Add default fields to globalRole and roleTemplates

2025-08-31 12:48:45 +00:00 · 2018-07-03 16:01:35 -07:00
parent 8fa06eae27
commit d8ca395c0b
11 changed files with 231 additions and 93 deletions
--- a/apis/management.cattle.io/v3/authn_types.go
+++ b/apis/management.cattle.io/v3/authn_types.go
@@ -1,9 +1,13 @@
 package v3

 import (
+	"github.com/rancher/norman/condition"
+	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

+const UserConditionInitialRolesPopulated condition.Cond = "InitialRolesPopulated"
+
 type Token struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
@@ -26,16 +30,39 @@ type User struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

-	DisplayName        string   `json:"displayName,omitempty"`
-	Description        string   `json:"description"`
-	Username           string   `json:"username,omitempty"`
-	Password           string   `json:"password,omitempty" norman:"writeOnly,noupdate"`
-	MustChangePassword bool     `json:"mustChangePassword,omitempty"`
-	PrincipalIDs       []string `json:"principalIds,omitempty" norman:"type=array[reference[principal]]"`
-	Me                 bool     `json:"me,omitempty"`
-	Enabled            *bool    `json:"enabled,omitempty" norman:"default=true"`
+	DisplayName        string     `json:"displayName,omitempty"`
+	Description        string     `json:"description"`
+	Username           string     `json:"username,omitempty"`
+	Password           string     `json:"password,omitempty" norman:"writeOnly,noupdate"`
+	MustChangePassword bool       `json:"mustChangePassword,omitempty"`
+	PrincipalIDs       []string   `json:"principalIds,omitempty" norman:"type=array[reference[principal]]"`
+	Me                 bool       `json:"me,omitempty"`
+	Enabled            *bool      `json:"enabled,omitempty" norman:"default=true"`
+	Spec               UserSpec   `json:"spec,omitempty"`
+	Status             UserStatus `json:"status"`
 }

+type UserStatus struct {
+	Conditions []UserCondition `json:"conditions"`
+}
+
+type UserCondition struct {
+	// Type of user condition.
+	Type string `json:"type"`
+	// Status of the condition, one of True, False, Unknown.
+	Status v1.ConditionStatus `json:"status"`
+	// The last time this condition was updated.
+	LastUpdateTime string `json:"lastUpdateTime,omitempty"`
+	// Last time the condition transitioned from one status to another.
+	LastTransitionTime string `json:"lastTransitionTime,omitempty"`
+	// The reason for the condition's last transition.
+	Reason string `json:"reason,omitempty"`
+	// Human-readable message indicating details about last transition
+	Message string `json:"message,omitempty"`
+}
+
+type UserSpec struct{}
+
 // UserAttribute will have a CRD (and controller) generated for it, but will not be exposed in the API.
 type UserAttribute struct {
 	metav1.TypeMeta   `json:",inline"`
--- a/apis/management.cattle.io/v3/authz_types.go
+++ b/apis/management.cattle.io/v3/authz_types.go
@@ -10,9 +10,10 @@ import (
 )

 var (
-	NamespaceBackedResource     condition.Cond = "BackingNamespaceCreated"
-	CreatorMadeOwner            condition.Cond = "CreatorMadeOwner"
-	DefaultNetworkPolicyCreated condition.Cond = "DefaultNetworkPolicyCreated"
+	NamespaceBackedResource               condition.Cond = "BackingNamespaceCreated"
+	CreatorMadeOwner                      condition.Cond = "CreatorMadeOwner"
+	DefaultNetworkPolicyCreated           condition.Cond = "DefaultNetworkPolicyCreated"
+	ProjectConditionInitialRolesPopulated condition.Cond = "InitialRolesPopulated"
 )

 type Project struct {
@@ -55,10 +56,10 @@ type GlobalRole struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

-	DisplayName string              `json:"displayName,omitempty" norman:"required"`
-	Description string              `json:"description"`
-	Rules       []rbacv1.PolicyRule `json:"rules,omitempty"`
-	Builtin     bool                `json:"builtin" norman:"nocreate,noupdate"`
+	DisplayName    string              `json:"displayName,omitempty" norman:"required,noupdate"`
+	Description    string              `json:"description" norman:"noupdate"`
+	Rules          []rbacv1.PolicyRule `json:"rules,omitempty" norman:"noupdate"`
+	NewUserDefault bool                `json:"newUserDefault,omitempty" norman:"required"`
 }

 type GlobalRoleBinding struct {
@@ -73,15 +74,17 @@ type RoleTemplate struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

