Merge branch 'feature/pools' into 'main'

Add VM pools See merge request org/jdrupes/vm-operator!11
mnlipp · Jan 27, 2025 · 85be5b9 · 85be5b9
2 parents e839f7b + 86f6ece
commit 85be5b9
Show file tree

Hide file tree

Showing 34 changed files with 1,563 additions and 450 deletions.
diff --git a/deploy/crds/vmpools-crd.yaml b/deploy/crds/vmpools-crd.yaml
@@ -16,6 +16,15 @@ spec:
             spec:
               type: object
               properties:
+                retention:
+                  description: >-
+                    Defines the timeout for assignments. The time may be
+                    specified as ISO 8601 time or duration. When specifying
+                    a duration, it will be added to the last time the VM's 
+                    console was used to obtain the timeout.
+                  type: string
+                  pattern: '^(?:\d{4}-(?:0[1-9]|1[0-2])-(?:0[1-9]|[12]\d|3[01])T(?:[01]\d|2[0-3]):[0-5]\d:[0-5]\d(?:\.\d{1,9})?(?:Z|[+-](?:[01]\d|2[0-3])(?:|:?[0-5]\d))|P(?:\d+Y)?(?:\d+M)?(?:\d+W)?(?:\d+D)?(?:T(?:\d+[Hh])?(?:\d+[Mm])?(?:\d+(?:\.\d{1,9})?[Ss])?)?)$'
+                  default: "PT1h"
                 permissions:
                   type: array
                   description: >-
@@ -44,7 +53,7 @@ spec:
                           - reset
                           - accessConsole
                           - "*"
-                        default: []
+                        default: ["accessConsole"]
               required:
               - permissions
   # either Namespaced or Cluster

diff --git a/deploy/crds/vms-crd.yaml b/deploy/crds/vms-crd.yaml
@@ -994,6 +994,10 @@ spec:
                   type: array
                   description: >-
                     Defines permissions for accessing and manipulating the VM.
+                    The meaning of most permissions should be obvious. The
+                    difference between "accessConsole" and "takeConsole" is
+                    that "takeConsole" allows the user to take control of
+                    the console even if it is already in use by another user.
                   items:
                     type: object
                     description: >-
@@ -1017,12 +1021,13 @@ spec:
                           - stop
                           - reset
                           - accessConsole
+                          - takeConsole
                           - "*"
                         default: []
                 pools:
                   type: array
                   description: >-
-                    List of pools to which this VM belongs.
+                    List of pools this VM belongs to.
                   items:
                     type: string
                   default: []
@@ -1486,6 +1491,24 @@ spec:
                     by the runner if password protection is not enabled.
                   type: integer
                   default: 0
+                assignment:
+                  description: >-
+                    The assignment of this VM to a a particular user.
+                  type: object
+                  properties:
+                    pool:
+                      description: >-
+                        The pool this VM is taken from.
+                      type: string
+                    user:
+                      description: >-
+                        The user this VM is assigned to.
+                      type: string
+                    lastUsed:
+                      description: >-
+                        The last time this VM was used by the user.
+                      type: string
+                  default: {}
                 conditions:
                   description: >-
                     List of component conditions observed

diff --git a/dev-example/config.yaml b/dev-example/config.yaml
@@ -40,15 +40,30 @@
           - name: admin
             fullName: Administrator
             password: "$2b$05$NiBd74ZGdplLC63ePZf1f.UtjMKkbQ23cQoO2OKOFalDBHWAOy21."
-          - name: test
-            fullName: Test Account
+          - name: operator
+            fullName: Operator
+            password: "$2b$05$hZaI/jToXf/d3BctZdT38Or7H7h6Pn2W3WiB49p5AyhDHFkkYCvo2"
+          - name: test1
+            fullName: Test Account 1
+            password: "$2b$05$hZaI/jToXf/d3BctZdT38Or7H7h6Pn2W3WiB49p5AyhDHFkkYCvo2"
+          - name: test2
+            fullName: Test Account 2
+            password: "$2b$05$hZaI/jToXf/d3BctZdT38Or7H7h6Pn2W3WiB49p5AyhDHFkkYCvo2"
+          - name: test3
+            fullName: Test Account 3
             password: "$2b$05$hZaI/jToXf/d3BctZdT38Or7H7h6Pn2W3WiB49p5AyhDHFkkYCvo2"
         "/RoleConfigurator":
           rolesByUser:
             # User admin has role admin
             admin:
             - admin
-            test:
+            operator:
+            - operator
+            test1:
+            - user
+            test2:
+            - user
+            test3:
             - user
             # All users have role other
             "*":
@@ -59,8 +74,10 @@
             # Admins can use all conlets
             admin:
             - "*"
+            operator:
+            - org.jdrupes.vmoperator.vmaccess.VmAccess
             user:
-            - org.jdrupes.vmoperator.vmviewer.VmViewer
+            - org.jdrupes.vmoperator.vmaccess.VmAccess
             # Others cannot use any conlet (except login conlet to log out)
             other:
             - org.jgrapes.webconlet.oidclogin.LoginConlet

