:"templateNames,omitempty"` + + // Selector select rules from RoleTemplate`s rules by labels + Selector metav1.LabelSelector `json:"selector,omitempty"` +} + +//+kubebuilder:object:root=true +//+kubebuilder:resource:categories=iam,scope=Cluster + +// GlobalRole is the Schema for the globalroles API +type GlobalRole struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // AggregationRoleTemplates means which RoleTemplates are composed this Role + AggregationRoleTemplates AggregationRoleTemplates `json:"aggregationRoleTemplates,omitempty"` + + // Rules holds all the PolicyRules for this WorkspaceRole + Rules []rbacv1.PolicyRule `json:"rules"` +} + +//+kubebuilder:object:root=true +// +kubebuilder:resource:categories="iam",scope="Cluster" + +// GlobalRoleList contains a list of GlobalRole +type GlobalRoleList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []GlobalRole `json:"items"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:resource:categories="iam",scope="Cluster" + +// GlobalRoleBinding is the Schema for the globalrolebindings API +type GlobalRoleBinding struct { + metav1.TypeMeta `json:",inline"` + // +optional + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Subjects holds references to the objects the role applies to. + // +optional + Subjects []rbacv1.Subject `json:"subjects,omitempty" protobuf:"bytes,2,rep,name=subjects"` + + // RoleRef can only reference a GlobalRole. + // If the RoleRef cannot be resolved, the Authorizer must return an error. + RoleRef rbacv1.RoleRef `json:"roleRef" protobuf:"bytes,3,opt,name=roleRef"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:resource:categories=iam,scope=Cluster + +// GlobalRoleBindingList contains a list of GlobalRoleBinding +type GlobalRoleBindingList struct { + metav1.TypeMeta `json:",inline"` + // Standard object's metadata. + // +optional + metav1.ListMeta `json:"metadata,omitempty"` + Items []GlobalRoleBinding `json:"items"` +} + +//+kubebuilder:object:root=true +//+kubebuilder:resource:categories=iam,scope=Cluster +//+kubebuilder:printcolumn:name="Workspace",type="string",JSONPath=".metadata.labels.kubesphere\\.io/workspace" +//+kubebuilder:printcolumn:name="Alias",type="string",JSONPath=".metadata.annotations.kubesphere\\.io/alias-name" + +// WorkspaceRole is the Schema for the workspaceroles API +type WorkspaceRole struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // AggregationRoleTemplates means which RoleTemplates are composed this Role + AggregationRoleTemplates AggregationRoleTemplates `json:"aggregationRoleTemplates,omitempty"` + + // Rules holds all the PolicyRules for this WorkspaceRole + Rules []rbacv1.PolicyRule `json:"rules,omitempty"` +} + +//+kubebuilder:object:root=true +//+kubebuilder:resource:categories=iam,scope=Cluster + +// WorkspaceRoleList contains a list of WorkspaceRole +type WorkspaceRoleList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []WorkspaceRole `json:"items"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:printcolumn:name="Workspace",type="string",JSONPath=".metadata.labels.kubesphere\\.io/workspace" +// +kubebuilder:resource:categories="iam",scope="Cluster" + +// WorkspaceRoleBinding is the Schema for the workspacerolebindings API +type WorkspaceRoleBinding struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Subjects holds references to the objects the role applies to. + // +optional + Subjects []rbacv1.Subject `json:"subjects,omitempty" protobuf:"bytes,2,rep,name=subjects"` + + // RoleRef can only reference a WorkspaceRole. + // If the RoleRef cannot be resolved, the Authorizer must return an error. + RoleRef rbacv1.RoleRef `json:"roleRef" protobuf:"bytes,3,opt,name=roleRef"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:resource:categories="iam",scope="Cluster" + +// WorkspaceRoleBindingList contains a list of WorkspaceRoleBinding +type WorkspaceRoleBindingList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []WorkspaceRoleBinding `json:"items"` +} + +//+kubebuilder:object:root=true +//+kubebuilder:resource:categories=iam,scope=Namespaced + +// Role is the Schema for the roles API +type Role struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // AggregationRoleTemplates means which RoleTemplates are composed this Role + AggregationRoleTemplates AggregationRoleTemplates `json:"aggregationRoleTemplates,omitempty"` + + // Rules holds all the PolicyRules for this WorkspaceRole + Rules []rbacv1.PolicyRule `json:"rules,omitempty"` +} + +//+kubebuilder:object:root=true +//+kubebuilder:resource:categories=iam,scope=Namespaced + +// RoleList contains a list of Role +type RoleList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Role `json:"items"` +} + +//+kubebuilder:object:root=true +//+kubebuilder:resource:categories=iam,scope=Namespaced + +type RoleBinding struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Subjects holds references to the objects the role applies to. + // +optional + Subjects []rbacv1.Subject `json:"subjects,omitempty" protobuf:"bytes,2,rep,name=subjects"` + + // RoleRef can only reference a WorkspaceRole. + // If the RoleRef cannot be resolved, the Authorizer must return an error. + RoleRef rbacv1.RoleRef `json:"roleRef" protobuf:"bytes,3,opt,name=roleRef"` +} + +//+kubebuilder:object:root=true +//+kubebuilder:resource:categories=iam,scope=Namespaced + +type