From 0451a5c4bbeba42032f8302c02ce990e3ceb10fe Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Tue, 10 Sep 2024 20:07:07 -0800 Subject: [PATCH] Report all namespace access in SelfSubjectNamespaceAccessReview (#479) Signed-off-by: Tamal Saha --- apis/identity/v1alpha1/openapi_generated.go | 8 ++++++++ .../v1alpha1/selfsubjectnamespaceaccessreview.go | 5 +++-- ...s.appscode.com_selfsubjectnamespaceaccessreviews.yaml | 4 ++++ .../v1alpha1/clickhousebindings.yaml | 9 +++++++++ 4 files changed, 24 insertions(+), 2 deletions(-) diff --git a/apis/identity/v1alpha1/openapi_generated.go b/apis/identity/v1alpha1/openapi_generated.go index db9f5a6e8..89ec14e3d 100644 --- a/apis/identity/v1alpha1/openapi_generated.go +++ b/apis/identity/v1alpha1/openapi_generated.go @@ -22004,6 +22004,13 @@ func schema_resource_metadata_apis_identity_v1alpha1_SubjectAccessNamespaceRevie SchemaProps: spec.SchemaProps{ Type: []string{"object"}, Properties: map[string]spec.Schema{ + "allNamespaces": { + SchemaProps: spec.SchemaProps{ + Default: false, + Type: []string{"boolean"}, + Format: "", + }, + }, "namespaces": { SchemaProps: spec.SchemaProps{ Type: []string{"array"}, @@ -22041,6 +22048,7 @@ func schema_resource_metadata_apis_identity_v1alpha1_SubjectAccessNamespaceRevie }, }, }, + Required: []string{"allNamespaces"}, }, }, } diff --git a/apis/identity/v1alpha1/selfsubjectnamespaceaccessreview.go b/apis/identity/v1alpha1/selfsubjectnamespaceaccessreview.go index 71925b9e7..bd5ad929d 100644 --- a/apis/identity/v1alpha1/selfsubjectnamespaceaccessreview.go +++ b/apis/identity/v1alpha1/selfsubjectnamespaceaccessreview.go @@ -64,8 +64,9 @@ type SelfSubjectNamespaceAccessReviewSpec struct { } type SubjectAccessNamespaceReviewStatus struct { - Namespaces []string `json:"namespaces,omitempty"` - Projects map[string][]string `json:"projects,omitempty"` + AllNamespaces bool `json:"allNamespaces"` + Namespaces []string `json:"namespaces,omitempty"` + Projects map[string][]string `json:"projects,omitempty"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/crds/identity.k8s.appscode.com_selfsubjectnamespaceaccessreviews.yaml b/crds/identity.k8s.appscode.com_selfsubjectnamespaceaccessreviews.yaml index 511f0bde4..b59084051 100644 --- a/crds/identity.k8s.appscode.com_selfsubjectnamespaceaccessreviews.yaml +++ b/crds/identity.k8s.appscode.com_selfsubjectnamespaceaccessreviews.yaml @@ -96,6 +96,8 @@ spec: description: Status is filled in by the server and indicates whether the request is allowed or not properties: + allNamespaces: + type: boolean namespaces: items: type: string @@ -106,6 +108,8 @@ spec: type: string type: array type: object + required: + - allNamespaces type: object required: - spec diff --git a/hub/resourceeditors/catalog.appscode.com/v1alpha1/clickhousebindings.yaml b/hub/resourceeditors/catalog.appscode.com/v1alpha1/clickhousebindings.yaml index 13c1cff20..1f10cc173 100644 --- a/hub/resourceeditors/catalog.appscode.com/v1alpha1/clickhousebindings.yaml +++ b/hub/resourceeditors/catalog.appscode.com/v1alpha1/clickhousebindings.yaml @@ -15,3 +15,12 @@ spec: name: clickhousebindings scope: Namespaced version: v1alpha1 + ui: + editor: + name: catalogappscodecom-clickhousebinding-editor + sourceRef: + apiGroup: source.toolkit.fluxcd.io + kind: HelmRepository + name: appscode-charts-oci + version: v0.5.0 + enforceQuota: false