From 23db8ce20b51ec69c365107c857c7f43ec15c957 Mon Sep 17 00:00:00 2001 From: Renan Campos Date: Thu, 29 Aug 2024 13:32:24 -0400 Subject: [PATCH 1/2] OCM-10387 | Wif API updates to suppport SRE access Defining wif support The support group specifies the permissions the user needs to grant the SRE team in order to perform the SOPs needed to service OSD-GCP clusters. The granting of these permissions occurs on the client side after they have created a WifConfig resource. Added wif access method --- model/clusters_mgmt/v1/wif_config_type.model | 2 ++ .../v1/wif_service_account_type.model | 1 + model/clusters_mgmt/v1/wif_support_type.model | 20 +++++++++++++++++++ .../v2alpha1/wif_config_type.model | 2 ++ .../v2alpha1/wif_service_account_type.model | 1 + .../v2alpha1/wif_support_type.model | 20 +++++++++++++++++++ 6 files changed, 46 insertions(+) create mode 100644 model/clusters_mgmt/v1/wif_support_type.model create mode 100644 model/clusters_mgmt/v2alpha1/wif_support_type.model diff --git a/model/clusters_mgmt/v1/wif_config_type.model b/model/clusters_mgmt/v1/wif_config_type.model index d229872b..4172d2b4 100644 --- a/model/clusters_mgmt/v1/wif_config_type.model +++ b/model/clusters_mgmt/v1/wif_config_type.model @@ -36,6 +36,8 @@ struct WifGcp { // The list of service accounts and their associated roles that will need to be // configured on the user's GCP project. ServiceAccounts []WifServiceAccount + // Defines the access configuration for support. + Support WifSupport // The workload identity configuration data that will be used to create the // workload identity pool on the user's account. WorkloadIdentityPool WifPool diff --git a/model/clusters_mgmt/v1/wif_service_account_type.model b/model/clusters_mgmt/v1/wif_service_account_type.model index a1c53083..00c9477e 100644 --- a/model/clusters_mgmt/v1/wif_service_account_type.model +++ b/model/clusters_mgmt/v1/wif_service_account_type.model @@ -24,6 +24,7 @@ struct WifServiceAccount { enum WifAccessMethod { Impersonate + Vm Wif } diff --git a/model/clusters_mgmt/v1/wif_support_type.model b/model/clusters_mgmt/v1/wif_support_type.model new file mode 100644 index 00000000..1ecd7110 --- /dev/null +++ b/model/clusters_mgmt/v1/wif_support_type.model @@ -0,0 +1,20 @@ +/* +Copyright (c) 2024 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +struct WifSupport { + Principal String + Roles []WifRole +} diff --git a/model/clusters_mgmt/v2alpha1/wif_config_type.model b/model/clusters_mgmt/v2alpha1/wif_config_type.model index 08ffd6eb..874fc371 100644 --- a/model/clusters_mgmt/v2alpha1/wif_config_type.model +++ b/model/clusters_mgmt/v2alpha1/wif_config_type.model @@ -32,6 +32,8 @@ struct WifGcp { // The list of service accounts and their associated roles that will need to be // configured on the user's GCP project. ServiceAccounts []WifServiceAccount + // Defines the access configuration for support. + Support WifSupport // The workload identity configuration data that will be used to create the // workload identity pool on the user's account. WorkloadIdentityPool WifPool diff --git a/model/clusters_mgmt/v2alpha1/wif_service_account_type.model b/model/clusters_mgmt/v2alpha1/wif_service_account_type.model index a1c53083..00c9477e 100644 --- a/model/clusters_mgmt/v2alpha1/wif_service_account_type.model +++ b/model/clusters_mgmt/v2alpha1/wif_service_account_type.model @@ -24,6 +24,7 @@ struct WifServiceAccount { enum WifAccessMethod { Impersonate + Vm Wif } diff --git a/model/clusters_mgmt/v2alpha1/wif_support_type.model b/model/clusters_mgmt/v2alpha1/wif_support_type.model new file mode 100644 index 00000000..1ecd7110 --- /dev/null +++ b/model/clusters_mgmt/v2alpha1/wif_support_type.model @@ -0,0 +1,20 @@ +/* +Copyright (c) 2024 Red Hat, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +struct WifSupport { + Principal String + Roles []WifRole +} From 897888118ecf6f4ab488f991700510a29f3df658 Mon Sep 17 00:00:00 2001 From: Renan Campos Date: Tue, 3 Sep 2024 13:24:34 -0400 Subject: [PATCH 2/2] chore: release v0.0.392 --- CHANGES.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index 67ba1743..8b771333 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -2,6 +2,10 @@ This document describes the relevant changes between releases of the API model. +## 0.0.392 Sep 03 2024 +- Defined "support" field in WifConfig structure +- Added "vm" WIF access method + ## 0.0.391 Aug 28 2024 - Add `RegistryConfig` attribute to `Cluster` model - Add `RegistryAllowlist` resource and endpoints