Rename PolicyBinding API form v1alpha1 to v1beta1 (#2119)

* Rename PolicyBinding API form  `v1alpha1` to `v1beta1`

Signed-off-by: pjuarezd <[email protected]>

* Update pkg/apis/sts.min.io/v1beta1/doc.go
* Update pkg/apis/sts.min.io/v1beta1/register.go
* Update pkg/apis/sts.min.io/v1beta1/types.go

Co-authored-by: Shubhendu <[email protected]>

---------

Signed-off-by: pjuarezd <[email protected]>
Co-authored-by: Shubhendu <[email protected]>

Makefile

@@ -66,16 +66,16 @@ clean:
 	@rm -rf dist/
 
 regen-crd:
-	@go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0
-	@${GOPATH}/bin/controller-gen crd:maxDescLen=0,generateEmbeddedObjectMeta=true paths="./..." output:crd:artifacts:config=$(KUSTOMIZE_CRDS)
+	@go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.15.0
+	@${GOPATH}/bin/controller-gen crd:maxDescLen=0,generateEmbeddedObjectMeta=true webhook paths="./..." output:crd:artifacts:config=$(KUSTOMIZE_CRDS)
 	@sed 's#namespace: minio-operator#namespace: {{ .Release.Namespace }}#g' resources/base/crds/minio.min.io_tenants.yaml > $(HELM_TEMPLATES)/minio.min.io_tenants.yaml
 	@sed 's#namespace: minio-operator#namespace: {{ .Release.Namespace }}#g' resources/base/crds/sts.min.io_policybindings.yaml > $(HELM_TEMPLATES)/sts.min.io_policybindings.yaml
 	@sed 's#namespace: minio-operator#namespace: {{ .Release.Namespace }}#g' resources/base/crds/job.min.io_miniojobs.yaml > $(HELM_TEMPLATES)/job.min.io_jobs.yaml
 
 regen-crd-docs:
 	@echo "Installing crd-ref-docs" && GO111MODULE=on go install -v github.com/elastic/crd-ref-docs@latest
 	@${GOPATH}/bin/crd-ref-docs --source-path=./pkg/apis/minio.min.io/v2  --config=docs/templates/config.yaml --renderer=asciidoctor --output-path=docs/tenant_crd.adoc --templates-dir=docs/templates/asciidoctor/
-	@${GOPATH}/bin/crd-ref-docs --source-path=./pkg/apis/sts.min.io/v1alpha1  --config=docs/templates/config.yaml --renderer=asciidoctor --output-path=docs/policybinding_crd.adoc --templates-dir=docs/templates/asciidoctor/
+	@${GOPATH}/bin/crd-ref-docs --source-path=./pkg/apis/sts.min.io/v1beta1  --config=docs/templates/config.yaml --renderer=asciidoctor --output-path=docs/policybinding_crd.adoc --templates-dir=docs/templates/asciidoctor/
 	@${GOPATH}/bin/crd-ref-docs --source-path=./pkg/apis/job.min.io/v1alpha1  --config=docs/templates/config.yaml --renderer=asciidoctor --output-path=docs/job_crd.adoc --templates-dir=docs/templates/asciidoctor/
 
 generate-code:

docs/STS.md

@@ -2,7 +2,7 @@
 
 **Native IAM Authentication for Kubernetes.**
 
-> ⚠️ This feature is an alpha release and is subject to breaking changes in future releases.
+> ⚠️ This feature is an Beta release starting Operator v6.x, was released in Beta on Operator v5.x
 
 MinIO Operator offers support
 for [Secure Tokens](https://min.io/docs/minio/linux/developers/security-token-service.html?ref=op-gh) (a.k.a. STS) which

docs/policybinding_crd.adoc

@@ -9,9 +9,9 @@
 
 
 [id="{anchor_prefix}-sts-min-io-v1alpha1"]
-=== sts.min.io/v1alpha1
+=== sts.min.io/v1beta1
 
-Package v1alpha1 - The following parameters are specific to the `sts.min.io/v1alpha1` MinIO Policy Binding CRD API
+Package v1beta1 - The following parameters are specific to the `sts.min.io/v1beta1` MinIO Policy Binding CRD API
 PolicyBinding is an Authorization mechanism managed by the Minio Operator.
 Using Kubernetes ServiceAccount JSON Web Tokens the binding allow a ServiceAccount to assume temporary IAM credentials.
 For more complete documentation on this object, see the https://docs.min.io/minio/k8s/reference/minio-operator-reference.html#minio-operator-yaml-reference[MinIO Kubernetes Documentation].

examples/kustomization/sts-example/README.md

@@ -2,7 +2,7 @@
 
 Each example in this folder contains an example using a different SDK on how to adopt Operator's STS.
 
