From 84196a0f47cd865141c77d1767dff586429a2af5 Mon Sep 17 00:00:00 2001 From: Craig Jellick Date: Tue, 12 Dec 2017 11:24:40 -0700 Subject: [PATCH] Move PSP to project and cluster PSPs will only be able to be set directly on cluster or project and only by a cluster-admin. --- apis/management.cattle.io/v3/authz_types.go | 8 +- apis/management.cattle.io/v3/cluster_types.go | 11 +- .../v3/zz_generated_deepcopy.go | 5 - client/management/v3/zz_generated_cluster.go | 108 +++++++++--------- .../v3/zz_generated_cluster_spec.go | 24 ++-- client/management/v3/zz_generated_project.go | 48 ++++---- .../v3/zz_generated_project_spec.go | 12 +- .../v3/zz_generated_role_template.go | 52 ++++----- 8 files changed, 135 insertions(+), 133 deletions(-) diff --git a/apis/management.cattle.io/v3/authz_types.go b/apis/management.cattle.io/v3/authz_types.go index b7ad61c9..afbc81bf 100644 --- a/apis/management.cattle.io/v3/authz_types.go +++ b/apis/management.cattle.io/v3/authz_types.go @@ -14,8 +14,9 @@ type Project struct { } type ProjectSpec struct { - DisplayName string `json:"displayName,omitempty" norman:"required"` - ClusterName string `json:"clusterName,omitempty" norman:"required,type=reference[cluster]"` + DisplayName string `json:"displayName,omitempty" norman:"required"` + ClusterName string `json:"clusterName,omitempty" norman:"required,type=reference[cluster]"` + PodSecurityPolicyTemplateName string `json:"podSecurityPolicyTemplateName,omitempty" norman:"type=reference[podSecurityPolicyTemplate]"` } type RoleTemplate struct { @@ -25,8 +26,7 @@ type RoleTemplate struct { Rules []rbacv1.PolicyRule `json:"rules,omitempty"` Builtin bool `json:"builtin"` - RoleTemplateNames []string `json:"roleTemplateNames,omitempty" norman:"type=array[reference[roleTemplate]]"` - PodSecurityPolicyTemplateNames []string `json:"podSecurityPolicyTemplateNames,omitempty" norman:"type=array[reference[podSecurityPolicyTemplate]]"` + RoleTemplateNames []string `json:"roleTemplateNames,omitempty" norman:"type=array[reference[roleTemplate]]"` } type PodSecurityPolicyTemplate struct { diff --git a/apis/management.cattle.io/v3/cluster_types.go b/apis/management.cattle.io/v3/cluster_types.go index b2474d5a..2e7739ec 100644 --- a/apis/management.cattle.io/v3/cluster_types.go +++ b/apis/management.cattle.io/v3/cluster_types.go @@ -35,11 +35,12 @@ type Cluster struct { } type ClusterSpec struct { - Description string `json:"description"` - Internal bool `json:"internal" norman:"nocreate,noupdate"` - GoogleKubernetesEngineConfig *GoogleKubernetesEngineConfig `json:"googleKubernetesEngineConfig,omitempty"` - AzureKubernetesServiceConfig *AzureKubernetesServiceConfig `json:"azureKubernetesServiceConfig,omitempty"` - RancherKubernetesEngineConfig *RancherKubernetesEngineConfig `json:"rancherKubernetesEngineConfig,omitempty"` + Description string `json:"description"` + Internal bool `json:"internal" norman:"nocreate,noupdate"` + GoogleKubernetesEngineConfig *GoogleKubernetesEngineConfig `json:"googleKubernetesEngineConfig,omitempty"` + AzureKubernetesServiceConfig *AzureKubernetesServiceConfig `json:"azureKubernetesServiceConfig,omitempty"` + RancherKubernetesEngineConfig *RancherKubernetesEngineConfig `json:"rancherKubernetesEngineConfig,omitempty"` + DefaultPodSecurityPolicyTemplateName string `json:"defaultPodSecurityPolicyTemplateName,omitempty" norman:"type=reference[podSecurityPolicyTemplate]"` } type ClusterStatus struct { diff --git a/apis/management.cattle.io/v3/zz_generated_deepcopy.go b/apis/management.cattle.io/v3/zz_generated_deepcopy.go index bbeefd96..a4db218f 100644 --- a/apis/management.cattle.io/v3/zz_generated_deepcopy.go +++ b/apis/management.cattle.io/v3/zz_generated_deepcopy.go @@ -2142,11 +2142,6 @@ func (in *RoleTemplate) DeepCopyInto(out *RoleTemplate) { *out = make([]string, len(*in)) copy(*out, *in) } - if in.PodSecurityPolicyTemplateNames != nil { - in, out := &in.PodSecurityPolicyTemplateNames, &out.PodSecurityPolicyTemplateNames - *out = make([]string, len(*in)) - copy(*out, *in) - } return } diff --git a/client/management/v3/zz_generated_cluster.go b/client/management/v3/zz_generated_cluster.go index b6493634..8a885091 100644 --- a/client/management/v3/zz_generated_cluster.go +++ b/client/management/v3/zz_generated_cluster.go @@ -5,63 +5,65 @@ import ( ) const ( - ClusterType = "cluster" - ClusterFieldAPIEndpoint = "apiEndpoint" - ClusterFieldAllocatable = "allocatable" - ClusterFieldAnnotations = "annotations" - ClusterFieldAzureKubernetesServiceConfig = "azureKubernetesServiceConfig" - ClusterFieldCACert = "caCert" - ClusterFieldCapacity = "capacity" - ClusterFieldComponentStatuses = "componentStatuses" - ClusterFieldConditions = "conditions" - ClusterFieldCreated = "created" - ClusterFieldDescription = "description" - ClusterFieldFinalizers = "finalizers" - ClusterFieldGoogleKubernetesEngineConfig = "googleKubernetesEngineConfig" - ClusterFieldInternal = "internal" - ClusterFieldLabels = "labels" - ClusterFieldLimits = "limits" - ClusterFieldName = "name" - ClusterFieldOwnerReferences = "ownerReferences" - ClusterFieldRancherKubernetesEngineConfig = "rancherKubernetesEngineConfig" - ClusterFieldRemoved = "removed" - ClusterFieldRequested = "requested" - ClusterFieldResourcePath = "resourcePath" - ClusterFieldServiceAccountToken = "serviceAccountToken" - ClusterFieldState = "state" - ClusterFieldTransitioning = "transitioning" - ClusterFieldTransitioningMessage = "transitioningMessage" - ClusterFieldUuid = "uuid" + ClusterType = "cluster" + ClusterFieldAPIEndpoint = "apiEndpoint" + ClusterFieldAllocatable = "allocatable" + ClusterFieldAnnotations = "annotations" + ClusterFieldAzureKubernetesServiceConfig = "azureKubernetesServiceConfig" + ClusterFieldCACert = "caCert" + ClusterFieldCapacity = "capacity" + ClusterFieldComponentStatuses = "componentStatuses" + ClusterFieldConditions = "conditions" + ClusterFieldCreated = "created" + ClusterFieldDefaultPodSecurityPolicyTemplateId = "defaultPodSecurityPolicyTemplateId" + ClusterFieldDescription = "description" + ClusterFieldFinalizers = "finalizers" + ClusterFieldGoogleKubernetesEngineConfig = "googleKubernetesEngineConfig" + ClusterFieldInternal = "internal" + ClusterFieldLabels = "labels" + ClusterFieldLimits = "limits" + ClusterFieldName = "name" + ClusterFieldOwnerReferences = "ownerReferences" + ClusterFieldRancherKubernetesEngineConfig = "rancherKubernetesEngineConfig" + ClusterFieldRemoved = "removed" + ClusterFieldRequested = "requested" + ClusterFieldResourcePath = "resourcePath" + ClusterFieldServiceAccountToken = "serviceAccountToken" + ClusterFieldState = "state" + ClusterFieldTransitioning = "transitioning" + ClusterFieldTransitioningMessage = "transitioningMessage" + ClusterFieldUuid = "uuid" ) type Cluster struct { types.Resource - APIEndpoint string `json:"apiEndpoint,omitempty"` - Allocatable map[string]string `json:"allocatable,omitempty"` - Annotations map[string]string `json:"annotations,omitempty"` - AzureKubernetesServiceConfig *AzureKubernetesServiceConfig `json:"azureKubernetesServiceConfig,omitempty"` - CACert string `json:"caCert,omitempty"` - Capacity map[string]string `json:"capacity,omitempty"` - ComponentStatuses []ClusterComponentStatus `json:"componentStatuses,omitempty"` - Conditions []ClusterCondition `json:"conditions,omitempty"` - Created string `json:"created,omitempty"` - Description