|
| 1 | +/* |
| 2 | +Copyright 2025 The Kube Bind Authors. |
| 3 | +
|
| 4 | +Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | +you may not use this file except in compliance with the License. |
| 6 | +You may obtain a copy of the License at |
| 7 | +
|
| 8 | + http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | +
|
| 10 | +Unless required by applicable law or agreed to in writing, software |
| 11 | +distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | +See the License for the specific language governing permissions and |
| 14 | +limitations under the License. |
| 15 | +*/ |
| 16 | + |
| 17 | +package v1alpha2 |
| 18 | + |
| 19 | +import ( |
| 20 | + "fmt" |
| 21 | + |
| 22 | + corev1 "k8s.io/api/core/v1" |
| 23 | + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" |
| 24 | + "k8s.io/apimachinery/pkg/runtime" |
| 25 | + "k8s.io/apimachinery/pkg/runtime/schema" |
| 26 | +) |
| 27 | + |
| 28 | +// InternalAPI describes an API to be imported from some schemes and generated OpenAPI V2 definitions. |
| 29 | +type InternalAPI struct { |
| 30 | + Names apiextensionsv1.CustomResourceDefinitionNames |
| 31 | + GroupVersionResource schema.GroupVersionResource |
| 32 | + Instance runtime.Object |
| 33 | + ResourceScope apiextensionsv1.ResourceScope |
| 34 | + HasStatus bool |
| 35 | +} |
| 36 | + |
| 37 | +// ClaimableAPIs is a list of APIs that can be claimed by a user. |
| 38 | +var ClaimableAPIs = []InternalAPI{ |
| 39 | + { |
| 40 | + Names: apiextensionsv1.CustomResourceDefinitionNames{ |
| 41 | + Plural: "configmaps", |
| 42 | + Singular: "configmap", |
| 43 | + Kind: "ConfigMap", |
| 44 | + }, |
| 45 | + GroupVersionResource: schema.GroupVersionResource{ |
| 46 | + Group: "", |
| 47 | + Version: "v1", |
| 48 | + Resource: "configmaps", |
| 49 | + }, |
| 50 | + Instance: &corev1.ConfigMap{}, |
| 51 | + ResourceScope: apiextensionsv1.NamespaceScoped, |
| 52 | + }, |
| 53 | + { |
| 54 | + Names: apiextensionsv1.CustomResourceDefinitionNames{ |
| 55 | + Plural: "secrets", |
| 56 | + Singular: "secret", |
| 57 | + Kind: "Secret", |
| 58 | + }, |
| 59 | + GroupVersionResource: schema.GroupVersionResource{ |
| 60 | + Group: "", |
| 61 | + Version: "v1", |
| 62 | + Resource: "secrets", |
| 63 | + }, |
| 64 | + Instance: &corev1.Secret{}, |
| 65 | + ResourceScope: apiextensionsv1.NamespaceScoped, |
| 66 | + }, |
| 67 | + { |
| 68 | + Names: apiextensionsv1.CustomResourceDefinitionNames{ |
| 69 | + Plural: "serviceaccounts", |
| 70 | + Singular: "serviceaccount", |
| 71 | + Kind: "ServiceAccount", |
| 72 | + }, |
| 73 | + GroupVersionResource: schema.GroupVersionResource{ |
| 74 | + Group: "", |
| 75 | + Version: "v1", |
| 76 | + Resource: "serviceaccounts", |
| 77 | + }, |
| 78 | + Instance: &corev1.ServiceAccount{}, |
| 79 | + ResourceScope: apiextensionsv1.NamespaceScoped, |
| 80 | + }, |
| 81 | +} |
| 82 | + |
| 83 | +func ResolveClaimableAPI(claim PermissionClaim) (schema.GroupVersionResource, error) { |
| 84 | + for _, api := range ClaimableAPIs { |
| 85 | + if api.Names.Plural == claim.Resource && api.GroupVersionResource.Group == claim.Group { |
| 86 | + return api.GroupVersionResource, nil |
| 87 | + } |
| 88 | + } |
| 89 | + return schema.GroupVersionResource{}, fmt.Errorf("no matching API found") |
| 90 | +} |
0 commit comments