Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OCM-7432 | Defining WIF resources and endpoints #955

Merged
merged 1 commit into from
Jul 11, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 11 additions & 1 deletion model/clusters_mgmt/v1/root_resource.model
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,17 @@ resource Root {
}

// Reference to the resource that manages the storage quota values.
locator StorageQuotaValues{
locator StorageQuotaValues {
target StorageQuotaValues
}

// Reference to the resource that manages wif_configs
locator WifConfigs {
target WifConfigs
}

// Reference to the resource that manages wif_templates
locator WifTemplates {
target WifTemplate
}
}
29 changes: 29 additions & 0 deletions model/clusters_mgmt/v1/wif_config_resource.model
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
/*
Copyright (c) 2024 Red Hat, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// Manages a specific wif_config.
resource WifConfig {
// Retrieves the details of the WifConfig.
method Get {
out Body WifConfig
}

// Deletes the wif_config.
method Delete {
// Dry run flag is used to check if the operation can be completed, but won't delete.
in DryRun Boolean = false
}
}
55 changes: 55 additions & 0 deletions model/clusters_mgmt/v1/wif_config_type.model
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
/*
Copyright (c) 2024 Red Hat, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// Definition of an wif_config resource.
class WifConfig {
// The name OCM clients will display for this wif_config.
DisplayName String
// Holds GCP related data.
Gcp WifGcp
// The OCM organization that this wif_config resource belongs to.
Organization OrganizationLink
}

struct WifGcp {
// This is the service account email that OCM will use to access other SAs.
ImpersonatorEmail String
// This represents the GCP project ID in which the wif resources will be configured.
ProjectId String
// The list of service accounts and their associated roles that will need to be
// configured on the user's GCP project.
ServiceAccounts []WifServiceAccount
// The workload identity configuration data that will be used to create the
// workload identity pool on the user's account.
WorkloadIdentityPool WifPool
}

struct WifPool {
// Identity provider configuration data that will be created as part of the
// workload identity pool.
IdentityProvider WifIdentityProvider
// The Id of the workload identity pool.
PoolId String
// The display name of the workload identity pool.
PoolName String
}

struct WifIdentityProvider {
AllowedAudiences []String
IdentityProviderId String
IssuerUrl String
Jwks string
}
77 changes: 77 additions & 0 deletions model/clusters_mgmt/v1/wif_configs_resources.model
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
/*
Copyright (c) 2024 Red Hat, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// Manages the collection of wif_configs.
resource WifConfigs {
// Retrieves the list of wif_configs
method List {
// Index of the requested page, where one corresponds to the first page.
in out Page Integer = 1

// Maximum number of items that will be contained in the returned page.
in out Size Integer = 100

// Search criteria.
//
// The syntax of this parameter is similar to the syntax of the _where_ clause of a
// SQL statement, but using the names of the attributes of the cluster instead of
// the names of the columns of a table. For example, in order to retrieve all the
// clusters with a name starting with `my` in the `us-east-1` region the value
// should be:
//
// ```sql
// name like 'my%' and region.id = 'us-east-1'
// ```
//
// If the parameter isn't provided, or if the value is empty, then all the
// wif_configs that the user has permission to see will be returned.
in Search String

// Order criteria.
//
// The syntax of this parameter is similar to the syntax of the _order by_ clause of
// a SQL statement, but using the names of the attributes of the cluster instead of
// the names of the columns of a table. For example, in order to sort the clusters
// descending by region identifier the value should be:
//
// ```sql
// region.id desc
// ```
//
// If the parameter isn't provided, or if the value is empty, then the order of the
// results is undefined.
in Order String

// Total number of items of the collection that match the search criteria,
// regardless of the size of the page.
out Total Integer

// Retrieved list of wif_configs.
out Items []WifConfig
}

// Provision a new wif_config resource and add it to the collection of wif_configs.
method Add {
// Description of the wif_config.
in out Body WifConfig
}

// Returns a reference to the service that manages an specific wif_config.
locator WifConfig {
target WifConfig
variable ID
}
}
44 changes: 44 additions & 0 deletions model/clusters_mgmt/v1/wif_service_account_type.model
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
/*
Copyright (c) 2024 Red Hat, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

struct WifServiceAccount {
AccessMethod WifAccessMethod
CredentialRequest WifCredentialRequest
ServiceAccountId String
OsdRole String
Roles []WifRole
}

enum WifAccessMethod {
Impersonate
Wif
}

struct WifCredentialRequest {
SecretRef WifSecretRef
ServiceAccountNames []String
}

struct WifSecretRef {
Name String
Namespace String
}

struct WifRole {
RoleId String
Predefined Boolean
Permissions []String
}
23 changes: 23 additions & 0 deletions model/clusters_mgmt/v1/wif_template_resource.model
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
/*
Copyright (c) 2024 Red Hat, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// Manages a specific wif_template.
resource WifTemplate {
// Retrieves the details of the wif_template.
method Get {
out Body WifTemplate
}
}
22 changes: 22 additions & 0 deletions model/clusters_mgmt/v1/wif_template_type.model
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
/*
Copyright (c) 2024 Red Hat, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// Definition of an wif_template resource.
class WifTemplate {
// The list of service accounts and their associated roles that this template
// would require to be configured on the user's GCP project.
ServiceAccounts []WifServiceAccount
}
73 changes: 73 additions & 0 deletions model/clusters_mgmt/v1/wif_templates_resource.model
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
/*
Copyright (c) 2024 Red Hat, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// Manages the collection of wif_templates.
// wif_templates hold the GCP resource requirements for wif deployments.
// wif_config resources are based off of wif_templates during creation.
resource WifTemplates {
// Retrieves the list of wif_templates
method List {
// Index of the requested page, where one corresponds to the first page.
in out Page Integer = 1

// Maximum number of items that will be contained in the returned page.
in out Size Integer = 100

// Search criteria.
//
// The syntax of this parameter is similar to the syntax of the _where_ clause of a
// SQL statement, but using the names of the attributes of the cluster instead of
// the names of the columns of a table. For example, in order to retrieve all the
// clusters with a name starting with `my` in the `us-east-1` region the value
// should be:
//
// ```sql
// name like 'my%' and region.id = 'us-east-1'
// ```
//
// If the parameter isn't provided, or if the value is empty, then all the
// wif_templates that the user has permission to see will be returned.
in Search String

// Order criteria.
//
// The syntax of this parameter is similar to the syntax of the _order by_ clause of
// a SQL statement, but using the names of the attributes of the cluster instead of
// the names of the columns of a table. For example, in order to sort the clusters
// descending by region identifier the value should be:
//
// ```sql
// region.id desc
// ```
//
// If the parameter isn't provided, or if the value is empty, then the order of the
// results is undefined.
in Order String

// Total number of items of the collection that match the search criteria,
// regardless of the size of the page.
out Total Integer

// Retrieved list of wif_templates.
out Items []WifTemplate
}

// Returns a reference to the service that manages a specific wif_template.
locator WifTemplate {
target WifTemplate
variable ID
}
}
Loading