diff --git a/docs/reference/api/openapi.yaml b/docs/reference/api/openapi.yaml index 372a6e760..f5ae5faeb 100755 --- a/docs/reference/api/openapi.yaml +++ b/docs/reference/api/openapi.yaml @@ -4,213 +4,58 @@ info: version: main description: PlusOne operations platform paths: - /Organization: + /ClusterKubeconfig: post: responses: default: - description: Organization - /ClusterKubeconfig: + description: ClusterKubeconfig + /PluginDefinition: post: responses: default: - description: ClusterKubeconfig - /Cluster: + description: PluginDefinition + /Plugin: post: responses: default: - description: Cluster - /TeamRole: + description: Plugin + /Team: post: responses: default: - description: TeamRole + description: Team /TeamMembership: post: responses: default: description: TeamMembership - /PluginPreset: + /TeamRoleBinding: post: responses: default: - description: PluginPreset - /Team: + description: TeamRoleBinding + /Organization: post: responses: default: - description: Team - /TeamRoleBinding: + description: Organization + /PluginPreset: post: responses: default: - description: TeamRoleBinding - /Plugin: + description: PluginPreset + /TeamRole: post: responses: default: - description: Plugin - /PluginDefinition: + description: TeamRole + /Cluster: post: responses: default: - description: PluginDefinition + description: Cluster components: schemas: - Organization: - xml: - name: greenhouse.sap - namespace: v1alpha1 - title: Organization - description: Organization is the Schema for the organizations API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OrganizationSpec defines the desired state of Organization - properties: - authentication: - description: Authentication configures the organizations authentication mechanism. - properties: - oidc: - description: OIDConfig configures the OIDC provider. - properties: - clientIDReference: - description: ClientIDReference references the Kubernetes secret containing the client id. - properties: - key: - description: Key in the secret to select the value from. - type: string - name: - description: Name of the secret in the same namespace. - type: string - required: - - key - - name - type: object - clientSecretReference: - description: ClientSecretReference references the Kubernetes secret containing the client secret. - properties: - key: - description: Key in the secret to select the value from. - type: string - name: - description: Name of the secret in the same namespace. - type: string - required: - - key - - name - type: object - issuer: - description: Issuer is the URL of the identity service. - type: string - redirectURI: - description: RedirectURI is the redirect URI.\nIf none is specified, the Greenhouse ID proxy will be used. - type: string - required: - - clientIDReference - - clientSecretReference - - issuer - type: object - scim: - description: SCIMConfig configures the SCIM client. - properties: - baseURL: - description: URL to the SCIM server. - type: string - basicAuthPw: - description: Password to be used for basic authentication. - properties: - secret: - description: Secret references the secret containing the value. - properties: - key: - description: Key in the secret to select the value from. - type: string - name: - description: Name of the secret in the same namespace. - type: string - required: - - key - - name - type: object - type: object - basicAuthUser: - description: User to be used for basic authentication. - properties: - secret: - description: Secret references the secret containing the value. - properties: - key: - description: Key in the secret to select the value from. - type: string - name: - description: Name of the secret in the same namespace. - type: string - required: - - key - - name - type: object - type: object - required: - - baseURL - - basicAuthPw - - basicAuthUser - type: object - type: object - description: - description: Description provides additional details of the organization. - type: string - displayName: - description: DisplayName is an optional name for the organization to be displayed in the Greenhouse UI.\nDefaults to a normalized version of metadata.name. - type: string - mappedOrgAdminIdPGroup: - description: MappedOrgAdminIDPGroup is the IDP group ID identifying org admins - type: string - type: object - status: - description: OrganizationStatus defines the observed state of an Organization - properties: - statusConditions: - description: StatusConditions contain the different conditions that constitute the status of the Organization. - properties: - conditions: - items: - description: Condition contains additional information on the state of a resource. - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is an optional human readable message indicating details about the last transition. - type: string - reason: - description: Reason is a one-word, CamelCase reason for the condition's last transition. - type: string - status: - description: Status of the condition. - type: string - type: - description: Type of the condition. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - type: object ClusterKubeconfig: xml: name: greenhouse.sap @@ -348,12 +193,12 @@ components: type: object type: object type: object - Cluster: + PluginDefinition: xml: name: greenhouse.sap namespace: v1alpha1 - title: Cluster - description: Cluster is the Schema for the clusters API + title: PluginDefinition + description: PluginDefinition is the Schema for the PluginDefinitions API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' @@ -364,81 +209,243 @@ components: metadata: type: object spec: - description: ClusterSpec defines the desired state of the Cluster. + description: PluginDefinitionSpec defines the desired state of PluginDefinitionSpec properties: - accessMode: - description: AccessMode configures how the cluster is accessed from the Greenhouse operator. - enum: - - direct + description: + description: Description provides additional details of the pluginDefinition. type: string - kubeConfig: - description: KubeConfig contains specific values for `KubeConfig` for the cluster. + displayName: + description: DisplayName provides a human-readable label for the pluginDefinition. + type: string + docMarkDownUrl: + description: DocMarkDownUrl specifies the URL to the markdown documentation file for this plugin.