From 339439529f52107eb58b5bc80cab650745d419f7 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Tue, 9 Nov 2021 09:33:55 +0100 Subject: [PATCH] add some control api pocs --- control-api/openapispec.yaml | 26 ++++++++++++++++++++ control-api/rbac-test.yaml | 47 ++++++++++++++++++++++++++++++++++++ control-api/user-xrd.yaml | 28 +++++++++++++++++++++ control-api/users.yaml | 19 +++++++++++++++ 4 files changed, 120 insertions(+) create mode 100644 control-api/openapispec.yaml create mode 100644 control-api/rbac-test.yaml create mode 100644 control-api/user-xrd.yaml create mode 100644 control-api/users.yaml diff --git a/control-api/openapispec.yaml b/control-api/openapispec.yaml new file mode 100644 index 0000000..7c6558b --- /dev/null +++ b/control-api/openapispec.yaml @@ -0,0 +1,26 @@ +openapi: "3.0.2" +info: + title: CRD + version: 1.0.0 +components: + schemas: + CRD: + type: object + properties: + spec: + type: object + properties: + displayName: + type: string + username: + type: string + email: + type: string + defaultOrganizationRef: + type: string +paths: + /: + get: + responses: + "200": + description: OK diff --git a/control-api/rbac-test.yaml b/control-api/rbac-test.yaml new file mode 100644 index 0000000..94c1372 --- /dev/null +++ b/control-api/rbac-test.yaml @@ -0,0 +1,47 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: d9050409-b5a2-4058-815e-b5dbead893ed-owner +rules: + - apiGroups: ["appuio.io"] + resources: ["users"] + resourceNames: ["d9050409-b5a2-4058-815e-b5dbead893ed"] + verbs: ["get", "update", "patch", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: d9050409-b5a2-4058-815e-b5dbead893ed-owner +subjects: + - kind: User + name: appuio#d9050409-b5a2-4058-815e-b5dbead893ed + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: ClusterRole + name: d9050409-b5a2-4058-815e-b5dbead893ed-owner + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: acme-corp-members-viewer +rules: + - apiGroups: ["appuio.io"] + resources: ["users"] + resourceNames: + - d9050409-b5a2-4058-815e-b5dbead893ed + - bec0d928-2ae2-4cec-94a0-5f72f12b8b39 + verbs: ["get", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: acme-corp-members +subjects: + - kind: Group + name: developer + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: ClusterRole + name: acme-corp-members-viewer + apiGroup: rbac.authorization.k8s.io diff --git a/control-api/user-xrd.yaml b/control-api/user-xrd.yaml new file mode 100644 index 0000000..34c46cc --- /dev/null +++ b/control-api/user-xrd.yaml @@ -0,0 +1,28 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: CompositeResourceDefinition +metadata: + name: users.appuio.io +spec: + group: appuio.io + names: + kind: User + plural: users + versions: + - name: v1 + served: true + referenceable: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + displayName: + type: string + username: + type: string + email: + type: string + defaultOrganizationRef: + type: string diff --git a/control-api/users.yaml b/control-api/users.yaml new file mode 100644 index 0000000..690f8e1 --- /dev/null +++ b/control-api/users.yaml @@ -0,0 +1,19 @@ +apiVersion: appuio.io/v1 +kind: User +metadata: + name: bec0d928-2ae2-4cec-94a0-5f72f12b8b39 +spec: + displayName: Kate Demo + username: kate.demo + email: kate@demo.com + defaultOrganizationRef: acme-corp +--- +apiVersion: appuio.io/v1 +kind: User +metadata: + name: d9050409-b5a2-4058-815e-b5dbead893ed +spec: + displayName: Fredi Hinz + username: fredi.hinz + email: fredi@demo.com + defaultOrganizationRef: acme-corp