diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go index 4031c5dbf..c70f014aa 100644 --- a/api/v1/zz_generated.deepcopy.go +++ b/api/v1/zz_generated.deepcopy.go @@ -1874,6 +1874,13 @@ func (in *PermissionObject) DeepCopyInto(out *PermissionObject) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Connections != nil { + in, out := &in.Connections, &out.Connections + *out = make([]types.ResourceSelector, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Configs != nil { in, out := &in.Configs, &out.Configs *out = make([]types.ResourceSelector, len(*in)) diff --git a/config/crds/mission-control.flanksource.com_permissions.yaml b/config/crds/mission-control.flanksource.com_permissions.yaml index b694ecb32..17edcf55e 100644 --- a/config/crds/mission-control.flanksource.com_permissions.yaml +++ b/config/crds/mission-control.flanksource.com_permissions.yaml @@ -185,6 +185,66 @@ spec: type: array type: object type: array + connections: + items: + properties: + agent: + description: |- + Agent can be the agent id or the name of the agent. + Additionally, the special "self" value can be used to select resources without an agent. + type: string + cache: + description: |- + Cache directives + 'no-cache' (should not fetch from cache but can be cached) + 'no-store' (should not cache) + 'max-age=X' (cache for X duration) + type: string + fieldSelector: + type: string + health: + description: |- + Health filters resources by the health. + Multiple healths can be provided separated by comma. + type: string + id: + type: string + includeDeleted: + type: boolean + labelSelector: + type: string + limit: + type: integer + name: + type: string + namespace: + type: string + scope: + description: |- + Scope is the reference for parent of the resource to select. + For config items, the scope is the scraper id + For checks, it's canaries and + For components, it's topology. + It can either be a uuid or namespace/name + type: string + search: + description: Search query that applies to the resource name, + tag & labels. + type: string + statuses: + description: Statuses filter resources by the status + items: + type: string + type: array + tagSelector: + type: string + types: + description: Types filter resources by the type + items: + type: string + type: array + type: object + type: array playbooks: items: properties: diff --git a/config/crds/mission-control.flanksource.com_playbooks.yaml b/config/crds/mission-control.flanksource.com_playbooks.yaml index 8c1b28eb2..73e8759c3 100644 --- a/config/crds/mission-control.flanksource.com_playbooks.yaml +++ b/config/crds/mission-control.flanksource.com_playbooks.yaml @@ -817,8 +817,313 @@ spec: type: object kubernetes: properties: + cnrm: + properties: + clusterResource: + type: string + clusterResourceNamespace: + type: string + gke: + properties: + cluster: + type: string + connection: + description: ConnectionName of the connection. + It'll be used to populate the endpoint + and credentials. + type: string + credentials: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + description: Key is a JSONPath + expression used to fetch the + key from the merged JSON. + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + description: ServiceAccount specifies + the service account whose token + should be fetched + type: string + type: object + type: object + endpoint: + type: string + projectID: + type: string + skipTLSVerify: + description: Skip TLS verify + type: boolean + zone: + type: string + required: + - cluster + - projectID + - zone + type: object + required: + - clusterResource + - clusterResourceNamespace + - gke + type: object connection: + description: Connection name to populate kubeconfig type: string + eks: + properties: + accessKey: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + description: Key is a JSONPath expression + used to fetch the key from the + merged JSON. + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + description: ServiceAccount specifies + the service account whose token should + be fetched + type: string + type: object + type: object + assumeRole: + type: string + cluster: + type: string + connection: + description: ConnectionName of the connection. + It'll be used to populate the endpoint, accessKey + and secretKey. + type: string + endpoint: + type: string + region: + type: string + secretKey: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + description: Key is a JSONPath expression + used to fetch the key from the + merged JSON. + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + description: ServiceAccount specifies + the service account whose token should + be fetched + type: string + type: object + type: object + sessionToken: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + description: Key is a JSONPath expression + used to fetch the key from the + merged JSON. + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + description: ServiceAccount specifies + the service account whose token should + be fetched + type: string + type: object + type: object + skipTLSVerify: + description: Skip TLS verify when