\nSource needs to allow all CORS origins. + type: string + helmChart: + description: HelmChart specifies where the Helm Chart for this pluginDefinition can be found. properties: - maxTokenValidity: - default: 72 - description: MaxTokenValidity specifies the maximum duration for which a token remains valid in hours. - format: int32 - maximum: 72 - minimum: 24 - type: integer + name: + description: Name of the HelmChart chart. + type: string + repository: + description: Repository of the HelmChart chart. + type: string + version: + description: Version of the HelmChart chart. + type: string + required: + - name + - repository + - version type: object - required: - - accessMode - type: object - status: - description: ClusterStatus defines the observed state of Cluster - properties: - bearerTokenExpirationTimestamp: - description: BearerTokenExpirationTimestamp reflects the expiration timestamp of the bearer token used to access the cluster. - format: date-time - type: string - kubernetesVersion: - description: KubernetesVersion reflects the detected Kubernetes version of the cluster. + icon: + description: 'Icon specifies the icon to be used for this plugin in the Greenhouse UI.\nIcons can be either:\n- A string representing a juno icon in camel case from this list: https://github.com/sapcc/juno/blob/main/libs/juno-ui-components/src/components/Icon/Icon.component.js#L6-L52\n- A publicly accessible image reference to a .png file. Will be displayed 100x100px' type: string - nodes: - additionalProperties: + options: + description: RequiredValues is a list of values required to create an instance of this PluginDefinition. + items: properties: - ready: - description: Fast track to the node ready condition. + default: + description: Default provides a default value for the option + x-kubernetes-preserve-unknown-fields: true + description: + description: Description provides a human-readable text for the value as shown in the UI. + type: string + displayName: + description: DisplayName provides a human-readable label for the configuration option + type: string + name: + description: Name/Key of the config option. + type: string + regex: + description: Regex specifies a match rule for validating configuration options. + type: string + required: + description: Required indicates that this config option is required type: boolean - statusConditions: - description: We mirror the node conditions here for faster reference + type: + description: Type of this configuration option. + enum: + - string + - secret + - bool + - int + - list + - map + type: string + required: + - name + - required + - type + type: object + type: array + uiApplication: + description: UIApplication specifies a reference to a UI application + properties: + name: + description: Name of the UI application. + type: string + url: + description: URL specifies the url to a built javascript asset.\nBy default, assets are loaded from the Juno asset server using the provided name and version. + type: string + version: + description: Version of the frontend application. + type: string + required: + - name + - version + type: object + version: + description: Version of this pluginDefinition + type: string + weight: + description: Weight configures the order in which Plugins are shown in the Greenhouse UI.\nDefaults to alphabetical sorting if not provided or on conflict. + format: int32 + type: integer + required: + - version + type: object + status: + description: PluginDefinitionStatus defines the observed state of PluginDefinition + type: object + type: object + Plugin: + xml: + name: greenhouse.sap + namespace: v1alpha1 + title: Plugin + description: Plugin is the Schema for the plugins API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PluginSpec defines the desired state of Plugin + properties: + clusterName: + description: ClusterName is the name of the cluster the plugin is deployed to. If not set, the plugin is deployed to the greenhouse cluster. + type: string + disabled: + description: Disabled indicates that the plugin is administratively disabled. + type: boolean + displayName: + description: DisplayName is an optional name for the Plugin to be displayed in the Greenhouse UI.\nThis is especially helpful to distinguish multiple instances of a PluginDefinition in the same context.\nDefaults to a normalized version of metadata.name. + type: string + optionValues: + description: Values are the values for a PluginDefinition instance. + items: + description: PluginOptionValue is the value for a PluginOption. + properties: + name: + description: Name of the values. + type: string + value: + description: Value is the actual value in plain text. + x-kubernetes-preserve-unknown-fields: true + valueFrom: + description: ValueFrom references a potentially confidential value in another source. properties: - conditions: - items: - description: Condition contains additional information on the state of a resource. - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is an optional human readable message indicating details about the last transition. - type: string - reason: - description: Reason is a one-word, CamelCase reason for the condition's last transition. - type: string - status: - description: Status of the condition. - type: string - type: - description: Type of the condition. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map + secret: + description: Secret references the secret containing the value. + properties: + key: + description: Key in the secret to select the value from. + type: string + name: + description: Name of the secret in the same namespace. + type: string + required: + - key + - name + type: object type: object + required: + - name type: object - description: Nodes provides a map of cluster node names to node statuses + type: array + pluginDefinition: + description: PluginDefinition is the name of the PluginDefinition this instance is for. + type: string + releaseNamespace: + description: ReleaseNamespace is the namespace in the remote cluster to which the backend is deployed.