string `json:"description,omitempty"` - Finalizers []string `json:"finalizers,omitempty"` - GoogleKubernetesEngineConfig *GoogleKubernetesEngineConfig `json:"googleKubernetesEngineConfig,omitempty"` - Internal *bool `json:"internal,omitempty"` - Labels map[string]string `json:"labels,omitempty"` - Limits map[string]string `json:"limits,omitempty"` - Name string `json:"name,omitempty"` - OwnerReferences []OwnerReference `json:"ownerReferences,omitempty"` - RancherKubernetesEngineConfig *RancherKubernetesEngineConfig `json:"rancherKubernetesEngineConfig,omitempty"` - Removed string `json:"removed,omitempty"` - Requested map[string]string `json:"requested,omitempty"` - ResourcePath string `json:"resourcePath,omitempty"` - ServiceAccountToken string `json:"serviceAccountToken,omitempty"` - State string `json:"state,omitempty"` - Transitioning string `json:"transitioning,omitempty"` - TransitioningMessage string `json:"transitioningMessage,omitempty"` - Uuid string `json:"uuid,omitempty"` + APIEndpoint string `json:"apiEndpoint,omitempty"` + Allocatable map[string]string `json:"allocatable,omitempty"` + Annotations map[string]string `json:"annotations,omitempty"` + AzureKubernetesServiceConfig *AzureKubernetesServiceConfig `json:"azureKubernetesServiceConfig,omitempty"` + CACert string `json:"caCert,omitempty"` + Capacity map[string]string `json:"capacity,omitempty"` + ComponentStatuses []ClusterComponentStatus `json:"componentStatuses,omitempty"` + Conditions []ClusterCondition `json:"conditions,omitempty"` + Created string `json:"created,omitempty"` + DefaultPodSecurityPolicyTemplateId string `json:"defaultPodSecurityPolicyTemplateId,omitempty"` + Description string `json:"description,omitempty"` + Finalizers []string `json:"finalizers,omitempty"` + GoogleKubernetesEngineConfig *GoogleKubernetesEngineConfig `json:"googleKubernetesEngineConfig,omitempty"` + Internal *bool `json:"internal,omitempty"` + Labels map[string]string `json:"labels,omitempty"` + Limits map[string]string `json:"limits,omitempty"` + Name string `json:"name,omitempty"` + OwnerReferences []OwnerReference `json:"ownerReferences,omitempty"` + RancherKubernetesEngineConfig *RancherKubernetesEngineConfig `json:"rancherKubernetesEngineConfig,omitempty"` + Removed string `json:"removed,omitempty"` + Requested map[string]string `json:"requested,omitempty"` + ResourcePath string `json:"resourcePath,omitempty"` + ServiceAccountToken string `json:"serviceAccountToken,omitempty"` + State string `json:"state,omitempty"` + Transitioning string `json:"transitioning,omitempty"` + TransitioningMessage string `json:"transitioningMessage,omitempty"` + Uuid string `json:"uuid,omitempty"` } type ClusterCollection struct { types.Collection diff --git a/client/management/v3/zz_generated_cluster_spec.go b/client/management/v3/zz_generated_cluster_spec.go index fd22060f..47e2ba5a 100644 --- a/client/management/v3/zz_generated_cluster_spec.go +++ b/client/management/v3/zz_generated_cluster_spec.go @@ -1,18 +1,20 @@ package client const ( - ClusterSpecType = "clusterSpec" - ClusterSpecFieldAzureKubernetesServiceConfig = "azureKubernetesServiceConfig" - ClusterSpecFieldDescription = "description" - ClusterSpecFieldGoogleKubernetesEngineConfig = "googleKubernetesEngineConfig" - ClusterSpecFieldInternal = "internal" - ClusterSpecFieldRancherKubernetesEngineConfig = "rancherKubernetesEngineConfig" + ClusterSpecType = "clusterSpec" + ClusterSpecFieldAzureKubernetesServiceConfig = "azureKubernetesServiceConfig" + ClusterSpecFieldDefaultPodSecurityPolicyTemplateId = "defaultPodSecurityPolicyTemplateId" + ClusterSpecFieldDescription = "description" + ClusterSpecFieldGoogleKubernetesEngineConfig = "googleKubernetesEngineConfig" + ClusterSpecFieldInternal = "internal" + ClusterSpecFieldRancherKubernetesEngineConfig = "rancherKubernetesEngineConfig" ) type ClusterSpec struct { - AzureKubernetesServiceConfig *AzureKubernetesServiceConfig `json:"azureKubernetesServiceConfig,omitempty"` - Description string `json:"description,omitempty"` - GoogleKubernetesEngineConfig *GoogleKubernetesEngineConfig `json:"googleKubernetesEngineConfig,omitempty"` - Internal *bool `json:"internal,omitempty"` - RancherKubernetesEngineConfig *RancherKubernetesEngineConfig `json:"rancherKubernetesEngineConfig,omitempty"` + AzureKubernetesServiceConfig *AzureKubernetesServiceConfig `json:"azureKubernetesServiceConfig,omitempty"` + DefaultPodSecurityPolicyTemplateId string `json:"defaultPodSecurityPolicyTemplateId,omitempty"` + Description string `json:"description,omitempty"` + GoogleKubernetesEngineConfig *GoogleKubernetesEngineConfig `json:"googleKubernetesEngineConfig,omitempty"` + Internal *bool `json:"internal,omitempty"` + RancherKubernetesEngineConfig *RancherKubernetesEngineConfig `json:"rancherKubernetesEngineConfig,omitempty"` } diff --git a/client/management/v3/zz_generated_project.go b/client/management/v3/zz_generated_project.go index 77f8a5d9..a2e90a19 100644 --- a/client/management/v3/zz_generated_project.go +++ b/client/management/v3/zz_generated_project.go @@ -5,33 +5,35 @@ import ( ) const ( - ProjectType = "project" - ProjectFieldAnnotations = "annotations" - ProjectFieldClusterId = "clusterId" - ProjectFieldCreated = "created" - ProjectFieldFinalizers = "finalizers" - ProjectFieldId = "id" - ProjectFieldLabels = "labels" - ProjectFieldName = "name" - ProjectFieldOwnerReferences = "ownerReferences" - ProjectFieldRemoved = "removed" - ProjectFieldResourcePath = "resourcePath" - ProjectFieldUuid = "uuid" + ProjectType = "project" + ProjectFieldAnnotations = "annotations" + ProjectFieldClusterId = "clusterId" + ProjectFieldCreated = "created" + ProjectFieldFinalizers = "finalizers" + ProjectFieldId = "id" + ProjectFieldLabels = "labels" + ProjectFieldName = "name" + ProjectFieldOwnerReferences = "ownerReferences" + ProjectFieldPodSecurityPolicyTemplateId = "podSecurityPolicyTemplateId" + ProjectFieldRemoved = "removed" + ProjectFieldResourcePath = "resourcePath" + ProjectFieldUuid = "uuid" ) type Project struct { types.Resource - Annotations map[string]string `json:"annotations,omitempty"` - ClusterId string `json:"clusterId,omitempty"` - Created string `json:"created,omitempty"` - Finalizers []string `json:"finalizers,omitempty"` - Id string `json:"id,omitempty"` - Labels map[string]string `json:"labels,omitempty"` - Name string `json:"name,omitempty"` - OwnerReferences []OwnerReference `json:"ownerReferences,omitempty"` - Removed string `json:"removed,omitempty"` - ResourcePath string `json:"resourcePath,omitempty"` - Uuid string `json:"uuid,omitempty"` + Annotations map[string]string `json:"annotations,omitempty"` + ClusterId string `json:"clusterId,omitempty"` + Created string `json:"created,omitempty"` + Finalizers []string `json:"finalizers,omitempty"` + Id string `json:"id,omitempty"` + Labels map[string]string `json:"labels,omitempty"` + Name string `json:"name,omitempty"` + OwnerReferences []OwnerReference `json:"ownerReferences,omitempty"` + PodSecurityPolicyTemplateId string `json:"podSecurityPolicyTemplateId,omitempty"` + Removed string `json:"removed,omitempty"` + ResourcePath string `json:"resourcePath,omitempty"` + Uuid string `json:"uuid,omitempty"` } type ProjectCollection struct { types.Collection diff --git a/client/management/v3/zz_generated_project_spec.go b/client/management/v3/zz_generated_project_spec.go