-	DisplayName       string              `json:"displayName,omitempty" norman:"required"`
-	Description       string              `json:"description"`
-	Rules             []rbacv1.PolicyRule `json:"rules,omitempty"`
-	Builtin           bool                `json:"builtin" norman:"nocreate,noupdate"`
-	External          bool                `json:"external"`
-	Hidden            bool                `json:"hidden"`
-	Locked            bool                `json:"locked,omitempty" norman:"type=boolean"`
-	Context           string              `json:"context" norman:"type=string,options=project|cluster"`
-	RoleTemplateNames []string            `json:"roleTemplateNames,omitempty" norman:"type=array[reference[roleTemplate]]"`
+	DisplayName           string              `json:"displayName,omitempty" norman:"required"`
+	Description           string              `json:"description"`
+	Rules                 []rbacv1.PolicyRule `json:"rules,omitempty"`
+	Builtin               bool                `json:"builtin" norman:"nocreate,noupdate"`
+	External              bool                `json:"external"`
+	Hidden                bool                `json:"hidden"`
+	Locked                bool                `json:"locked,omitempty" norman:"type=boolean"`
+	ClusterCreatorDefault bool                `json:"clusterCreatorDefault,omitempty" norman:"required"`
+	ProjectCreatorDefault bool                `json:"projectCreatorDefault,omitempty" norman:"required"`
+	Context               string              `json:"context" norman:"type=string,options=project|cluster"`
+	RoleTemplateNames     []string            `json:"roleTemplateNames,omitempty" norman:"type=array[reference[roleTemplate]]"`
 }

 type PodSecurityPolicyTemplate struct {
--- a/apis/management.cattle.io/v3/schema/schema.go
+++ b/apis/management.cattle.io/v3/schema/schema.go
@@ -188,7 +188,10 @@ func authzTypes(schemas *types.Schemas) *types.Schemas {
 				"exportYaml": {},
 			}
 		}).
-		MustImport(&Version, v3.GlobalRole{}).
+		MustImportAndCustomize(&Version, v3.GlobalRole{}, func(schema *types.Schema) {
+			schema.CollectionMethods = []string{http.MethodGet}
+			schema.ResourceMethods = []string{http.MethodGet, http.MethodPut}
+		}).
 		MustImport(&Version, v3.GlobalRoleBinding{}).
 		MustImport(&Version, v3.RoleTemplate{}).
 		MustImport(&Version, v3.PodSecurityPolicyTemplate{}).
@@ -268,7 +271,8 @@ func tokens(schemas *types.Schemas) *types.Schemas {

 func authnTypes(schemas *types.Schemas) *types.Schemas {
 	return schemas.
-		AddMapperForType(&Version, v3.User{}, m.DisplayName{}).
+		AddMapperForType(&Version, v3.User{}, m.DisplayName{},
+			&m.Embed{Field: "status"}).
 		AddMapperForType(&Version, v3.Group{}, m.DisplayName{}).
 		MustImport(&Version, v3.Group{}).
 		MustImport(&Version, v3.GroupMember{}).
--- a/apis/management.cattle.io/v3/zz_generated_deepcopy.go
+++ b/apis/management.cattle.io/v3/zz_generated_deepcopy.go
@@ -6448,6 +6448,8 @@ func (in *User) DeepCopyInto(out *User) {
 			**out = **in
 		}
 	}
+	out.Spec = in.Spec
+	in.Status.DeepCopyInto(&out.Status)
 	return
 }

@@ -6535,6 +6537,22 @@ func (in *UserAttributeList) DeepCopyObject() runtime.Object {
 	return nil
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *UserCondition) DeepCopyInto(out *UserCondition) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserCondition.
+func (in *UserCondition) DeepCopy() *UserCondition {
+	if in == nil {
+		return nil
+	}
+	out := new(UserCondition)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *UserList) DeepCopyInto(out *UserList) {
 	*out = *in
@@ -6568,6 +6586,43 @@ func (in *UserList) DeepCopyObject() runtime.Object {
 	return nil
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *UserSpec) DeepCopyInto(out *UserSpec) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserSpec.
+func (in *UserSpec) DeepCopy() *UserSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(UserSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *UserStatus) DeepCopyInto(out *UserStatus) {
+	*out = *in
+	if in.Conditions != nil {
+		in, out := &in.Conditions, &out.Conditions
+		*out = make([]UserCondition, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserStatus.
+func (in *UserStatus) DeepCopy() *UserStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(UserStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Values) DeepCopyInto(out *Values) {
 	*out = *in