\nDefaults to the Greenhouse managed namespace if not set. + type: string + required: + - disabled + - pluginDefinition + type: object + status: + description: PluginStatus defines the observed state of Plugin + properties: + description: + description: Description provides additional details of the plugin. + type: string + exposedServices: + additionalProperties: + description: Service references a Kubernetes service of a Plugin. + properties: + name: + description: Name is the name of the service in the target cluster. + type: string + namespace: + description: Namespace is the namespace of the service in the target cluster. + type: string + port: + description: Port is the port of the service. + format: int32 + type: integer + protocol: + description: Protocol is the protocol of the service. + type: string + required: + - name + - namespace + - port + type: object + description: ExposedServices provides an overview of the Plugins services that are centrally exposed.\nIt maps the exposed URL to the service found in the manifest. + type: object + helmChart: + description: HelmChart contains a reference the helm chart used for the deployed pluginDefinition version. + properties: + name: + description: Name of the HelmChart chart. + type: string + repository: + description: Repository of the HelmChart chart. + type: string + version: + description: Version of the HelmChart chart. + type: string + required: + - name + - repository + - version + type: object + helmReleaseStatus: + description: HelmReleaseStatus reflects the status of the latest HelmChart release.\nThis is only configured if the pluginDefinition is backed by HelmChart. + properties: + firstDeployed: + description: FirstDeployed is the timestamp of the first deployment of the release. + format: date-time + type: string + lastDeployed: + description: LastDeployed is the timestamp of the last deployment of the release. + format: date-time + type: string + pluginOptionChecksum: + description: PluginOptionChecksum is the checksum of plugin option values. + type: string + status: + description: Status is the status of a HelmChart release. + type: string + required: + - status type: object statusConditions: - description: StatusConditions contain the different conditions that constitute the status of the Cluster. + description: StatusConditions contain the different conditions that constitute the status of the Plugin. properties: conditions: items: @@ -470,14 +477,37 @@ components: - type x-kubernetes-list-type: map type: object + uiApplication: + description: UIApplication contains a reference to the frontend that is used for the deployed pluginDefinition version. + properties: + name: + description: Name of the UI application. + type: string + url: + description: URL specifies the url to a built javascript asset.\nBy default, assets are loaded from the Juno asset server using the provided name and version. + type: string + version: + description: Version of the frontend application. + type: string + required: + - name + - version + type: object + version: + description: Version contains the latest pluginDefinition version the config was last applied with successfully. + type: string + weight: + description: Weight configures the order in which Plugins are shown in the Greenhouse UI. + format: int32 + type: integer type: object type: object - TeamRole: + Team: xml: name: greenhouse.sap namespace: v1alpha1 - title: TeamRole - description: TeamRole is the Schema for the TeamRoles API + title: Team + description: Team is the Schema for the teams API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' @@ -488,96 +518,79 @@ components: metadata: type: object spec: - description: TeamRoleSpec defines the desired state of a TeamRole + description: TeamSpec defines the desired state of Team properties: - aggregationRule: - description: AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole on the remote cluster + description: + description: Description provides additional details of the team. + type: string + joinUrl: + description: URL to join the IdP group. + type: string + mappedIdPGroup: + description: IdP group id matching team. + type: string + type: object + status: + description: TeamStatus defines the observed state of Team + properties: + members: + items: + description: User specifies a human person. + properties: + email: + description: Email of the user. + type: string + firstName: + description: FirstName of the user. + type: string + id: + description: ID is the unique identifier of the user. + type: string + lastName: + description: LastName of the user. + type: string + required: + - email + - firstName + - id + - lastName + type: object + type: array + statusConditions: + description: A StatusConditions contains a list of conditions.\nOnly one condition of a given type may exist in the list. properties: - clusterRoleSelectors: - description: ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules.\nIf any of the selectors match, then the ClusterRole's permissions will be added + conditions: items: - description: A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects. + description: Condition contains additional information on the state of a resource. properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is "key", the\noperator is "In", and the values array contains only "value". The requirements are ANDed. - type: object + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is an optional human readable message indicating details about the last transition. + type: string + reason: + description: Reason is a one-word, CamelCase reason for the condition's last transition. + type: string + status: + description: Status of the condition. + type: string + type: + description: Type of the condition. + type: string + required: + - lastTransitionTime + - status + - type type: object - x-kubernetes-map-type: atomic type: array - x-kubernetes-list-type: atomic - type: object - labels: - additionalProperties: - type: string - description: Labels are applied to the ClusterRole created on the remote cluster.