-
Notifications
You must be signed in to change notification settings - Fork 95
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #955 from renan-campos/wif
OCM-7432 | Defining WIF resources and endpoints
- Loading branch information
Showing
8 changed files
with
334 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
/* | ||
Copyright (c) 2024 Red Hat, Inc. | ||
|
||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
|
||
http://www.apache.org/licenses/LICENSE-2.0 | ||
|
||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
// Manages a specific wif_config. | ||
resource WifConfig { | ||
// Retrieves the details of the WifConfig. | ||
method Get { | ||
out Body WifConfig | ||
} | ||
|
||
// Deletes the wif_config. | ||
method Delete { | ||
// Dry run flag is used to check if the operation can be completed, but won't delete. | ||
in DryRun Boolean = false | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
/* | ||
Copyright (c) 2024 Red Hat, Inc. | ||
|
||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
|
||
http://www.apache.org/licenses/LICENSE-2.0 | ||
|
||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
// Definition of an wif_config resource. | ||
class WifConfig { | ||
// The name OCM clients will display for this wif_config. | ||
DisplayName String | ||
// Holds GCP related data. | ||
Gcp WifGcp | ||
// The OCM organization that this wif_config resource belongs to. | ||
Organization OrganizationLink | ||
} | ||
|
||
struct WifGcp { | ||
// This is the service account email that OCM will use to access other SAs. | ||
ImpersonatorEmail String | ||
// This represents the GCP project ID in which the wif resources will be configured. | ||
ProjectId String | ||
// The list of service accounts and their associated roles that will need to be | ||
// configured on the user's GCP project. | ||
ServiceAccounts []WifServiceAccount | ||
// The workload identity configuration data that will be used to create the | ||
// workload identity pool on the user's account. | ||
WorkloadIdentityPool WifPool | ||
} | ||
|
||
struct WifPool { | ||
// Identity provider configuration data that will be created as part of the | ||
// workload identity pool. | ||
IdentityProvider WifIdentityProvider | ||
// The Id of the workload identity pool. | ||
PoolId String | ||
// The display name of the workload identity pool. | ||
PoolName String | ||
} | ||
|
||
struct WifIdentityProvider { | ||
AllowedAudiences []String | ||
IdentityProviderId String | ||
IssuerUrl String | ||
Jwks string | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
/* | ||
Copyright (c) 2024 Red Hat, Inc. | ||
|
||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
|
||
http://www.apache.org/licenses/LICENSE-2.0 | ||
|
||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
// Manages the collection of wif_configs. | ||
resource WifConfigs { | ||
// Retrieves the list of wif_configs | ||
method List { | ||
// Index of the requested page, where one corresponds to the first page. | ||
in out Page Integer = 1 | ||
|
||
// Maximum number of items that will be contained in the returned page. | ||
in out Size Integer = 100 | ||
|
||
// Search criteria. | ||
// | ||
// The syntax of this parameter is similar to the syntax of the _where_ clause of a | ||
// SQL statement, but using the names of the attributes of the cluster instead of | ||
// the names of the columns of a table. For example, in order to retrieve all the | ||
// clusters with a name starting with `my` in the `us-east-1` region the value | ||
// should be: | ||
// | ||
// ```sql | ||
// name like 'my%' and region.id = 'us-east-1' | ||
// ``` | ||
// | ||
// If the parameter isn't provided, or if the value is empty, then all the | ||
// wif_configs that the user has permission to see will be returned. | ||
in Search String | ||
|
||
// Order criteria. | ||
// | ||
// The syntax of this parameter is similar to the syntax of the _order by_ clause of | ||
// a SQL statement, but using the names of the attributes of the cluster instead of | ||
// the names of the columns of a table. For example, in order to sort the clusters | ||
// descending by region identifier the value should be: | ||
// | ||
// ```sql | ||
// region.id desc | ||
// ``` | ||
// | ||
// If the parameter isn't provided, or if the value is empty, then the order of the | ||
// results is undefined. | ||
in Order String | ||
|
||
// Total number of items of the collection that match the search criteria, | ||
// regardless of the size of the page. | ||
out Total Integer | ||
|
||
