Skip to content

Commit 5c5f3d9

Browse files
weneghawiweneghawi
committed
fix: address felix review comments
1 parent b202cf6 commit 5c5f3d9

11 files changed

Lines changed: 157 additions & 124 deletions

File tree

api/core/v1alpha1/aaa_types.go

Lines changed: 10 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -98,11 +98,9 @@ type AAAServer struct {
9898
// +kubebuilder:validation:MaxLength=253
9999
Address string `json:"address"`
100100

101-
// Timeout is the response timeout in seconds for this server.
101+
// Timeout is the response timeout for this server.
102102
// +optional
103-
// +kubebuilder:validation:Minimum=1
104-
// +kubebuilder:validation:Maximum=60
105-
Timeout *int32 `json:"timeout,omitempty"`
103+
Timeout *metav1.Duration `json:"timeout,omitempty"`
106104

107105
// TACACS contains TACACS+ specific server configuration.
108106
// Required when the parent server group type is TACACS.
@@ -125,31 +123,31 @@ type AAAServerTACACS struct {
125123
// +kubebuilder:default=49
126124
Port int32 `json:"port,omitempty"`
127125

128-
// KeySecretRef is a reference to a secret containing the shared key for this TACACS+ server.
126+
// KeySecretRef is a reference to a secret containing the plain text shared key for this TACACS+ server.
129127
// The secret must contain a key specified in the SecretKeySelector.
130128
// +required
131129
KeySecretRef SecretKeySelector `json:"keySecretRef"`
132130
}
133131

134132
// AAAServerRADIUS contains RADIUS specific server configuration.
135133
type AAAServerRADIUS struct {
136-
// AuthPort is the UDP port for RADIUS authentication requests.
134+
// AuthenticationPort is the UDP port for RADIUS authentication requests.
137135
// Defaults to 1812 if not specified.
138136
// +optional
139137
// +kubebuilder:validation:Minimum=1
140138
// +kubebuilder:validation:Maximum=65535
141139
// +kubebuilder:default=1812
142-
AuthPort int32 `json:"authPort,omitempty"`
140+
AuthenticationPort int32 `json:"authenticationPort,omitempty"`
143141

144-
// AcctPort is the UDP port for RADIUS accounting requests.
142+
// AccountingPort is the UDP port for RADIUS accounting requests.
145143
// Defaults to 1813 if not specified.
146144
// +optional
147145
// +kubebuilder:validation:Minimum=1
148146
// +kubebuilder:validation:Maximum=65535
149147
// +kubebuilder:default=1813
150-
AcctPort int32 `json:"acctPort,omitempty"`
148+
AccountingPort int32 `json:"accountingPort,omitempty"`
151149

152-
// KeySecretRef is a reference to a secret containing the shared key for this RADIUS server.
150+
// KeySecretRef is a reference to a secret containing the plain text shared key for this RADIUS server.
153151
// The secret must contain a key specified in the SecretKeySelector.
154152
// +required
155153
KeySecretRef SecretKeySelector `json:"keySecretRef"`
@@ -193,7 +191,6 @@ type AAAAccounting struct {
193191
type AAAMethod struct {
194192
// Type is the type of AAA method.
195193
// +required
196-
// +kubebuilder:validation:Enum=Group;Local;None
197194
Type AAAMethodType `json:"type"`
198195

199196
// GroupName is the name of the server group when Type is Group.
@@ -228,14 +225,13 @@ type AAAStatus struct {
228225

229226
// +kubebuilder:object:root=true
230227
// +kubebuilder:subresource:status
231-
// +kubebuilder:resource:path=aaas
228+
// +kubebuilder:resource:path=aaa
232229
// +kubebuilder:resource:singular=aaa
233-
// +kubebuilder:resource:shortName=aaa
234230
// +kubebuilder:printcolumn:name="Device",type=string,JSONPath=`.spec.deviceRef.name`
235231
// +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status`
236232
// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
237233