\nThis allows using TeamRoles as part of AggregationRules by other TeamRoles + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object - rules: - description: Rules is a list of rbacv1.PolicyRules used on a managed RBAC (Cluster)Role - items: - description: PolicyRule holds information that describes a policy rule, but does not contain information\nabout who the rule applies to or which namespace the rule applies to. - properties: - apiGroups: - description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of\nthe enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. - items: - type: string - type: array - x-kubernetes-list-type: atomic - nonResourceURLs: - description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path\nSince non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.\nRules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. - items: - type: string - type: array - x-kubernetes-list-type: atomic - resourceNames: - description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. - items: - type: string - type: array - x-kubernetes-list-type: atomic - resources: - description: Resources is a list of resources this rule applies to. '*' represents all resources. - items: - type: string - type: array - x-kubernetes-list-type: atomic - verbs: - description: Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - verbs - type: object - type: array - type: object - status: - description: TeamRoleStatus defines the observed state of a TeamRole + required: + - statusConditions type: object type: object TeamMembership: @@ -669,12 +682,12 @@ components: type: object type: object type: object - PluginPreset: + TeamRoleBinding: xml: name: greenhouse.sap namespace: v1alpha1 - title: PluginPreset - description: PluginPreset is the Schema for the PluginPresets API + title: TeamRoleBinding + description: TeamRoleBinding is the Schema for the rolebindings API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' @@ -685,53 +698,13 @@ components: metadata: type: object spec: - description: PluginPresetSpec defines the desired state of PluginPreset + description: TeamRoleBindingSpec defines the desired state of a TeamRoleBinding properties: - clusterOptionOverrides: - description: ClusterOptionOverrides define plugin option values to override by the PluginPreset - items: - description: ClusterOptionOverride defines which plugin option should be override in which cluster - properties: - clusterName: - type: string - overrides: - items: - description: PluginOptionValue is the value for a PluginOption. - properties: - name: - description: Name of the values. - type: string - value: - description: Value is the actual value in plain text. - x-kubernetes-preserve-unknown-fields: true - valueFrom: - description: ValueFrom references a potentially confidential value in another source. - properties: - secret: - description: Secret references the secret containing the value. - properties: - key: - description: Key in the secret to select the value from. - type: string - name: - description: Name of the secret in the same namespace. - type: string - required: - - key - - name - type: object - type: object - required: - - name - type: object - type: array - required: - - clusterName - - overrides - type: object - type: array + clusterName: + description: ClusterName is the name of the cluster the rbacv1 resources are created on. + type: string clusterSelector: - description: ClusterSelector is a label selector to select the clusters the plugin bundle should be deployed to. + description: ClusterSelector is a label selector to select the Clusters the TeamRoleBinding should be deployed to. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -763,69 +736,62 @@ components: type: object type: object x-kubernetes-map-type: atomic - plugin: - description: PluginSpec is the spec of the plugin to be deployed by the PluginPreset. - properties: - clusterName: - description: ClusterName is the name of the cluster the plugin is deployed to. If not set, the plugin is deployed to the greenhouse cluster. - type: string - disabled: - description: Disabled indicates that the plugin is administratively disabled. - type: boolean - displayName: - description: DisplayName is an optional name for the Plugin to be displayed in the Greenhouse UI.\nThis is especially helpful to distinguish multiple instances of a PluginDefinition in the same context.\nDefaults to a normalized version of metadata.name. - type: string - optionValues: - description: Values are the values for a PluginDefinition instance. - items: - description: PluginOptionValue is the value for a PluginOption. + namespaces: + description: Namespaces is a list of namespaces in the Greenhouse Clusters to apply the RoleBinding to.\nIf empty, a ClusterRoleBinding will be created on the remote cluster, otherwise a RoleBinding per namespace. + items: + type: string + type: array + teamRef: + description: TeamRef references a Greenhouse Team by name + type: string + teamRoleRef: + description: TeamRoleRef references a Greenhouse TeamRole by name + type: string + type: object + status: + description: TeamRoleBindingStatus defines the observed state of the TeamRoleBinding + properties: + clusters: + description: PropagationStatus is the list of clusters the TeamRoleBinding is applied to + items: + description: PropagationStatus defines the observed state of the TeamRoleBinding's associated rbacv1 resources on a Cluster + properties: + clusterName: + description: ClusterName is the name of the cluster the rbacv1 resources are created on. + type: string + condition: + description: Condition is the overall Status of the rbacv1 resources created on the cluster properties: - name: - description: Name of the values. + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is an optional human readable message indicating details about the last transition. + type: string + reason: + description: Reason is a one-word, CamelCase reason for the condition's last transition. + type: string + status: + description: Status of the condition. + type: string + type: + description: Type of the condition. type: string - value: - description: Value is the actual value in plain text. - x-kubernetes-preserve-unknown-fields: true - valueFrom: - description: ValueFrom references a potentially confidential value in another source. - properties: - secret: - description: Secret references the secret containing the value. - properties: - key: - description: Key in the secret to select the value from. - type: string - name: - description: Name of the secret in the same namespace. - type: string - required: - - key - - name - type: object - type: object required: - - name + - lastTransitionTime + - status + - type type: object - type: array - pluginDefinition: - description: PluginDefinition is the name of the PluginDefinition this instance is for. - type: string - releaseNamespace: - description: ReleaseNamespace is the namespace in the remote cluster to which the backend is deployed.