diff --git a/dev-example/kustomization.yaml b/dev-example/kustomization.yaml
@@ -54,15 +54,25 @@ patches:
                   - name: admin
                     fullName: Administrator
                     password: "$2b$05$NiBd74ZGdplLC63ePZf1f.UtjMKkbQ23cQoO2OKOFalDBHWAOy21."
-                  - name: test
+                  - name: test1
+                    fullName: Test Account
+                    password: "$2b$05$hZaI/jToXf/d3BctZdT38Or7H7h6Pn2W3WiB49p5AyhDHFkkYCvo2"
+                  - name: test2
+                    fullName: Test Account
+                    password: "$2b$05$hZaI/jToXf/d3BctZdT38Or7H7h6Pn2W3WiB49p5AyhDHFkkYCvo2"
+                  - name: test3
                     fullName: Test Account
                     password: "$2b$05$hZaI/jToXf/d3BctZdT38Or7H7h6Pn2W3WiB49p5AyhDHFkkYCvo2"
                 "/RoleConfigurator":
                   rolesByUser:
                     # User admin has role admin
                     admin:
                     - admin
-                    test:
+                    test1:
+                    - user
+                    test2:
+                    - user
+                    test3:
                     - user
                     # All users have role other
                     "*":

diff --git a/dev-example/test-pool.yaml b/dev-example/test-pool.yaml
@@ -4,7 +4,11 @@ metadata:
   namespace: vmop-dev
   name: test-vms
 spec:
+  retention: "PT1m"
   permissions:
   - user: admin
     may:
     - accessConsole
+  - role: user
+    may:
+    - accessConsole
diff --git a/dev-example/test-vm.tpl.yaml b/dev-example/test-vm.tpl.yaml
@@ -21,9 +21,6 @@ spec:
   - role: admin
     may: 
     - "*"
-  - user: test
-    may:
-    - accessConsole
 
   guestShutdownStops: true
 

diff --git a/dev-example/test-vm.yaml b/dev-example/test-vm.yaml
@@ -14,9 +14,6 @@ spec:
   - user: admin
     may: 
     - "*"
-  - user: test
-    may:
-    - "accessConsole"
 
   resources:
     requests:

diff --git a/org.jdrupes.vmoperator.common/build.gradle b/org.jdrupes.vmoperator.common/build.gradle
@@ -13,4 +13,5 @@ dependencies {
     api 'org.jgrapes:org.jgrapes.core:[1.22.1,2)'
     api 'io.kubernetes:client-java:[19.0.0,20.0.0)'
     api 'org.yaml:snakeyaml'
+    api 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:[2.16.1,3]'
 }
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sClusterGenericStub.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sClusterGenericStub.java
@@ -45,7 +45,8 @@
  * @param <O> the generic type
  * @param <L> the generic type
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
+@SuppressWarnings({ "PMD.DataflowAnomalyAnalysis",
+    "PMD.CouplingBetweenObjects" })
 public class K8sClusterGenericStub<O extends KubernetesObject,
         L extends KubernetesListObject> {
     protected final K8sClient client;
@@ -373,7 +374,7 @@ R create(Class<O> objectClass, Class<L> objectListClass,
     public static <O extends KubernetesObject, L extends KubernetesListObject,
             R extends K8sClusterGenericStub<O, L>>
             Collection<R> list(Class<O> objectClass, Class<L> objectListClass,
-                    K8sClient client, APIResource context, 
+                    K8sClient client, APIResource context,
                     ListOptions options, GenericSupplier<O, L, R> provider)
                     throws ApiException {
         var result = new ArrayList<R>();