diff --git a/model/clusters_mgmt/v1/break_glass_credential_resource.model b/model/clusters_mgmt/v1/break_glass_credential_resource.model new file mode 100644 index 00000000..aeab3200 --- /dev/null +++ b/model/clusters_mgmt/v1/break_glass_credential_resource.model @@ -0,0 +1,23 @@ +/* +Copyright (c) 2024 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Manages a specific break glass credential. +resource BreakGlassCredential { + // Retrieves the details of the break glass credential. + method Get { + out Body BreakGlassCredential + } +} diff --git a/model/clusters_mgmt/v1/break_glass_credential_type.model b/model/clusters_mgmt/v1/break_glass_credential_type.model new file mode 100644 index 00000000..c9207dfb --- /dev/null +++ b/model/clusters_mgmt/v1/break_glass_credential_type.model @@ -0,0 +1,43 @@ +/* +Copyright (c) 2024 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Representation of a break glass credential. +class BreakGlassCredential { + // Username is the user which will be used for this credential. + Username String + + // ExpirationTimestamp is the date and time when the credential will expire. + ExpirationTimestamp Date + + // RevocationTimestamp is the date and time when the credential has been revoked. + RevocationTimestamp Date + + // Status is the status of this credential + Status BreakGlassCredentialStatus + + // Kubeconfig is the generated kubeconfig for this credential. It is only stored in memory + Kubeconfig String +} + +// Status of the break glass credential. +enum BreakGlassCredentialStatus { + Created + Issued + Expired + AwaitingRevocation + Revoked + Failed +} diff --git a/model/clusters_mgmt/v1/break_glass_credentials_resource.model b/model/clusters_mgmt/v1/break_glass_credentials_resource.model new file mode 100644 index 00000000..425ce491 --- /dev/null +++ b/model/clusters_mgmt/v1/break_glass_credentials_resource.model @@ -0,0 +1,53 @@ +/* +Copyright (c) 2024 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Manages the break glass credentials of a cluster. +resource BreakGlassCredentials { + // Retrieves the list of break glass credentials. + // + // IMPORTANT: This collection doesn't currently support paging or searching, so the returned + // `page` will always be 1 and `size` and `total` will always be the total number of break + // glass credentials for this cluster. + method List { + // Index of the requested page, where one corresponds to the first page. + in out Page Integer = 1 + + // Number of items contained in the returned page. + in out Size Integer = 100 + + // Total number of items of the collection. + out Total Integer + + // Retrieved list of break glass credentials. + out Items []BreakGlassCredential + } + + // Adds a new break glass credential to the cluster. + method Add { + // Description of the break glass credential. + in out Body BreakGlassCredential + } + + // Revokes all the break glass certificates signed by a specific signer. + method Delete { + } + + // Reference to the service that manages a specific break glass credential. + locator BreakGlassCredential { + target BreakGlassCredential + variable ID + } +} diff --git a/model/clusters_mgmt/v1/cluster_resource.model b/model/clusters_mgmt/v1/cluster_resource.model index bb1dfab0..bddc515a 100644 --- a/model/clusters_mgmt/v1/cluster_resource.model +++ b/model/clusters_mgmt/v1/cluster_resource.model @@ -74,6 +74,11 @@ resource Cluster { target ExternalConfiguration } + // Reference to the resource that manages the break glass credentials. + locator BreakGlassCredentials { + target BreakGlassCredentials + } + // Reference to the resource that manages the cluster's provision shard. locator ProvisionShard { target ProvisionShard