\nDefaults to the Greenhouse managed namespace if not set. - type: string - required: - - disabled - - pluginDefinition - type: object - required: - - clusterSelector - - plugin - type: object - status: - description: PluginPresetStatus defines the observed state of PluginPreset - properties: + required: + - clusterName + type: object + type: array + x-kubernetes-list-map-keys: + - clusterName + x-kubernetes-list-type: map statusConditions: - description: StatusConditions contain the different conditions that constitute the status of the PluginPreset. + description: StatusConditions contain the different conditions that constitute the status of the TeamRoleBinding. properties: conditions: items: @@ -859,12 +825,12 @@ components: type: object type: object type: object - Team: + Organization: xml: name: greenhouse.sap namespace: v1alpha1 - title: Team - description: Team is the Schema for the teams API + title: Organization + description: Organization is the Schema for the organizations API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' @@ -875,46 +841,112 @@ components: metadata: type: object spec: - description: TeamSpec defines the desired state of Team + description: OrganizationSpec defines the desired state of Organization properties: + authentication: + description: Authentication configures the organizations authentication mechanism. + properties: + oidc: + description: OIDConfig configures the OIDC provider. + properties: + clientIDReference: + description: ClientIDReference references the Kubernetes secret containing the client id. + properties: + key: + description: Key in the secret to select the value from. + type: string + name: + description: Name of the secret in the same namespace. + type: string + required: + - key + - name + type: object + clientSecretReference: + description: ClientSecretReference references the Kubernetes secret containing the client secret. + properties: + key: + description: Key in the secret to select the value from. + type: string + name: + description: Name of the secret in the same namespace. + type: string + required: + - key + - name + type: object + issuer: + description: Issuer is the URL of the identity service. + type: string + redirectURI: + description: RedirectURI is the redirect URI.\nIf none is specified, the Greenhouse ID proxy will be used. + type: string + required: + - clientIDReference + - clientSecretReference + - issuer + type: object + scim: + description: SCIMConfig configures the SCIM client. + properties: + baseURL: + description: URL to the SCIM server. + type: string + basicAuthPw: + description: Password to be used for basic authentication. + properties: + secret: + description: Secret references the secret containing the value. + properties: + key: + description: Key in the secret to select the value from. + type: string + name: + description: Name of the secret in the same namespace. + type: string + required: + - key + - name + type: object + type: object + basicAuthUser: + description: User to be used for basic authentication. + properties: + secret: + description: Secret references the secret containing the value. + properties: + key: + description: Key in the secret to select the value from. + type: string + name: + description: Name of the secret in the same namespace. + type: string + required: + - key + - name + type: object + type: object + required: + - baseURL + - basicAuthPw + - basicAuthUser + type: object + type: object description: - description: Description provides additional details of the team. + description: Description provides additional details of the organization. type: string - joinUrl: - description: URL to join the IdP group. + displayName: + description: DisplayName is an optional name for the organization to be displayed in the Greenhouse UI.\nDefaults to a normalized version of metadata.name. type: string - mappedIdPGroup: - description: IdP group id matching team. + mappedOrgAdminIdPGroup: + description: MappedOrgAdminIDPGroup is the IDP group ID identifying org admins type: string type: object status: - description: TeamStatus defines the observed state of Team + description: OrganizationStatus defines the observed state of an Organization properties: - members: - items: - description: User specifies a human person. - properties: - email: - description: Email of the user. - type: string - firstName: - description: FirstName of the user. - type: string - id: - description: ID is the unique identifier of the user. - type: string - lastName: - description: LastName of the user. - type: string - required: - - email - - firstName - - id - - lastName - type: object - type: array statusConditions: - description: A StatusConditions contains a list of conditions.