// Retrieved list of wif_configs. | ||
out Items []WifConfig | ||
} | ||
|
||
// Provision a new wif_config resource and add it to the collection of wif_configs. | ||
method Add { | ||
// Description of the wif_config. | ||
in out Body WifConfig | ||
} | ||
|
||
// Returns a reference to the service that manages an specific wif_config. | ||
locator WifConfig { | ||
target WifConfig | ||
variable ID | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
/* | ||
Copyright (c) 2024 Red Hat, Inc. | ||
|
||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
|
||
http://www.apache.org/licenses/LICENSE-2.0 | ||
|
||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
struct WifServiceAccount { | ||
AccessMethod WifAccessMethod | ||
CredentialRequest WifCredentialRequest | ||
ServiceAccountId String | ||
OsdRole String | ||
Roles []WifRole | ||
} | ||
|
||
enum WifAccessMethod { | ||
Impersonate | ||
Wif | ||
} | ||
|
||
struct WifCredentialRequest { | ||
SecretRef WifSecretRef | ||
ServiceAccountNames []String | ||
} | ||
|
||
struct WifSecretRef { | ||
Name String | ||
Namespace String | ||
} | ||
|
||
struct WifRole { | ||
RoleId String | ||
Predefined Boolean | ||
Permissions []String | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
/* | ||
Copyright (c) 2024 Red Hat, Inc. | ||
|
||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
|
||
http://www.apache.org/licenses/LICENSE-2.0 | ||
|
||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
// Manages a specific wif_template. | ||
resource WifTemplate { | ||
// Retrieves the details of the wif_template. | ||
method Get { | ||
out Body WifTemplate | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
/* | ||
Copyright (c) 2024 Red Hat, Inc. | ||
|
||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
|
||
http://www.apache.org/licenses/LICENSE-2.0 | ||
|
||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
// Definition of an wif_template resource. | ||
class WifTemplate { | ||
// The list of service accounts and their associated roles that this template | ||
// would require to be configured on the user's GCP project. | ||
ServiceAccounts []WifServiceAccount | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
/* | ||
Copyright (c) 2024 Red Hat, Inc. | ||
|
||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
|
||
http://www.apache.org/licenses/LICENSE-2.0 | ||
|
||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
// Manages the collection of wif_templates. | ||
// wif_templates hold the GCP resource requirements for wif deployments. | ||
// wif_config resources are based off of wif_templates during creation. | ||
resource WifTemplates { | ||
// Retrieves the list of wif_templates | ||
method List { | ||
// Index of the requested page, where one corresponds to the first page. | ||
in out Page Integer = 1 | ||
|
||
// Maximum number of items that will be contained in the returned page. | ||
in out Size Integer = 100 | ||
|
||
// Search criteria. | ||
// | ||
// The syntax of this parameter is similar to the syntax of the _where_ clause of a | ||
// SQL statement, but using the names of the attributes of the cluster instead of | ||
// the names of the columns of a table. For example, in order to retrieve all the | ||
// clusters with a name starting with `my` in the `us-east-1` region the value | ||
// should be: | ||
// | ||
// ```sql | ||
// name like 'my%' and region.id = 'us-east-1' | ||
// ``` | ||
// | ||
// If the parameter isn't provided, or if the value is empty, then all the | ||
// wif_templates that the user has permission to see will be returned. | ||
in Search String | ||
|
||
// Order criteria. | ||
// | ||
// The syntax of this parameter is similar to the syntax of the _order by_ clause of | ||
// a SQL statement, but using the names of the attributes of the cluster instead of | ||
// the names of the columns of a table. For example, in order to sort the clusters | ||
// descending by region identifier the value should be: | ||
// | ||
// ```sql | ||
// region.id desc | ||
// ``` | ||
// | ||
// If the parameter isn't provided, or if the value is empty, then the order of the | ||
// results is undefined. | ||
in Order String | ||
|
||
// Total number of items of the collection that match the search criteria, | ||
// regardless of the size of the page. | ||
out Total Integer | ||
|
||
// Retrieved list of wif_templates. | ||
out Items []WifTemplate | ||
} | ||
|
||
// Returns a reference to the service that manages a specific wif_template. | ||
locator WifTemplate { | ||
target WifTemplate | ||
variable ID | ||
} | ||
} |