-> ⚠️ This feature is an alpha release and is subject to breaking changes in future releases.
+> ⚠️ This feature is an Beta release now starting Operator v6.x, Operator v5.x released STS as v1alpha1.
 
 # Requirements
 
@@ -58,7 +58,7 @@ namespace `minio-tenant-1` by installing a `PolicyBinding` on the `minio-tenant-
 Example policy binding (see CRD documentation in [policybinding_crd.adoc](../../../docs/policybinding_crd.adoc) )
 
 ```yaml
-apiVersion: sts.min.io/v1alpha1
+apiVersion: sts.min.io/v1beta1
 kind: PolicyBinding
 metadata:
   name: binding-1

examples/kustomization/sts-example/sample-data/mc-job-policy-binding.yaml

@@ -1,4 +1,4 @@
-apiVersion: sts.min.io/v1alpha1
+apiVersion: sts.min.io/v1beta1
 kind: PolicyBinding
 metadata:
   name: mc-job-binding

examples/kustomization/sts-example/sts-app/policy-binding.yaml

@@ -1,4 +1,4 @@
-apiVersion: sts.min.io/v1alpha1
+apiVersion: sts.min.io/v1beta1
 kind: PolicyBinding
 metadata:
   name: binding-1

helm/operator/templates/sts.min.io_policybindings.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
     operator.min.io/version: v5.0.15
   name: policybindings.sts.min.io
 spec:
@@ -71,6 +71,63 @@ spec:
             type: object
         type: object
     served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - jsonPath: .status.currentState
+      name: State
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            type: string
+          kind:
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              application:
+                properties:
+                  namespace:
+                    type: string
+                  serviceaccount:
+                    type: string
+                required:
+                - namespace
+                - serviceaccount
+                type: object
+              policies:
+                items:
+                  type: string
+                type: array
+            required:
+            - application
+            - policies
+            type: object
+          status:
+            properties:
+              currentState:
+                type: string
+              usage:
+                nullable: true
+                properties:
+                  authotizations:
+                    format: int64
+                    type: integer
+                type: object
+            required:
+            - currentState
+            - usage
+            type: object
+        type: object
+    served: true
     storage: true
     subresources:
       status: {}

k8s/update-codegen.sh

@@ -43,7 +43,7 @@ chmod +x ${CODEGEN_PKG}/generate-internal-groups.sh
 cd ${SCRIPT_ROOT}
 ${CODEGEN_PKG}/generate-groups.sh "all" \
               $ROOT_PKG/pkg/client $ROOT_PKG/pkg/apis \
-              "minio.min.io:v2 sts.min.io:v1alpha1 job.min.io:v1alpha1" \
+              "minio.min.io:v2 sts.min.io:v1alpha1,v1beta1 job.min.io:v1alpha1" \
               --output-base "${TEMP_DIR}" \
               --go-header-file "k8s/boilerplate.go.txt"
 

pkg/apis/sts.min.io/v1alpha1/types.go

@@ -26,7 +26,8 @@ import (
 // +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.currentState"
 // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
 // +kubebuilder:metadata:annotations=operator.min.io/version=v5.0.15
-// +kubebuilder:storageversion
+// +groupName=policybinding.sts.min.io
+// +versionName=v1alpha1
 
 // PolicyBinding is a https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/[Kubernetes object] describing a MinIO PolicyBinding.
 type PolicyBinding struct {

pkg/apis/sts.min.io/v1beta1/doc.go

@@ -0,0 +1,25 @@
+// Copyright (C) 2024, MinIO, Inc.
+//
+// This code is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License, version 3,
+// as published by the Free Software Foundation.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License, version 3,
+// along with this program.  If not, see <http://www.gnu.org/licenses/>
+
+// +k8s:deepcopy-gen=package,register
+// go:generate controller-gen crd:trivialVersions=true paths=. output:dir=.
+
+// Package v1beta1 - The following parameters are specific to the `sts.min.io/vv1beta1` MinIO Policy Binding CRD API
+// PolicyBinding is an Authorization mechanism managed by the Minio Operator.
+// Using Kubernetes ServiceAccount JSON Web Tokens the binding allow a ServiceAccount to assume temporary IAM credentials.