\nOnly one condition of a given type may exist in the list. + description: StatusConditions contain the different conditions that constitute the status of the Organization. properties: conditions: items: @@ -946,16 +978,14 @@ components: - type x-kubernetes-list-type: map type: object - required: - - statusConditions type: object type: object - TeamRoleBinding: + PluginPreset: xml: name: greenhouse.sap namespace: v1alpha1 - title: TeamRoleBinding - description: TeamRoleBinding is the Schema for the rolebindings API + title: PluginPreset + description: PluginPreset is the Schema for the PluginPresets API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' @@ -966,13 +996,53 @@ components: metadata: type: object spec: - description: TeamRoleBindingSpec defines the desired state of a TeamRoleBinding + description: PluginPresetSpec defines the desired state of PluginPreset properties: - clusterName: - description: ClusterName is the name of the cluster the rbacv1 resources are created on. - type: string + clusterOptionOverrides: + description: ClusterOptionOverrides define plugin option values to override by the PluginPreset + items: + description: ClusterOptionOverride defines which plugin option should be override in which cluster + properties: + clusterName: + type: string + overrides: + items: + description: PluginOptionValue is the value for a PluginOption. + properties: + name: + description: Name of the values. + type: string + value: + description: Value is the actual value in plain text. + x-kubernetes-preserve-unknown-fields: true + valueFrom: + description: ValueFrom references a potentially confidential value in another source. + properties: + secret: + description: Secret references the secret containing the value. + properties: + key: + description: Key in the secret to select the value from. + type: string + name: + description: Name of the secret in the same namespace. + type: string + required: + - key + - name + type: object + type: object + required: + - name + type: object + type: array + required: + - clusterName + - overrides + type: object + type: array clusterSelector: - description: ClusterSelector is a label selector to select the Clusters the TeamRoleBinding should be deployed to. + description: ClusterSelector is a label selector to select the clusters the plugin bundle should be deployed to. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -1004,62 +1074,69 @@ components: type: object type: object x-kubernetes-map-type: atomic - namespaces: - description: Namespaces is a list of namespaces in the Greenhouse Clusters to apply the RoleBinding to.\nIf empty, a ClusterRoleBinding will be created on the remote cluster, otherwise a RoleBinding per namespace. - items: - type: string - type: array - teamRef: - description: TeamRef references a Greenhouse Team by name - type: string - teamRoleRef: - description: TeamRoleRef references a Greenhouse TeamRole by name - type: string - type: object - status: - description: TeamRoleBindingStatus defines the observed state of the TeamRoleBinding - properties: - clusters: - description: PropagationStatus is the list of clusters the TeamRoleBinding is applied to - items: - description: PropagationStatus defines the observed state of the TeamRoleBinding's associated rbacv1 resources on a Cluster - properties: - clusterName: - description: ClusterName is the name of the cluster the rbacv1 resources are created on. - type: string - condition: - description: Condition is the overall Status of the rbacv1 resources created on the cluster + plugin: + description: PluginSpec is the spec of the plugin to be deployed by the PluginPreset. + properties: + clusterName: + description: ClusterName is the name of the cluster the plugin is deployed to. If not set, the plugin is deployed to the greenhouse cluster. + type: string + disabled: + description: Disabled indicates that the plugin is administratively disabled. + type: boolean + displayName: + description: DisplayName is an optional name for the Plugin to be displayed in the Greenhouse UI.\nThis is especially helpful to distinguish multiple instances of a PluginDefinition in the same context.\nDefaults to a normalized version of metadata.name. + type: string + optionValues: + description: Values are the values for a PluginDefinition instance. + items: + description: PluginOptionValue is the value for a PluginOption. properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is an optional human readable message indicating details about the last transition. - type: string - reason: - description: Reason is a one-word, CamelCase reason for the condition's last transition. - type: string - status: - description: Status of the condition. - type: string - type: - description: Type of the condition. + name: + description: Name of the values. type: string + value: + description: Value is the actual value in plain text. + x-kubernetes-preserve-unknown-fields: true + valueFrom: + description: ValueFrom references a potentially confidential value in another source. + properties: + secret: + description: Secret references the secret containing the value. + properties: + key: + description: Key in the secret to select the value from. + type: string + name: + description: Name of the secret in the same namespace. + type: string + required: + - key + - name + type: object + type: object required: - - lastTransitionTime - - status - - type + - name type: object - required: - - clusterName - type: object - type: array - x-kubernetes-list-map-keys: - - clusterName - x-kubernetes-list-type: map + type: array + pluginDefinition: + description: PluginDefinition is the name of the PluginDefinition this instance is for. + type: string + releaseNamespace: + description: ReleaseNamespace is the namespace in the remote cluster to which the backend is deployed.\nDefaults to the Greenhouse managed namespace if not set. + type: string + required: + - disabled + - pluginDefinition + type: object + required: + - clusterSelector + - plugin + type: object + status: + description: PluginPresetStatus defines the observed state of PluginPreset + properties: statusConditions: - description: StatusConditions contain the different conditions that constitute the status of the TeamRoleBinding. + description: StatusConditions contain the different conditions that constitute the status of the PluginPreset. properties: conditions: items: @@ -1093,12 +1170,12 @@ components: type: object type: object type: object - Plugin: + TeamRole: xml: name: greenhouse.sap namespace: v1alpha1 - title: Plugin - description: Plugin is the Schema for the plugins API + title: TeamRole + description: TeamRole is the Schema for the TeamRoles API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' @@ -1109,128 +1186,189 @@ components: metadata: type: object spec: - description: PluginSpec defines the desired state of Plugin + description: TeamRoleSpec defines the desired state of a TeamRole properties: - clusterName: - description: ClusterName is the name of the cluster the plugin is deployed to. If not set, the plugin is deployed to the greenhouse cluster. - type: string - disabled: - description: Disabled indicates that the plugin is administratively disabled. - type: boolean - displayName: - description: DisplayName is an optional name for the Plugin to be displayed in the Greenhouse UI.