diff --git a/apis/management.cattle.io/v3/authz_types.go b/apis/management.cattle.io/v3/authz_types.go index ce25f1dc..5dffb67a 100644 --- a/apis/management.cattle.io/v3/authz_types.go +++ b/apis/management.cattle.io/v3/authz_types.go @@ -27,6 +27,7 @@ type Project struct { type ProjectStatus struct { Conditions []ProjectCondition `json:"conditions"` + PodSecurityPolicyTemplateName string `json:"podSecurityPolicyTemplateId"` } type ProjectCondition struct { @@ -45,10 +46,9 @@ type ProjectCondition struct { } type ProjectSpec struct { - DisplayName string `json:"displayName,omitempty" norman:"required"` - Description string `json:"description"` - ClusterName string `json:"clusterName,omitempty" norman:"required,type=reference[cluster]"` - PodSecurityPolicyTemplateName string `json:"podSecurityPolicyTemplateName,omitempty" norman:"type=reference[podSecurityPolicyTemplate]"` + DisplayName string `json:"displayName,omitempty" norman:"required"` + Description string `json:"description"` + ClusterName string `json:"clusterName,omitempty" norman:"required,type=reference[cluster]"` } type GlobalRole struct { @@ -91,6 +91,15 @@ type PodSecurityPolicyTemplate struct { Spec extv1.PodSecurityPolicySpec `json:"spec,omitempty"` } +type PodSecurityPolicyTemplateProjectBinding struct { + types.Namespaced + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + PodSecurityPolicyTemplateName string `json:"podSecurityPolicyTemplateId" norman:"required,type=reference[podSecurityPolicyTemplate]"` + TargetProjectName string `json:"projectId" norman:"required,type=reference[project]"` +} + type ProjectRoleTemplateBinding struct { types.Namespaced metav1.TypeMeta `json:",inline"` @@ -116,3 +125,7 @@ type ClusterRoleTemplateBinding struct { ClusterName string `json:"clusterName,omitempty" norman:"required,type=reference[cluster]"` RoleTemplateName string `json:"roleTemplateName,omitempty" norman:"required,type=reference[roleTemplate]"` } + +type SetPodSecurityPolicyTemplateInput struct { + PodSecurityPolicyTemplateName string `json:"podSecurityPolicyTemplateId" norman:"required,type=reference[podSecurityPolicyTemplate]"` +} diff --git a/apis/management.cattle.io/v3/cluster_types.go b/apis/management.cattle.io/v3/cluster_types.go index 1d4f9304..59c74cbb 100644 --- a/apis/management.cattle.io/v3/cluster_types.go +++ b/apis/management.cattle.io/v3/cluster_types.go @@ -72,19 +72,20 @@ type ClusterStatus struct { Conditions []ClusterCondition `json:"conditions,omitempty"` //Component statuses will represent cluster's components (etcd/controller/scheduler) health // https://kubernetes.io/docs/api-reference/v1.8/#componentstatus-v1-core - Driver string `json:"driver"` - AgentImage string `json:"agentImage"` - ComponentStatuses []ClusterComponentStatus `json:"componentStatuses,omitempty"` - APIEndpoint string `json:"apiEndpoint,omitempty"` - ServiceAccountToken string `json:"serviceAccountToken,omitempty"` - CACert string `json:"caCert,omitempty"` - Capacity v1.ResourceList `json:"capacity,omitempty"` - Allocatable v1.ResourceList `json:"allocatable,omitempty"` - AppliedSpec ClusterSpec `json:"appliedSpec,omitempty"` - FailedSpec *ClusterSpec `json:"failedSpec,omitempty"` - Requested v1.ResourceList `json:"requested,omitempty"` - Limits v1.ResourceList `json:"limits,omitempty"` - ClusterName string `json:"clusterName,omitempty"` + Driver string `json:"driver"` + AgentImage string `json:"agentImage"` + ComponentStatuses []ClusterComponentStatus `json:"componentStatuses,omitempty"` + APIEndpoint string `json:"apiEndpoint,omitempty"` + ServiceAccountToken string `json:"serviceAccountToken,omitempty"` + CACert string `json:"caCert,omitempty"` + Capacity v1.ResourceList `json:"capacity,omitempty"` + Allocatable v1.ResourceList `json:"allocatable,omitempty"` + AppliedSpec ClusterSpec `json:"appliedSpec,omitempty"` + FailedSpec *ClusterSpec `json:"failedSpec,omitempty"` + Requested v1.ResourceList `json:"requested,omitempty"` + Limits v1.ResourceList `json:"limits,omitempty"` + ClusterName string `json:"clusterName,omitempty"` + AppliedPodSecurityPolicyTemplateName string `json:"appliedPodSecurityPolicyTemplateId"` } type ClusterComponentStatus struct { diff --git a/apis/management.cattle.io/v3/schema/schema.go b/apis/management.cattle.io/v3/schema/schema.go index da4c510f..e88e9238 100644 --- a/apis/management.cattle.io/v3/schema/schema.go +++ b/apis/management.cattle.io/v3/schema/schema.go @@ -154,14 +154,29 @@ func authzTypes(schemas *types.Schemas) *types.Schemas { &m.Embed{Field: "status"}). AddMapperForType(&Version, v3.GlobalRole{}, m.DisplayName{}). AddMapperForType(&Version, v3.RoleTemplate{}, m.DisplayName{}). + AddMapperForType(&Version, + v3.PodSecurityPolicyTemplateProjectBinding{}, + &mapper.NamespaceIDMapper{}). AddMapperForType(&Version, v3.ProjectRoleTemplateBinding{}, &mapper.NamespaceIDMapper{}, ). - MustImport(&Version, v3.Project{}). + MustImport(&Version, v3.SetPodSecurityPolicyTemplateInput{}). + MustImportAndCustomize(&Version, v3.Project{}, func(schema *types.Schema) { + schema.ResourceActions = map[string]types.Action{ + "setpodsecuritypolicytemplate": { + Input: "setPodSecurityPolicyTemplateInput", + Output: "project", + }, + } + }). MustImport(&Version, v3.GlobalRole{}). MustImport(&Version, v3.GlobalRoleBinding{}). MustImport(&Version, v3.RoleTemplate{}). MustImport(&Version, v3.PodSecurityPolicyTemplate{}). + MustImportAndCustomize(&Version, v3.PodSecurityPolicyTemplateProjectBinding{}, func(schema *types.Schema) { + schema.CollectionMethods = []string{http.MethodGet, http.MethodPost} + schema.ResourceMethods = []string{} + }). MustImport(&Version, v3.ClusterRoleTemplateBinding{}). MustImport(&Version, v3.ProjectRoleTemplateBinding{}). MustImport(&Version, v3.GlobalRoleBinding{})