+// For more complete documentation on this object, see the https://docs.min.io/minio/k8s/reference/minio-operator-reference.html#minio-operator-yaml-reference[MinIO Kubernetes Documentation].
+// PolicyBinding is added as part of the MinIO Operator v5.0.0. +
+// +groupName=sts.min.io
+// +versionName=v1beta1
+package v1beta1

pkg/apis/sts.min.io/v1beta1/register.go

@@ -0,0 +1,57 @@
+// Copyright (C) 2024, MinIO, Inc.
+//
+// This code is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License, version 3,
+// as published by the Free Software Foundation.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License, version 3,
+// along with this program.  If not, see <http://www.gnu.org/licenses/>
+
+package v1beta1
+
+import (
+	operator "github.com/minio/operator/pkg/apis/sts.min.io"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+// Version specifies the API Version
+const Version = "v1beta1"
+
+// SchemeGroupVersion is group version used to register these objects
+var SchemeGroupVersion = schema.GroupVersion{Group: operator.GroupName, Version: Version}
+
+// Kind takes an unqualified kind and returns back a Group qualified GroupKind
+func Kind(kind string) schema.GroupKind {
+	return SchemeGroupVersion.WithKind(kind).GroupKind()
+}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
+
+var (
+	// SchemeBuilder collects the scheme builder functions for the MinIO
+	// Operator API.
+	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
+
+	// AddToScheme applies the SchemeBuilder functions to a specified scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)
+
+// Adds the list of known types to Scheme.
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(SchemeGroupVersion,
+		&PolicyBinding{},
+		&PolicyBindingList{},
+	)
+	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
+	return nil
+}

pkg/apis/sts.min.io/v1beta1/types.go

@@ -0,0 +1,91 @@
+// Copyright (C) 2024, MinIO, Inc.
+//
+// This code is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License, version 3,
+// as published by the Free Software Foundation.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License, version 3,
+// along with this program.  If not, see <http://www.gnu.org/licenses/>
+
+package v1beta1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +k8s:defaulter-gen=true
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:scope=Namespaced,shortName=policybinding,singular=policybinding
+// +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.currentState"
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:metadata:annotations=operator.min.io/version=v5.0.15
+// +kubebuilder:storageversion
+// +groupName=policybinding.sts.min.io
+// +versionName=v1beta1
+
+// PolicyBinding is a https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/[Kubernetes object] describing a MinIO PolicyBinding.
+type PolicyBinding struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// *Required* +
+	//
+	// The root field for the MinIO PolicyBinding object.
+	Spec PolicyBindingSpec `json:"spec,omitempty"`
+
+	// Status provides details of the state of the PolicyBinding
+	// +optional
+	Status PolicyBindingStatus `json:"status,omitempty"`
+}
+
+// PolicyBindingStatus is the status for a PolicyBinding resource
+type PolicyBindingStatus struct {
+	// *Required* +
+	CurrentState string `json:"currentState"`
+
+	// Keeps track of the invocations related to the PolicyBinding
+	// +nullable
+	Usage PolicyBindingUsage `json:"usage"`
+}
+
+// PolicyBindingUsage are metrics regarding the usage of the policyBinding
+type PolicyBindingUsage struct {
+	Authorizations int64 `json:"authotizations,omitempty"`
+}
+
+// PolicyBindingSpec (`spec`) defines the configuration of a MinIO PolicyBinding object. +
+type PolicyBindingSpec struct {
+	// *Required* +
+	//
+	// The Application Property identifies the namespace and service account that will be authorized
+	Application *Application `json:"application"`
+	// *Required* +
+	Policies []string `json:"policies"`
+}
+
+// Application defines the `Namespace` and `ServiceAccount` to authorize the usage of the policies listed
+type Application struct {
+	// *Required* +
+	Namespace string `json:"namespace"`
+	// *Required* +
+	ServiceAccount string `json:"serviceaccount"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
+
+// PolicyBindingList is a list of PolicyBinding resources
+type PolicyBindingList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []PolicyBinding `json:"items"`
+}