index 8980b7c1..28a4c4fb 100644 --- a/client/management/v3/zz_generated_project_spec.go +++ b/client/management/v3/zz_generated_project_spec.go @@ -1,12 +1,14 @@ package client const ( - ProjectSpecType = "projectSpec" - ProjectSpecFieldClusterId = "clusterId" - ProjectSpecFieldDisplayName = "displayName" + ProjectSpecType = "projectSpec" + ProjectSpecFieldClusterId = "clusterId" + ProjectSpecFieldDisplayName = "displayName" + ProjectSpecFieldPodSecurityPolicyTemplateId = "podSecurityPolicyTemplateId" ) type ProjectSpec struct { - ClusterId string `json:"clusterId,omitempty"` - DisplayName string `json:"displayName,omitempty"` + ClusterId string `json:"clusterId,omitempty"` + DisplayName string `json:"displayName,omitempty"` + PodSecurityPolicyTemplateId string `json:"podSecurityPolicyTemplateId,omitempty"` } diff --git a/client/management/v3/zz_generated_role_template.go b/client/management/v3/zz_generated_role_template.go index e4289806..802549d3 100644 --- a/client/management/v3/zz_generated_role_template.go +++ b/client/management/v3/zz_generated_role_template.go @@ -5,37 +5,35 @@ import ( ) const ( - RoleTemplateType = "roleTemplate" - RoleTemplateFieldAnnotations = "annotations" - RoleTemplateFieldBuiltin = "builtin" - RoleTemplateFieldCreated = "created" - RoleTemplateFieldFinalizers = "finalizers" - RoleTemplateFieldLabels = "labels" - RoleTemplateFieldName = "name" - RoleTemplateFieldOwnerReferences = "ownerReferences" - RoleTemplateFieldPodSecurityPolicyTemplateIds = "podSecurityPolicyTemplateIds" - RoleTemplateFieldRemoved = "removed" - RoleTemplateFieldResourcePath = "resourcePath" - RoleTemplateFieldRoleTemplateIds = "roleTemplateIds" - RoleTemplateFieldRules = "rules" - RoleTemplateFieldUuid = "uuid" + RoleTemplateType = "roleTemplate" + RoleTemplateFieldAnnotations = "annotations" + RoleTemplateFieldBuiltin = "builtin" + RoleTemplateFieldCreated = "created" + RoleTemplateFieldFinalizers = "finalizers" + RoleTemplateFieldLabels = "labels" + RoleTemplateFieldName = "name" + RoleTemplateFieldOwnerReferences = "ownerReferences" + RoleTemplateFieldRemoved = "removed" + RoleTemplateFieldResourcePath = "resourcePath" + RoleTemplateFieldRoleTemplateIds = "roleTemplateIds" + RoleTemplateFieldRules = "rules" + RoleTemplateFieldUuid = "uuid" ) type RoleTemplate struct { types.Resource - Annotations map[string]string `json:"annotations,omitempty"` - Builtin *bool `json:"builtin,omitempty"` - Created string `json:"created,omitempty"` - Finalizers []string `json:"finalizers,omitempty"` - Labels map[string]string `json:"labels,omitempty"` - Name string `json:"name,omitempty"` - OwnerReferences []OwnerReference `json:"ownerReferences,omitempty"` - PodSecurityPolicyTemplateIds []string `json:"podSecurityPolicyTemplateIds,omitempty"` - Removed string `json:"removed,omitempty"` - ResourcePath string `json:"resourcePath,omitempty"` - RoleTemplateIds []string `json:"roleTemplateIds,omitempty"` - Rules []PolicyRule `json:"rules,omitempty"` - Uuid string `json:"uuid,omitempty"` + Annotations map[string]string `json:"annotations,omitempty"` + Builtin *bool `json:"builtin,omitempty"` + Created string `json:"created,omitempty"` + Finalizers []string `json:"finalizers,omitempty"` + Labels map[string]string `json:"labels,omitempty"` + Name string `json:"name,omitempty"` + OwnerReferences []OwnerReference `json:"ownerReferences,omitempty"` + Removed string `json:"removed,omitempty"` + ResourcePath string `json:"resourcePath,omitempty"` + RoleTemplateIds []string `json:"roleTemplateIds,omitempty"` + Rules []PolicyRule `json:"rules,omitempty"` + Uuid string `json:"uuid,omitempty"` } type RoleTemplateCollection struct { types.Collection