\nThis is especially helpful to distinguish multiple instances of a PluginDefinition in the same context.\nDefaults to a normalized version of metadata.name. - type: string - optionValues: - description: Values are the values for a PluginDefinition instance. - items: - description: PluginOptionValue is the value for a PluginOption. - properties: - name: - description: Name of the values. - type: string - value: - description: Value is the actual value in plain text. - x-kubernetes-preserve-unknown-fields: true - valueFrom: - description: ValueFrom references a potentially confidential value in another source. + aggregationRule: + description: AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole on the remote cluster + properties: + clusterRoleSelectors: + description: ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules.\nIf any of the selectors match, then the ClusterRole's permissions will be added + items: + description: A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects. properties: - secret: - description: Secret references the secret containing the value. - properties: - key: - description: Key in the secret to select the value from. - type: string - name: - description: Name of the secret in the same namespace. - type: string - required: - - key - - name + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is "key", the\noperator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + type: object + labels: + additionalProperties: + type: string + description: Labels are applied to the ClusterRole created on the remote cluster.\nThis allows using TeamRoles as part of AggregationRules by other TeamRoles + type: object + rules: + description: Rules is a list of rbacv1.PolicyRules used on a managed RBAC (Cluster)Role + items: + description: PolicyRule holds information that describes a policy rule, but does not contain information\nabout who the rule applies to or which namespace the rule applies to. + properties: + apiGroups: + description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of\nthe enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. + items: + type: string + type: array + x-kubernetes-list-type: atomic + nonResourceURLs: + description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path\nSince non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.\nRules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. + items: + type: string + type: array + x-kubernetes-list-type: atomic + resourceNames: + description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + resources: + description: Resources is a list of resources this rule applies to. '*' represents all resources. + items: + type: string + type: array + x-kubernetes-list-type: atomic + verbs: + description: Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs. + items: + type: string + type: array + x-kubernetes-list-type: atomic required: - - name + - verbs type: object type: array - pluginDefinition: - description: PluginDefinition is the name of the PluginDefinition this instance is for. - type: string - releaseNamespace: - description: ReleaseNamespace is the namespace in the remote cluster to which the backend is deployed.\nDefaults to the Greenhouse managed namespace if not set. - type: string - required: - - disabled - - pluginDefinition type: object status: - description: PluginStatus defines the observed state of Plugin - properties: - description: - description: Description provides additional details of the plugin. - type: string - exposedServices: - additionalProperties: - description: Service references a Kubernetes service of a Plugin. - properties: - name: - description: Name is the name of the service in the target cluster. - type: string - namespace: - description: Namespace is the namespace of the service in the target cluster. - type: string - port: - description: Port is the port of the service. - format: int32 - type: integer - protocol: - description: Protocol is the protocol of the service. - type: string - required: - - name - - namespace - - port - type: object - description: ExposedServices provides an overview of the Plugins services that are centrally exposed.\nIt maps the exposed URL to the service found in the manifest. - type: object - helmChart: - description: HelmChart contains a reference the helm chart used for the deployed pluginDefinition version. + description: TeamRoleStatus defines the observed state of a TeamRole + type: object + type: object + Cluster: + xml: + name: greenhouse.sap + namespace: v1alpha1 + title: Cluster + description: Cluster is the Schema for the clusters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterSpec defines the desired state of the Cluster. + properties: + accessMode: + description: AccessMode configures how the cluster is accessed from the Greenhouse operator. + enum: + - direct + type: string + kubeConfig: + description: KubeConfig contains specific values for `KubeConfig` for the cluster. properties: - name: - description: Name of the HelmChart chart. - type: string - repository: - description: Repository of the HelmChart chart. - type: string - version: - description: Version of the HelmChart chart. - type: string - required: - - name - - repository - - version + maxTokenValidity: + default: 72 + description: MaxTokenValidity specifies the maximum duration for which a token remains valid in hours. + format: int32 + maximum: 72 + minimum: 24 + type: integer type: object - helmReleaseStatus: - description: HelmReleaseStatus reflects the status of the latest HelmChart release.