connecting + to aws + type: boolean + required: + - cluster + type: object + gke: + properties: + cluster: + type: string + connection: + description: ConnectionName of the connection. + It'll be used to populate the endpoint and + credentials. + type: string + credentials: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + description: Key is a JSONPath expression + used to fetch the key from the + merged JSON. + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + description: ServiceAccount specifies + the service account whose token should + be fetched + type: string + type: object + type: object + endpoint: + type: string + projectID: + type: string + skipTLSVerify: + description: Skip TLS verify + type: boolean + zone: + type: string + required: + - cluster + - projectID + - zone + type: object kubeconfig: properties: name: diff --git a/config/schemas/permission.schema.json b/config/schemas/permission.schema.json index 15564c22f..9e1427dac 100644 --- a/config/schemas/permission.schema.json +++ b/config/schemas/permission.schema.json @@ -166,6 +166,12 @@ }, "type": "array" }, + "connections": { + "items": { + "$ref": "#/$defs/ResourceSelector" + }, + "type": "array" + }, "configs": { "items": { "$ref": "#/$defs/ResourceSelector" diff --git a/config/schemas/playbook-spec.schema.json b/config/schemas/playbook-spec.schema.json index e4222f656..9412ee21a 100644 --- a/config/schemas/playbook-spec.schema.json +++ b/config/schemas/playbook-spec.schema.json @@ -199,6 +199,26 @@ "additionalProperties": false, "type": "object" }, + "CNRMConnection": { + "properties": { + "gke": { + "$ref": "#/$defs/GKEConnection" + }, + "clusterResource": { + "type": "string" + }, + "clusterResourceNamespace": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "gke", + "clusterResource", + "clusterResourceNamespace" + ] + }, "ConfigMapKeySelector": { "properties": { "name": { @@ -214,6 +234,42 @@ "key" ] }, + "EKSConnection": { + "properties": { + "connection": { + "type": "string" + }, + "accessKey": { + "$ref": "#/$defs/EnvVar" + }, + "secretKey": { + "$ref": "#/$defs/EnvVar" + }, + "sessionToken": { + "$ref": "#/$defs/EnvVar" + }, + "assumeRole": { + "type": "string" + }, + "region": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "skipTLSVerify": { + "type": "boolean" + }, + "cluster": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "cluster" + ] + }, "EnvVar": { "properties": { "name": { @@ -322,6 +378,38 @@ "additionalProperties": false, "type": "object" }, + "GKEConnection": { + "properties": { + "connection": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "credentials": { + "$ref": "#/$defs/EnvVar" + }, + "skipTLSVerify": { + "type": "boolean" + }, + "projectID": { + "type": "string" + }, + "zone": { + "type": "string" + }, + "cluster": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "projectID", + "zone", + "cluster" + ] + }, "GitConnection": { "properties": { "url": { @@ -602,6 +690,15 @@ }, "kubeconfig": { "$ref": "#/$defs/EnvVar" + }, + "eks": { + "$ref": "#/$defs/EKSConnection" + }, + "gke": { + "$ref": "#/$defs/GKEConnection" + }, + "cnrm": { + "$ref": "#/$defs/CNRMConnection" } }, "additionalProperties": false, diff --git a/config/schemas/playbook.schema.json b/config/schemas/playbook.schema.json index edcdb1b3b..dd452f8eb 100644 --- a/config/schemas/playbook.schema.json +++ b/config/schemas/playbook.schema.json @@ -199,6 +199,26 @@ "additionalProperties": false, "type": "object" }, + "CNRMConnection": { + "properties": { + "gke": { + "$ref": "#/$defs/GKEConnection" + }, + "clusterResource": { + "type": "string" + }, + "clusterResourceNamespace": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "gke", + "clusterResource", + "clusterResourceNamespace" + ] + }, "ConfigMapKeySelector": { "properties": { "name": { @@ -214,6 +234,42 @@ "key" ] }, + "EKSConnection": { + "properties": { + "connection": { + "type": "string" + }, + "accessKey": { + "$ref": "#/$defs/EnvVar" + }, + "secretKey": { + "$ref": "#/$defs/EnvVar" + }, + "sessionToken": { + "$ref": "#/$defs/EnvVar" + }, + "assumeRole": { + "type": "string" + }, + "region": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "skipTLSVerify": { + "type": "boolean" + }, + "cluster": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "cluster" + ] + }, "EnvVar": { "properties": { "name": { @@ -327,6 +383,38 @@ "additionalProperties": false, "type": "object" }, + "GKEConnection": { + "properties": { + "connection": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "credentials": { + "$ref": "#/$defs/EnvVar" + }, + "skipTLSVerify": { + "type": "boolean" + }, + "projectID": { + "type": "string" + }, + "zone": { + "type": "string" + }, + "cluster": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "projectID", + "zone", + "cluster" + ] + }, "GitConnection": { "properties": { "url": { @@ -607,6 +695,15 @@ }, "kubeconfig": { "$ref": "#/$defs/EnvVar" + }, + "eks": { + "$ref": "#/$defs/EKSConnection" + }, + "gke": { + "$ref": "#/$defs/GKEConnection" + }, + "cnrm": { + "$ref": "#/$defs/CNRMConnection" } }, "additionalProperties": false,