diff --git a/api/models/models_v1_machine_allocation.go b/api/models/models_v1_machine_allocation.go index 2a67db4..ad56f1b 100644 --- a/api/models/models_v1_machine_allocation.go +++ b/api/models/models_v1_machine_allocation.go @@ -20,6 +20,10 @@ import ( // swagger:model models.V1MachineAllocation type ModelsV1MachineAllocation struct { + // allocationuuid + // Required: true + Allocationuuid *string `json:"allocationuuid"` + // boot info BootInfo *ModelsV1BootInfo `json:"boot_info,omitempty"` @@ -83,6 +87,10 @@ type ModelsV1MachineAllocation struct { func (m *ModelsV1MachineAllocation) Validate(formats strfmt.Registry) error { var res []error + if err := m.validateAllocationuuid(formats); err != nil { + res = append(res, err) + } + if err := m.validateBootInfo(formats); err != nil { res = append(res, err) } @@ -145,6 +153,15 @@ func (m *ModelsV1MachineAllocation) Validate(formats strfmt.Registry) error { return nil } +func (m *ModelsV1MachineAllocation) validateAllocationuuid(formats strfmt.Registry) error { + + if err := validate.Required("allocationuuid", "body", m.Allocationuuid); err != nil { + return err + } + + return nil +} + func (m *ModelsV1MachineAllocation) validateBootInfo(formats strfmt.Registry) error { if swag.IsZero(m.BootInfo) { // not required return nil diff --git a/api/models/v1_machine_usage.go b/api/models/v1_machine_usage.go index 8acee0d..1d60490 100644 --- a/api/models/v1_machine_usage.go +++ b/api/models/v1_machine_usage.go @@ -19,6 +19,10 @@ import ( // swagger:model v1.MachineUsage type V1MachineUsage struct { + // the allocation id of this machine + // Required: true + Allocationid *string `json:"allocationid"` + // the cluster id of this machine // Required: true Clusterid *string `json:"clusterid"` @@ -86,6 +90,10 @@ type V1MachineUsage struct { func (m *V1MachineUsage) Validate(formats strfmt.Registry) error { var res []error + if err := m.validateAllocationid(formats); err != nil { + res = append(res, err) + } + if err := m.validateClusterid(formats); err != nil { res = append(res, err) } @@ -152,6 +160,15 @@ func (m *V1MachineUsage) Validate(formats strfmt.Registry) error { return nil } +func (m *V1MachineUsage) validateAllocationid(formats strfmt.Registry) error { + + if err := validate.Required("allocationid", "body", m.Allocationid); err != nil { + return err + } + + return nil +} + func (m *V1MachineUsage) validateClusterid(formats strfmt.Registry) error { if err := validate.Required("clusterid", "body", m.Clusterid); err != nil { diff --git a/api/models/v1_network_access_restrictions.go b/api/models/v1_network_access_restrictions.go new file mode 100644 index 0000000..ca2e3cc --- /dev/null +++ b/api/models/v1_network_access_restrictions.go @@ -0,0 +1,88 @@ +// Code generated by go-swagger; DO NOT EDIT. + +package models + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "context" + + "github.com/go-openapi/errors" + "github.com/go-openapi/strfmt" + "github.com/go-openapi/swag" + "github.com/go-openapi/validate" +) + +// V1NetworkAccessRestrictions v1 network access restrictions +// +// swagger:model v1.NetworkAccessRestrictions +type V1NetworkAccessRestrictions struct { + + // the list of networks which are allowed to configure if networkAccessTypeForbidden is specified + // Required: true + AllowedNetworks []string `json:"allowed_networks"` + + // list of registries which are configured to pull only strictly required container images + // Required: true + MaskedRegistries []string `json:"masked_registries"` +} + +// Validate validates this v1 network access restrictions +func (m *V1NetworkAccessRestrictions) Validate(formats strfmt.Registry) error { + var res []error + + if err := m.validateAllowedNetworks(formats); err != nil { + res = append(res, err) + } + + if err := m.validateMaskedRegistries(formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (m *V1NetworkAccessRestrictions) validateAllowedNetworks(formats strfmt.Registry) error { + + if err := validate.Required("allowed_networks", "body", m.AllowedNetworks); err != nil { + return err + } + + return nil +} + +func (m *V1NetworkAccessRestrictions) validateMaskedRegistries(formats strfmt.Registry) error { + + if err := validate.Required("masked_registries", "body", m.MaskedRegistries); err != nil { + return err + } + + return nil +} + +// ContextValidate validates this v1 network access restrictions based on context it is used +func (m *V1NetworkAccessRestrictions) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + return nil +} + +// MarshalBinary interface implementation +func (m *V1NetworkAccessRestrictions) MarshalBinary() ([]byte, error) { + if m == nil { + return nil, nil + } + return swag.WriteJSON(m) +} + +// UnmarshalBinary interface implementation +func (m *V1NetworkAccessRestrictions) UnmarshalBinary(b []byte) error { + var res V1NetworkAccessRestrictions + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *m = res + return nil +} diff --git a/api/models/v1_shoot_constraints.go b/api/models/v1_shoot_constraints.go index f751357..5970748 100644 --- a/api/models/v1_shoot_constraints.go +++ b/api/models/v1_shoot_constraints.go @@ -44,6 +44,10 @@ type V1ShootConstraints struct { // Required: true MachineTypes []string `json:"machine_types"` + // network restrictions by partition + // Required: true + NetworkAccessRestrictions map[string]V1NetworkAccessRestrictions `json:"network_access_restrictions"` + // the list of available networks for cluster creation // Required: true Networks []*V1Network `json:"networks"` @@ -85,6 +89,10 @@ func (m *V1ShootConstraints) Validate(formats strfmt.Registry) error { res = append(res, err) } + if err := m.validateNetworkAccessRestrictions(formats); err != nil { + res = append(res, err) + } + if err := m.validateNetworks(formats); err != nil { res = append(res, err) } @@ -193,6 +201,33 @@ func (m *V1ShootConstraints) validateMachineTypes(formats strfmt.Registry) error return nil } +func (m *V1ShootConstraints) validateNetworkAccessRestrictions(formats strfmt.Registry) error { + + if err := validate.Required("network_access_restrictions", "body", m.NetworkAccessRestrictions); err != nil { + return err + } + + for k := range m.NetworkAccessRestrictions { + + if err := validate.Required("network_access_restrictions"+"."+k, "body", m.NetworkAccessRestrictions[k]); err != nil { + return err + } + if val, ok := m.NetworkAccessRestrictions[k]; ok { + if err := val.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("network_access_restrictions" + "." + k) + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("network_access_restrictions" + "." + k) + } + return err + } + } + + } + + return nil +} + func (m *V1ShootConstraints) validateNetworks(formats strfmt.Registry) error { if err := validate.Required("networks", "body", m.Networks); err != nil { @@ -250,6 +285,10 @@ func (m *V1ShootConstraints) ContextValidate(ctx context.Context, formats strfmt res = append(res, err) } + if err := m.contextValidateNetworkAccessRestrictions(ctx, formats); err != nil { + res = append(res, err) + } + if err := m.contextValidateNetworks(ctx, formats); err != nil { res = append(res, err) } @@ -310,6 +349,25 @@ func (m *V1ShootConstraints) contextValidateMachineImages(ctx context.Context, f return nil } +func (m *V1ShootConstraints) contextValidateNetworkAccessRestrictions(ctx context.Context, formats strfmt.Registry) error { + + if err := validate.Required("network_access_restrictions", "body", m.NetworkAccessRestrictions); err != nil { + return err + } + + for k := range m.NetworkAccessRestrictions { + + if val, ok := m.NetworkAccessRestrictions[k]; ok { + if err := val.ContextValidate(ctx, formats); err != nil { + return err + } + } + + } + + return nil +} + func (m *V1ShootConstraints) contextValidateNetworks(ctx context.Context, formats strfmt.Registry) error { for i := 0; i < len(m.Networks); i++ { diff --git a/cloud-api.json b/cloud-api.json index 263efb2..96bada9 100644 --- a/cloud-api.json +++ b/cloud-api.json @@ -439,6 +439,9 @@ }, "models.V1MachineAllocation": { "properties": { + "allocationuuid": { + "type": "string" + }, "boot_info": { "$ref": "#/definitions/models.V1BootInfo" }, @@ -495,6 +498,7 @@ } }, "required": [ + "allocationuuid", "created", "creator", "hostname", @@ -2661,6 +2665,10 @@ }, "v1.MachineUsage": { "properties": { + "allocationid": { + "description": "the allocation id of this machine", + "type": "string" + }, "clusterid": { "description": "the cluster id of this machine", "type": "string" @@ -2726,6 +2734,7 @@ } }, "required": [ + "allocationid", "clusterid", "contract", "debtorid", @@ -2967,6 +2976,28 @@ "Prefixes" ] }, + "v1.NetworkAccessRestrictions": { + "properties": { + "allowed_networks": { + "description": "the list of networks which are allowed to configure if networkAccessTypeForbidden is specified", + "items": { + "type": "string" + }, + "type": "array" + }, + "masked_registries": { + "description": "list of registries which are configured to pull only strictly required container images", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "allowed_networks", + "masked_registries" + ] + }, "v1.NetworkUsage": { "properties": { "annotations": { @@ -4706,6 +4737,13 @@ }, "type": "array" }, + "network_access_restrictions": { + "additionalProperties": { + "$ref": "#/definitions/v1.NetworkAccessRestrictions" + }, + "description": "network restrictions by partition", + "type": "object" + }, "networks": { "description": "the list of available networks for cluster creation", "items": { @@ -4738,6 +4776,7 @@ "kubernetes_versions", "machine_images", "machine_types", + "network_access_restrictions", "networks", "partitions", "seeds" diff --git a/go.mod b/go.mod index e6bc557..adb9b43 100644 --- a/go.mod +++ b/go.mod @@ -8,14 +8,14 @@ require ( github.com/go-openapi/strfmt v0.22.0 github.com/go-openapi/swag v0.22.9 github.com/go-openapi/validate v0.22.6 - github.com/metal-stack/metal-lib v0.14.3 + github.com/metal-stack/metal-lib v0.14.4 github.com/metal-stack/security v0.7.1 github.com/stretchr/testify v1.8.4 ) require ( github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect - github.com/coreos/go-oidc/v3 v3.8.0 // indirect + github.com/coreos/go-oidc/v3 v3.9.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect github.com/go-jose/go-jose/v3 v3.0.1 // indirect @@ -44,7 +44,7 @@ require ( github.com/opentracing/opentracing-go v1.2.0 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/segmentio/asm v1.2.0 // indirect - github.com/stretchr/objx v0.5.0 // indirect + github.com/stretchr/objx v0.5.1 // indirect go.mongodb.org/mongo-driver v1.13.1 // indirect go.opentelemetry.io/otel v1.17.0 // indirect go.opentelemetry.io/otel/metric v1.17.0 // indirect @@ -52,7 +52,7 @@ require ( golang.org/x/crypto v0.18.0 // indirect golang.org/x/net v0.20.0 // indirect golang.org/x/oauth2 v0.16.0 // indirect - golang.org/x/sync v0.5.0 // indirect + golang.org/x/sync v0.6.0 // indirect golang.org/x/sys v0.16.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/protobuf v1.32.0 // indirect diff --git a/go.sum b/go.sum index 214626a..c17d8a8 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/coreos/go-oidc/v3 v3.8.0 h1:s3e30r6VEl3/M7DTSCEuImmrfu1/1WBgA0cXkdzkrAY= -github.com/coreos/go-oidc/v3 v3.8.0/go.mod h1:yQzSCqBnK3e6Fs5l+f5i0F8Kwf0zpH9bPEsbY00KanM= +github.com/coreos/go-oidc/v3 v3.9.0 h1:0J/ogVOd4y8P0f0xUh8l9t07xRP/d8tccvjHl2dcsSo= +github.com/coreos/go-oidc/v3 v3.9.0/go.mod h1:rTKz2PYwftcrtoCzV5g5kvfJoWcm0Mk8AF8y1iAQro4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -74,8 +74,8 @@ github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNB github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/metal-stack/metal-lib v0.14.3 h1:oHtOnGsQC/ySLXzj14mfy7/8bwmCPfD5SD6U4yh8BHU= -github.com/metal-stack/metal-lib v0.14.3/go.mod h1:2wKxFXSCpA1Dr+Rq0ddpQCPKPGMWJp4cpIaVTM4lDi0= +github.com/metal-stack/metal-lib v0.14.4 h1:vm2868vcua6khoyWL7d0to8Hq5RayrjMse0FZTyWEec= +github.com/metal-stack/metal-lib v0.14.4/go.mod h1:Z3PAh8dkyWC4B19fXsu6EYwXXee0Lk9JZbjoHPLbDbc= github.com/metal-stack/security v0.7.1 h1:bwiPhT/gArl9IRJlhpDZzAs5Us6rmIt9bcuQXcLKO5k= github.com/metal-stack/security v0.7.1/go.mod h1:v+JrV2tIvoKESY0puONL3rAocfLkol1pqm2osm9PLcw= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= @@ -94,12 +94,14 @@ github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys= github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.1 h1:4VhoImhV/Bm0ToFkXFi8hXNXwpDRZ/ynw3amt82mzq0= +github.com/stretchr/objx v0.5.1/go.mod h1:/iHQpkQwBD6DLUmQ4pE+s1TXdob1mORJ4/UFdrifcy0= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= @@ -135,8 +137,8 @@ golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ= golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= -golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=