238-
// AAA is the Schema for the aaas API
234+
// AAA is the Schema for the aaa API
239235
type AAA struct {
240236
metav1.TypeMeta `json:",inline"`
241237
metav1.ObjectMeta `json:"metadata,omitempty"`

api/core/v1alpha1/zz_generated.deepcopy.go

Lines changed: 22 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

config/crd/bases/networking.metal.ironcore.dev_aaas.yaml renamed to config/crd/bases/networking.metal.ironcore.dev_aaa.yaml

Lines changed: 85 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -4,15 +4,13 @@ kind: CustomResourceDefinition
44
metadata:
55
annotations:
66
controller-gen.kubebuilder.io/version: v0.20.1
7-
name: aaas.networking.metal.ironcore.dev
7+
name: aaa.networking.metal.ironcore.dev
88
spec:
99
group: networking.metal.ironcore.dev
1010
names:
1111
kind: AAA
1212
listKind: AAAList
13-
plural: aaas
14-
shortNames:
15-
- aaa
13+
plural: aaa
1614
singular: aaa
1715
scope: Namespaced
1816
versions:
@@ -29,7 +27,7 @@ spec:
2927
name: v1alpha1
3028
schema:
3129
openAPIV3Schema:
32-
description: AAA is the Schema for the aaas API
30+
description: AAA is the Schema for the aaa API
3331
properties:
3432
apiVersion:
3533
description: |-
@@ -54,9 +52,7 @@ spec:
5452
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
5553
properties:
5654
accounting:
57-
description: |-
58-
Accounting defines the AAA accounting method list.
59-
OpenConfig: /system/aaa/accounting
55+
description: Accounting defines the AAA accounting method list.
6056
properties:
6157
methods:
6258
description: |-
@@ -71,16 +67,11 @@ spec:
7167
maxLength: 63
7268
type: string
7369
type:
74-
allOf:
75-
- enum:
76-
- Group
77-
- Local
78-
- None
79-
- enum:
80-
- Group
81-
- Local
82-
- None
8370
description: Type is the type of AAA method.
71+
enum:
72+
- Group
73+
- Local
74+
- None
8475
type: string
8576
required:
8677
- type
@@ -96,9 +87,8 @@ spec:
9687
- methods
9788
type: object
9889
authentication:
99-
description: |-
100-
Authentication defines the AAA authentication method list.
101-
OpenConfig: /system/aaa/authentication
90+
description: Authentication defines the AAA authentication method
91+
list.
10292
properties:
10393
methods:
10494
description: |-
@@ -113,16 +103,11 @@ spec:
113103
maxLength: 63
114104
type: string
115105
type:
116-
allOf:
117-
- enum:
118-
- Group
119-
- Local
120-
- None
121-
- enum:
122-
- Group
123-
- Local
124-
- None
125106
description: Type is the type of AAA method.
107+
enum:
108+
- Group
109+
- Local
110+
- None
126111
type: string
127112
required:
128113
- type
@@ -138,9 +123,7 @@ spec:
138123
- methods
139124
type: object
140125
authorization:
141-
description: |-
142-
Authorization defines the AAA authorization method list.
143-
OpenConfig: /system/aaa/authorization
126+
description: Authorization defines the AAA authorization method list.
144127
properties:
145128
methods:
146129
description: |-
@@ -155,16 +138,11 @@ spec:
155138
maxLength: 63
156139
type: string
157140
type:
158-
allOf:
159-
- enum:
160-
- Group
161-
- Local
162-
- None
163-
- enum:
164-
- Group
165-
- Local
166-
- None
167141
description: Type is the type of AAA method.
142+
enum:
143+
- Group
144+
- Local
145+
- None
168146
type: string
169147
required:
170148
- type
@@ -233,39 +211,87 @@ spec:
233211
type: object
234212
x-kubernetes-map-type: atomic
235213
serverGroups:
236-
description: |-
237-
ServerGroups is the list of AAA server groups.
238-
OpenConfig: /system/aaa/server-groups/server-group
214+
description: ServerGroups is the list of AAA server groups.
239215
items:
240-
description: |-
241-
AAAServerGroup represents a named group of AAA servers.
242-
OpenConfig: /system/aaa/server-groups/server-group[name]