\nThis is only configured if the pluginDefinition is backed by HelmChart. - properties: - firstDeployed: - description: FirstDeployed is the timestamp of the first deployment of the release. - format: date-time - type: string - lastDeployed: - description: LastDeployed is the timestamp of the last deployment of the release. - format: date-time - type: string - pluginOptionChecksum: - description: PluginOptionChecksum is the checksum of plugin option values. - type: string - status: - description: Status is the status of a HelmChart release. - type: string - required: - - status + required: + - accessMode + type: object + status: + description: ClusterStatus defines the observed state of Cluster + properties: + bearerTokenExpirationTimestamp: + description: BearerTokenExpirationTimestamp reflects the expiration timestamp of the bearer token used to access the cluster. + format: date-time + type: string + kubernetesVersion: + description: KubernetesVersion reflects the detected Kubernetes version of the cluster. + type: string + nodes: + additionalProperties: + properties: + ready: + description: Fast track to the node ready condition. + type: boolean + statusConditions: + description: We mirror the node conditions here for faster reference + properties: + conditions: + items: + description: Condition contains additional information on the state of a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is an optional human readable message indicating details about the last transition. + type: string + reason: + description: Reason is a one-word, CamelCase reason for the condition's last transition. + type: string + status: + description: Status of the condition. + type: string + type: + description: Type of the condition. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + description: Nodes provides a map of cluster node names to node statuses type: object statusConditions: - description: StatusConditions contain the different conditions that constitute the status of the Plugin. + description: StatusConditions contain the different conditions that constitute the status of the Cluster. properties: conditions: items: @@ -1262,143 +1400,5 @@ components: - type x-kubernetes-list-type: map type: object - uiApplication: - description: UIApplication contains a reference to the frontend that is used for the deployed pluginDefinition version. - properties: - name: - description: Name of the UI application. - type: string - url: - description: URL specifies the url to a built javascript asset.\nBy default, assets are loaded from the Juno asset server using the provided name and version. - type: string - version: - description: Version of the frontend application. - type: string - required: - - name - - version - type: object - version: - description: Version contains the latest pluginDefinition version the config was last applied with successfully. - type: string - weight: - description: Weight configures the order in which Plugins are shown in the Greenhouse UI. - format: int32 - type: integer - type: object - type: object - PluginDefinition: - xml: - name: greenhouse.sap - namespace: v1alpha1 - title: PluginDefinition - description: PluginDefinition is the Schema for the PluginDefinitions API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PluginDefinitionSpec defines the desired state of PluginDefinitionSpec - properties: - description: - description: Description provides additional details of the pluginDefinition. - type: string - displayName: - description: DisplayName provides a human-readable label for the pluginDefinition. - type: string - docMarkDownUrl: - description: DocMarkDownUrl specifies the URL to the markdown documentation file for this plugin.\nSource needs to allow all CORS origins. - type: string - helmChart: - description: HelmChart specifies where the Helm Chart for this pluginDefinition can be found. - properties: - name: - description: Name of the HelmChart chart. - type: string - repository: - description: Repository of the HelmChart chart. - type: string - version: - description: Version of the HelmChart chart. - type: string - required: - - name - - repository - - version - type: object - icon: - description: 'Icon specifies the icon to be used for this plugin in the Greenhouse UI.\nIcons can be either:\n- A string representing a juno icon in camel case from this list: https://github.com/sapcc/juno/blob/main/libs/juno-ui-components/src/components/Icon/Icon.component.js#L6-L52\n- A publicly accessible image reference to a .png file. Will be displayed 100x100px' - type: string - options: - description: RequiredValues is a list of values required to create an instance of this PluginDefinition. - items: - properties: - default: - description: Default provides a default value for the option - x-kubernetes-preserve-unknown-fields: true - description: - description: Description provides a human-readable text for the value as shown in the UI. - type: string - displayName: - description: DisplayName provides a human-readable label for the configuration option - type: string - name: - description: Name/Key of the config option. - type: string - regex: - description: Regex specifies a match rule for validating configuration options. - type: string - required: - description: Required indicates that this config option is required - type: boolean - type: - description: Type of this configuration option. - enum: - - string - - secret - - bool - - int - - list - - map - type: string - required: - - name - - required - - type - type: object - type: array - uiApplication: - description: UIApplication specifies a reference to a UI application - properties: - name: - description: Name of the UI application. - type: string - url: - description: URL specifies the url to a built javascript asset.\nBy default, assets are loaded from the Juno asset server using the provided name and version. - type: string - version: - description: Version of the frontend application. - type: string - required: - - name - - version - type: object - version: - description: Version of this pluginDefinition - type: string - weight: - description: Weight configures the order in which Plugins are shown in the Greenhouse UI.\nDefaults to alphabetical sorting if not provided or on conflict. - format: int32 - type: integer - required: - - version - type: object - status: - description: PluginDefinitionStatus defines the observed state of PluginDefinition type: object type: object