projectlifecyclepolicy_types.go 5.66 KB
Newer Older
Alexandre Lossent's avatar
Alexandre Lossent committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
/*


Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package v1alpha1

import (
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

type AppDeletionPolicyType string

const (
	// AppDeletionPolicyDeleteNamespace deletes parent namespace when an ApplicationRegistration's status.provisioningStatus becomes DeletedFromAPI
	AppDeletionPolicyDeleteNamespace AppDeletionPolicyType = "DeleteNamespace"
	// AppDeletionPolicyIgnoreAndPreserveNamespace does nothing when an ApplicationRegistration's status.provisioningStatus becomes DeletedFromAPI
	AppDeletionPolicyIgnoreAndPreserveNamespace AppDeletionPolicyType = "IgnoreAndPreserveNamespace"
)

// strings for the conditions in status
const (
	// Type of the Condition in ProjectLifecyclePolicy status that indicates if policy was successfully applied
	ConditionTypeAppliedProjectLifecyclePolicy string = "AppliedProjectLifecyclePolicy"
	// Reason for the Condition in ProjectLifecyclePolicy status when policy was successfully applied
	ConditionReasonSuccessful string = "Successful"
	// Reason for the Condition in ProjectLifecyclePolicy status when policy was NOT successfully applied
	// because the conditions are not met for us to be able to do something.
	ConditionReasonCannotApply string = "CannotApply"
	// Reason for the Condition in ProjectLifecyclePolicy status when policy was NOT successfully applied
	// because we tried but someting went wrong.
	// NB: we could have a separate value for each failure case, but not worth the effort for the projectLifecyclePolicy.
	ConditionReasonFailed string = "Failed"
)

// ProjectLifecyclePolicySpec defines the desired state of ProjectLifecyclePolicy
type ProjectLifecyclePolicySpec struct {

	// The ClusterRole that should be granted to the Application's owner and administrator group
	// in the RoleBinding identified by ApplicationOwnerRoleBindingName.
	// The authz-operator serviceaccount MUST itself have this cluster role so it can grant it to other users!
	// If not specified, then no RoleBinding is created.
	// +optional
	ApplicationOwnerClusterRole string `json:"applicationOwnerClusterRole,omitempty"`

	// Name of a RoleBinding whose members should be set to the value of ApplicationRegistration's status.CurrentOwnerUsername
	// and (if present) status.CurrentAdminGroup.
	// Any other member will be removed from the RoleBinding.
	// +kubebuilder:default:="application-owner"
	ApplicationOwnerRoleBindingName string `json:"applicationOwnerRoleBindingName"`

	// Policy when the ApplicationRegistration's status.provisioningStatus becomes DeletedFromAPI,
	// i.e. the application was deleted from the Application Portal.
	// If DeleteNamespace, the parent namespace/project containing the ApplicationRegistration is deleted.
	// +kubebuilder:validation:Enum="IgnoreAndPreserveNamespace";"DeleteNamespace"
	// +kubebuilder:default:="IgnoreAndPreserveNamespace"
	ApplicationDeletedFromAuthApiPolicy AppDeletionPolicyType `json:"applicationDeletedFromAuthApiPolicy"`

	// Generate a link to the application's management page in the application portal.
	// This is created as a ConsoleLink in the NamespaceDashboard (the only type of link
	// that can be specified per namespace).
	// +optional
	ApplicationPortalManagementLink bool `json:"applicationPortalConsoleLink,omitempty"`

	// Generate a link showing current application's category in the app portal
	// with link to the application's management page to update category.
	// This is created as a ConsoleLink in the NamespaceDashboard (the only type of link
	// that can be specified per namespace).
	// +optional
	ApplicationCategoryLink bool `json:"applicationCategoryLink,omitempty"`

83
84
85
	// Sync the parent Openshift project's metadata (annotations and labels) with the information from the Application Portal.
	// Description goes to the standard Openshift annotation for project description. Owner, Admin Group and category are
	// exposed with custom labels.
Alexandre Lossent's avatar
Alexandre Lossent committed
86
	// +optional
87
88
	// +kubebuilder:default:=true
	SyncProjectMetadata bool `json:"syncProjectMetadata,omitempty"`
Alexandre Lossent's avatar
Alexandre Lossent committed
89
90
91
92
93
94
95
96
97
98
99
}

// ProjectLifecyclePolicyStatus defines the observed state of ProjectLifecyclePolicy
type ProjectLifecyclePolicyStatus struct {
	// Conditions represent the latest available observations of an object's state
	Conditions []metav1.Condition `json:"conditions"`
}

// +kubebuilder:object:root=true
// +kubebuilder:subresource:status

100
101
// ProjectLifecyclePolicy controls how the authz-operator applies changes to lifecycle-related properties of the application in the AuthzAPI to the OKD project/namespace containing an `ApplicationRegistration`.
// More info: https://gitlab.cern.ch/paas-tools/operators/authz-operator#projectlifecyclepolicy
Alexandre Lossent's avatar
Alexandre Lossent committed
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
type ProjectLifecyclePolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ProjectLifecyclePolicySpec   `json:"spec,omitempty"`
	Status ProjectLifecyclePolicyStatus `json:"status,omitempty"`
}

// +kubebuilder:object:root=true

// ProjectLifecyclePolicyList contains a list of ProjectLifecyclePolicy
type ProjectLifecyclePolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ProjectLifecyclePolicy `json:"items"`
}

func init() {
	SchemeBuilder.Register(&ProjectLifecyclePolicy{}, &ProjectLifecyclePolicyList{})
}