216+
description: AAAServerGroup represents a named group of AAA servers.
243217
properties:
244218
name:
245219
description: Name is the name of the server group.
246220
maxLength: 63
247221
minLength: 1
248222
type: string
249223
servers:
250-
description: |-
251-
Servers is the list of servers in this group.
252-
OpenConfig: /system/aaa/server-groups/server-group/servers/server
224+
description: Servers is the list of servers in this group.
253225
items:
254-
description: |-
255-
AAAServer represents a single AAA server within a group.
256-
OpenConfig: /system/aaa/server-groups/server-group/servers/server[address]
226+
description: AAAServer represents a single AAA server within
227+
a group.
257228
properties:
258229
address:
259230
description: Address is the IP address or hostname of
260231
the server.
261232
maxLength: 253
262233
minLength: 1
263234
type: string
235+
radius:
236+
description: |-
237+
RADIUS contains RADIUS specific server configuration.
238+
Required when the parent server group type is RADIUS.
239+
properties:
240+
accountingPort:
241+
default: 1813
242+
description: |-
243+
AccountingPort is the UDP port for RADIUS accounting requests.
244+
Defaults to 1813 if not specified.
245+
format: int32
246+
maximum: 65535
247+
minimum: 1
248+
type: integer
249+
authenticationPort:
250+
default: 1812
251+
description: |-
252+
AuthenticationPort is the UDP port for RADIUS authentication requests.
253+
Defaults to 1812 if not specified.
254+
format: int32
255+
maximum: 65535
256+
minimum: 1
257+
type: integer
258+
keySecretRef:
259+
description: |-
260+
KeySecretRef is a reference to a secret containing the shared key for this RADIUS server.
261+
The secret must contain a key specified in the SecretKeySelector.
262+
properties:
263+
key:
264+
description: |-
265+
Key is the of the entry in the secret resource's `data` or `stringData`
266+
field to be used.
267+
maxLength: 253
268+
minLength: 1
269+
type: string
270+
name:
271+
description: Name is unique within a namespace
272+
to reference a secret resource.
273+
maxLength: 253
274+
minLength: 1
275+
type: string
276+
namespace:
277+
description: |-
278+
Namespace defines the space within which the secret name must be unique.
279+
If omitted, the namespace of the object being reconciled will be used.
280+
maxLength: 63
281+
minLength: 1
282+
type: string
283+
required:
284+
- key
285+
- name
286+
type: object
287+
x-kubernetes-map-type: atomic
288+
required:
289+
- keySecretRef
290+
type: object
264291
tacacs:
265292
description: |-
266293
TACACS contains TACACS+ specific server configuration.
267294
Required when the parent server group type is TACACS.
268-
OpenConfig augmentation: /system/aaa/server-groups/server-group/servers/server/tacacs
269295
properties:
270296
keySecretRef:
271297
description: |-
@@ -310,12 +336,9 @@ spec:
310336
- keySecretRef
311337
type: object
312338
timeout:
313-
description: Timeout is the response timeout in seconds
314-
for this server.
315-
format: int32
316-
maximum: 60
317-
minimum: 1
318-
type: integer
339+
description: Timeout is the response timeout for this
340+
server.
341+
type: string
319342
required:
320343
- address
321344
type: object
@@ -349,6 +372,8 @@ spec:
349372
x-kubernetes-validations:
350373
- message: servers in a TACACS group must have tacacs config
351374
rule: self.type != 'TACACS' || self.servers.all(s, has(s.tacacs))
375+
- message: servers in a RADIUS group must have radius config
376+
rule: self.type != 'RADIUS' || self.servers.all(s, has(s.radius))
352377
maxItems: 8
353378
type: array
354379
x-kubernetes-list-map-keys:

0 commit comments

Comments
 (0)