github-personal/cozystack
1
0
Fork 0
mirror of https://github.com/outbackdingo/cozystack.git synced 2026-01-28 02:18:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

[platform] Add secret selectors to app definitions

Browse Source 
This patch expands the CozystackResourceDefinitions with new label
selector fields to include and exclude secrets by their labelsets.
This will enable application developers to selectively show or hide
application secrets to and from end-users.

```release-note
[platform] Add selectors for application secrets, offering developers
an API to control secret visibility for end users.
```

Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
This commit is contained in:
Timofei Larkin
2025-09-23 17:37:23 +03:00
parent 66b53cb1ae
commit 48919c0cfe
1 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
api/v1alpha1/cozystackresourcedefinitions_types.go
View File

@@ -32,7 +32,7 @@ type CozystackResourceDefinition struct {
// +kubebuilder:object:root=true
// CozystackResourceDefinitionList contains a list of CozystackResourceDefinition
// CozystackResourceDefinitionList contains a list of CozystackResourceDefinitions
type CozystackResourceDefinitionList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
@@ -48,6 +48,8 @@ type CozystackResourceDefinitionSpec struct {
Application CozystackResourceDefinitionApplication `json:"application"`
// Release configuration
Release CozystackResourceDefinitionRelease `json:"release"`
// Secret selectors
Secrets CozystackResourceDefinitionSecrets `json:"secrets,omitempty"`
}
type CozystackResourceDefinitionChart struct {
@@ -87,3 +89,15 @@ type CozystackResourceDefinitionRelease struct {
// Prefix for the release name
Prefix string `json:"prefix"`
}
type CozystackResourceDefinitionSecrets struct {
// Exclude contains an array of label selectors that target secrets.
// If a secret matches the selector in any of the elements in the array, it is
// hidden from the user, regardless of the matches in the include array.
Exclude []*metav1.LabelSelector `json:"exclude,omitempty"`
// Include contains an array of label selectors that target secrets.
// If a secret matches the selector in any of the elements in the array, and
// matches none of the selectors in the exclude array that secret is marked
// as a tenant secret and is visible to users.
Include []*metav1.LabelSelector `json:"include,omitempty"`
}