From 82755ad33f4910c19f479ee1c0d664a5dc6f3af1 Mon Sep 17 00:00:00 2001 From: Craig Jellick Date: Fri, 15 Dec 2017 19:12:22 -0700 Subject: [PATCH] Auth changes --- apis/management.cattle.io/v3/authn_types.go | 47 ++++++++++--------- apis/management.cattle.io/v3/schema/schema.go | 21 +++++++-- 2 files changed, 42 insertions(+), 26 deletions(-) diff --git a/apis/management.cattle.io/v3/authn_types.go b/apis/management.cattle.io/v3/authn_types.go index 3a84ea0f..021ce2cd 100644 --- a/apis/management.cattle.io/v3/authn_types.go +++ b/apis/management.cattle.io/v3/authn_types.go @@ -8,42 +8,44 @@ type Token struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - TokenID string `json:"tokenId,omitempty"` - UserIdentity Identity `json:"userIdentity,omitempty"` - GroupIdentities []Identity `json:"groupIdentities,omitempty"` - ProviderInfo map[string]string `json:"providerInfo,omitempty"` - User string `json:"user,omitempty"` - ExternalID string `json:"externalId,omitempty"` - AuthProvider string `json:"authProvider,omitempty"` - TTLMillis string `json:"ttl,omitempty"` - IdentityRefreshTTLMillis string `json:"identityRefreshTTL,omitempty"` - LastUpdateTime string `json:"lastUpdateTime,omitempty"` - IsDerived bool `json:"isDerived,omitempty"` - Description string `json:"description,omitempty"` + UserPrincipal Principal `json:"userPrincipal" norman:"type=reference[Principal]"` + GroupPrincipals []Principal `json:"groupPrincipals" norman:"type=array[reference[Principal]]"` + ProviderInfo map[string]string `json:"providerInfo,omitempty"` + UserID string `json:"userId" norman:"type=reference[User]"` + AuthProvider string `json:"authProvider"` + TTLMillis int `json:"ttl"` + LastUpdateTime string `json:"lastUpdateTime"` + IsDerived bool `json:"isDerived"` + Description string `json:"description"` } type User struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Secret string `json:"secret,omitempty"` - ExternalID string `json:"externalId,omitempty"` + DisplayName string `json:"displayName,omitempty"` + UserName string `json:"userName,omitempty"` + Password string `json:"password,omitempty"` + MustChangePassword bool `json:"mustChangePassword,omitempty"` + PrincipalIDs []string `json:"principalIds,omitempty" norman:"type=array[reference[Principal]]"` } type Group struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` + + DisplayName string `json:"displayName,omitempty"` } type GroupMember struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - GroupName string `json:"groupName,omitempty" norman:"type=reference[group]"` - ExternalID string `json:"externalId,omitempty"` + GroupName string `json:"groupName,omitempty" norman:"type=reference[group]"` + PrincipalID string `json:"principalId,omitempty" norman:"type=reference[Principal]"` } -type Identity struct { +type Principal struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -59,12 +61,11 @@ type Identity struct { //LoginInput structure defines all properties that can be sent by client to create a token type LoginInput struct { - TTLMillis string `json:"ttl,omitempty"` - IdentityRefreshTTLMillis string `json:"identityRefreshTTL,omitempty"` - Description string `json:"description,omitempty"` - ResponseType string `json:"responseType,omitempty"` //json or cookie - LocalCredential LocalCredential `json:"localCredential, omitempty"` - GithubCredential GithubCredential `json:"githubCredential, omitempty"` + TTLMillis int `json:"ttl,omitempty"` + Description string `json:"description,omitempty"` + ResponseType string `json:"responseType,omitempty"` //json or cookie + LocalCredential LocalCredential `json:"localCredential, omitempty"` + GithubCredential GithubCredential `json:"githubCredential, omitempty"` } //LocalCredential stores the local auth creds diff --git a/apis/management.cattle.io/v3/schema/schema.go b/apis/management.cattle.io/v3/schema/schema.go index ccae0a17..e1743292 100644 --- a/apis/management.cattle.io/v3/schema/schema.go +++ b/apis/management.cattle.io/v3/schema/schema.go @@ -96,16 +96,29 @@ func authzTypes(schemas *types.Schemas) *types.Schemas { &m.Move{From: "subject/namespace", To: "subjectNamespace"}, &m.Drop{Field: "subject"}, ). + AddMapperForType(&Version, v3.ClusterRoleTemplateBinding{}, + &m.Move{From: "subject/name", To: "subjectName"}, + &m.Move{From: "subject/kind", To: "subjectKind"}, + &m.Move{From: "subject/namespace", To: "subjectNamespace"}, + &m.Drop{Field: "subject"}, + ). MustImportAndCustomize(&Version, v3.Project{}, func(schema *types.Schema) { schema.SubContext = "projects" }). MustImport(&Version, v3.RoleTemplate{}). MustImport(&Version, v3.PodSecurityPolicyTemplate{}). - MustImport(&Version, v3.ClusterRoleTemplateBinding{}). + MustImportAndCustomize(&Version, v3.ClusterRoleTemplateBinding{}, func(schema *types.Schema) { + schema.MustCustomizeField("subjectKind", func(field types.Field) types.Field { + field.Type = "enum" + field.Options = []string{"User", "Group", "ServiceAccount", "Principal"} + field.Nullable = false + return field + }) + }). MustImportAndCustomize(&Version, v3.ProjectRoleTemplateBinding{}, func(schema *types.Schema) { schema.MustCustomizeField("subjectKind", func(field types.Field) types.Field { field.Type = "enum" - field.Options = []string{"User", "Group", "ServiceAccount"} + field.Options = []string{"User", "Group", "ServiceAccount", "Principal"} field.Nullable = false return field }) @@ -131,11 +144,13 @@ func machineTypes(schemas *types.Schemas) *types.Schemas { func authnTypes(schemas *types.Schemas) *types.Schemas { return schemas. + AddMapperForType(&Version, v3.User{}, m.DisplayName{}). + AddMapperForType(&Version, v3.Group{}, m.DisplayName{}). MustImport(&Version, v3.Token{}). MustImport(&Version, v3.User{}). MustImport(&Version, v3.Group{}). MustImport(&Version, v3.GroupMember{}). - MustImport(&Version, v3.Identity{}). + MustImport(&Version, v3.Principal{}). MustImport(&Version, v3.LoginInput{}). MustImport(&Version, v3.LocalCredential{}). MustImport(&Version, v3.GithubCredential{})