RoleBindingList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []RoleBinding `json:"items"` +} + +//+kubebuilder:object:root=true +//+kubebuilder:resource:categories=iam,scope=Cluster + +// ClusterRole is the Schema for the clusterroles API +type ClusterRole struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // AggregationRoleTemplates means which RoleTemplates are composed this Role + AggregationRoleTemplates AggregationRoleTemplates `json:"aggregationRoleTemplates,omitempty"` + + // Rules holds all the PolicyRules for this WorkspaceRole + Rules []rbacv1.PolicyRule `json:"rules,omitempty"` +} + +//+kubebuilder:object:root=true +//+kubebuilder:resource:categories=iam,scope=Cluster + +// ClusterRoleList contains a list of ClusterRole +type ClusterRoleList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ClusterRole `json:"items"` +} + +//+kubebuilder:object:root=true +//+kubebuilder:resource:categories=iam,scope=Cluster + +type ClusterRoleBinding struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Subjects holds references to the objects the role applies to. + // +optional + Subjects []rbacv1.Subject `json:"subjects,omitempty" protobuf:"bytes,2,rep,name=subjects"` + + // RoleRef can only reference a WorkspaceRole. + // If the RoleRef cannot be resolved, the Authorizer must return an error. + RoleRef rbacv1.RoleRef `json:"roleRef" protobuf:"bytes,3,opt,name=roleRef"` +} + +//+kubebuilder:object:root=true +//+kubebuilder:resource:categories=iam,scope=Cluster + +type ClusterRoleBindingList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ClusterRoleBinding `json:"items"` +} + +// RoleTemplateSpec defines the desired state of RoleTemplate +type RoleTemplateSpec struct { + // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + // Important: Run "make" to regenerate code after modifying this file + + // DisplayName represent the name displays at console, this field + DisplayName map[string]string `json:"displayName,omitempty"` + Description map[string]string `json:"description,omitempty"` + Rules []rbacv1.PolicyRule `json:"rules"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:resource:categories=iam,scope=Cluster +// +kubebuilder:storageversion +// RoleTemplate is the Schema for the roletemplates API +type RoleTemplate struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec RoleTemplateSpec `json:"spec,omitempty"` +} + +//+kubebuilder:object:root=true +//+kubebuilder:resource:categories=iam,scope=Cluster + +// RoleTemplateList contains a list of RoleTemplate +type RoleTemplateList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []RoleTemplate `json:"items"` +} diff --git a/staging/src/kubesphere.io/api/iam/v1beta1/workspacerole_types.go b/staging/src/kubesphere.io/api/iam/v1beta1/workspacerole_types.go deleted file mode 100644 index d60c8b8e7..000000000 --- a/staging/src/kubesphere.io/api/iam/v1beta1/workspacerole_types.go +++ /dev/null @@ -1,51 +0,0 @@ -/* -Copyright 2023. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! -// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. - -//+kubebuilder:object:root=true -//+kubebuilder:resource:categories=iam,scope=Cluster -//+kubebuilder:printcolumn:name="Workspace",type="string",JSONPath=".metadata.labels.kubesphere\\.io/workspace" -//+kubebuilder:printcolumn:name="Alias",type="string",JSONPath=".metadata.annotations.kubesphere\\.io/alias-name" - -// WorkspaceRole is the Schema for the workspaceroles API -type WorkspaceRole struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - // AggregationRoleTemplates means which RoleTemplates are composed this Role - AggregationRoleTemplates AggregationRoleTemplates `json:"aggregationRoleTemplates,omitempty"` - - // Rules holds all the PolicyRules for this WorkspaceRole - Rules rbacv1.PolicyRule `json:"rules,omitempty"` -} - -//+kubebuilder:object:root=true - -// WorkspaceRoleList contains a list of WorkspaceRole -type WorkspaceRoleList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []WorkspaceRole `json:"items"` -} diff --git a/staging/src/kubesphere.io/api/iam/v1beta1/zz_generated.deepcopy.go b/staging/src/kubesphere.io/api/iam/v1beta1/zz_generated.deepcopy.go index f29ceefb7..d4cd40019 100644 --- a/staging/src/kubesphere.io/api/iam/v1beta1/zz_generated.deepcopy.go +++ b/staging/src/kubesphere.io/api/iam/v1beta1/zz_generated.deepcopy.go @@ -23,7 +23,7 @@ package v1beta1 import ( "k8s.io/api/rbac/v1" - runtime "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. @@ -140,7 +140,13 @@ func (in *ClusterRole) DeepCopyInto(out *ClusterRole) { out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.AggregationRoleTemplates.DeepCopyInto(&out.AggregationRoleTemplates) - in.Rules.DeepCopyInto(&out.Rules) + if in.Rules != nil { + in, out := &in.Rules, &out.Rules + *out = make([]v1.PolicyRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterRole. @@ -161,6 +167,69 @@ func (in *ClusterRole) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterRoleBinding) DeepCopyInto(out *ClusterRoleBinding) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Subjects != nil { + in, out := &in.Subjects, &out.Subjects + *out = make([]v1.Subject, len(*in)) + copy(*out, *in) + } + out.RoleRef = in.RoleRef +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterRoleBinding. +func (in *ClusterRoleBinding) DeepCopy() *ClusterRoleBinding { + if in == nil { + return nil + } + out := new(ClusterRoleBinding) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterRoleBinding) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterRoleBindingList) DeepCopyInto(out *ClusterRoleBindingList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ClusterRoleBinding, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterRoleBindingList. +func (in *ClusterRoleBindingList) DeepCopy() *ClusterRoleBindingList { + if in == nil { + return nil + } + out := new(ClusterRoleBindingList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterRoleBindingList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterRoleList) DeepCopyInto(out *ClusterRoleList) { *out = *in @@ -199,7 +268,13 @@ func (in *GlobalRole) DeepCopyInto(out *GlobalRole) { out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.AggregationRoleTemplates.DeepCopyInto(&out.AggregationRoleTemplates) - in.Rules.DeepCopyInto(&out.Rules) + if in.Rules != nil { + in, out := &in.Rules, &out.Rules + *out = make([]v1.PolicyRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalRole. @@ -220,6 +295,69 @@ func (in *GlobalRole) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GlobalRoleBinding) DeepCopyInto(out *GlobalRoleBinding) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Subjects != nil { + in, out := &in.Subjects, &out.Subjects + *out = make([]v1.Subject, len(*in)) + copy(*out, *in) + } + out.RoleRef = in.RoleRef +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalRoleBinding. +func (in *GlobalRoleBinding) DeepCopy() *GlobalRoleBinding { + if in == nil { + return nil + } + out := new(GlobalRoleBinding) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *GlobalRoleBinding) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GlobalRoleBindingList) DeepCopyInto(out *GlobalRoleBindingList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]GlobalRoleBinding, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalRoleBindingList. +func (in *GlobalRoleBindingList) DeepCopy() *GlobalRoleBindingList { + if in == nil { + return nil + } + out := new(GlobalRoleBindingList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *GlobalRoleBindingList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GlobalRoleList) DeepCopyInto(out *GlobalRoleList) { *out = *in @@ -258,7 +396,13 @@ func (in *Role) DeepCopyInto(out *Role) { out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.AggregationRoleTemplates.DeepCopyInto(&out.AggregationRoleTemplates) - in.Rules.DeepCopyInto(&out.Rules) + if in.Rules != nil { + in, out := &in.Rules, &out.Rules + *out = make([]v1.PolicyRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Role. @@ -279,6 +423,69 @@ func (in *Role) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RoleBinding) DeepCopyInto(out *RoleBinding) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Subjects != nil { + in, out := &in.Subjects, &out.Subjects + *out = make([]v1.Subject, len(*in)) + copy(*out, *in) + } + out.RoleRef = in.RoleRef +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleBinding. +func (in *RoleBinding) DeepCopy() *RoleBinding { + if in == nil { + return nil + } + out := new(RoleBinding) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *RoleBinding) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RoleBindingList) DeepCopyInto(out *RoleBindingList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]RoleBinding, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleBindingList. +func (in *RoleBindingList) DeepCopy() *RoleBindingList { + if in == nil { + return nil + } + out := new(RoleBindingList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *RoleBindingList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RoleList) DeepCopyInto(out *RoleList) { *out = *in @@ -411,7 +618,13 @@ func (in *WorkspaceRole) DeepCopyInto(out *WorkspaceRole) { out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.AggregationRoleTemplates.DeepCopyInto(&out.AggregationRoleTemplates) - in.Rules.DeepCopyInto(&out.Rules) + if in.Rules != nil { + in, out := &in.Rules, &out.Rules + *out = make([]v1.PolicyRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceRole. @@ -432,6 +645,69 @@ func (in *WorkspaceRole) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WorkspaceRoleBinding) DeepCopyInto(out *WorkspaceRoleBinding) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Subjects != nil { + in, out := &in.Subjects, &out.Subjects + *out = make([]v1.Subject, len(*in)) + copy(*out, *in) + } + out.RoleRef = in.RoleRef +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceRoleBinding. +func (in *WorkspaceRoleBinding) DeepCopy() *WorkspaceRoleBinding { + if in == nil { + return nil + } + out := new(WorkspaceRoleBinding) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WorkspaceRoleBinding) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WorkspaceRoleBindingList) DeepCopyInto(out *WorkspaceRoleBindingList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]WorkspaceRoleBinding, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceRoleBindingList. +func (in *WorkspaceRoleBindingList) DeepCopy() *WorkspaceRoleBindingList { + if in == nil { + return nil + } + out := new(WorkspaceRoleBindingList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WorkspaceRoleBindingList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WorkspaceRoleList) DeepCopyInto(out *WorkspaceRoleList) { *out = *in