feat: add cloud provider resources and role

Add the new resources for the cloud provider feature: `CloudConfigs`, `MachineRequests` and `MachineRequestStatuses`. Add a new role, `CloudProvider` with access to the resources a cloud provider plugin requires. Introduce the concept of "cloud provider service accounts" which are a special type of service accounts in the format `cloud-provider:<id>`. They must have the `CloudProvider` role and their id is matched against the label `omni.sidero.dev/cloud-provider-id` label on the `MachineRequest*` type resources. Signed-off-by: Utku Ozdemir <[email protected]>
DmitriyMV · Jul 28, 2024 · 4ec7a43 · 4ec7a43
1 parent 944923c
commit 4ec7a43
Show file tree

Hide file tree

Showing 38 changed files with 2,687 additions and 529 deletions.
diff --git a/.kres.yaml b/.kres.yaml
@@ -339,6 +339,9 @@ spec:
     - source: client/api/omni/specs/auth.proto
       subdirectory: omni/specs
       genGateway: true
+    - source: client/api/omni/specs/cloud/cloud.proto
+      subdirectory: omni/specs/cloud
+      genGateway: true
     - source: client/api/omni/specs/virtual.proto
       subdirectory: omni/specs
       genGateway: true
@@ -428,6 +431,9 @@ spec:
     - source: client/api/omni/specs/auth.proto
       subdirectory: omni/specs
       genGateway: true
+    - source: client/api/omni/specs/cloud/cloud.proto
+      subdirectory: omni/specs/cloud
+      genGateway: true
     - source: client/api/omni/specs/virtual.proto
       subdirectory: omni/specs
       genGateway: true

diff --git a/Dockerfile b/Dockerfile
@@ -38,6 +38,7 @@ ADD client/api/omni/resources/resources.proto /client/api/omni/resources/
 ADD client/api/omni/management/management.proto /client/api/omni/management/
 ADD client/api/omni/oidc/oidc.proto /client/api/omni/oidc/
 ADD client/api/omni/specs/auth.proto /client/api/omni/specs/
+ADD client/api/omni/specs/cloud/cloud.proto /client/api/omni/specs/cloud/
 ADD client/api/omni/specs/virtual.proto /client/api/omni/specs/
 ADD client/api/omni/specs/ephemeral.proto /client/api/omni/specs/
 ADD client/api/omni/specs/oidc.proto /client/api/omni/specs/
@@ -60,6 +61,7 @@ ADD client/api/omni/specs/omni.proto /frontend/src/api/omni/specs/
 ADD client/api/omni/specs/siderolink.proto /frontend/src/api/omni/specs/
 ADD client/api/omni/specs/system.proto /frontend/src/api/omni/specs/
 ADD client/api/omni/specs/auth.proto /frontend/src/api/omni/specs/
+ADD client/api/omni/specs/cloud/cloud.proto /frontend/src/api/omni/specs/cloud/
 ADD client/api/omni/specs/virtual.proto /frontend/src/api/omni/specs/
 ADD client/api/omni/specs/ephemeral.proto /frontend/src/api/omni/specs/
 ADD https://raw.githubusercontent.com/googleapis/googleapis/master/google/rpc/status.proto /frontend/src/api/google/rpc/
@@ -154,6 +156,7 @@ RUN protoc -I/frontend/src/api --grpc-gateway-ts_out=source_relative:/frontend/s
 RUN protoc -I/frontend/src/api --grpc-gateway-ts_out=source_relative:/frontend/src/api --grpc-gateway-ts_opt=use_proto_names=true /frontend/src/api/omni/specs/siderolink.proto
 RUN protoc -I/frontend/src/api --grpc-gateway-ts_out=source_relative:/frontend/src/api --grpc-gateway-ts_opt=use_proto_names=true /frontend/src/api/omni/specs/system.proto
 RUN protoc -I/frontend/src/api --grpc-gateway-ts_out=source_relative:/frontend/src/api --grpc-gateway-ts_opt=use_proto_names=true /frontend/src/api/omni/specs/auth.proto
+RUN protoc -I/frontend/src/api --grpc-gateway-ts_out=source_relative:/frontend/src/api --grpc-gateway-ts_opt=use_proto_names=true /frontend/src/api/omni/specs/cloud/cloud.proto
 RUN protoc -I/frontend/src/api --grpc-gateway-ts_out=source_relative:/frontend/src/api --grpc-gateway-ts_opt=use_proto_names=true /frontend/src/api/omni/specs/virtual.proto
 RUN protoc -I/frontend/src/api --grpc-gateway-ts_out=source_relative:/frontend/src/api --grpc-gateway-ts_opt=use_proto_names=true /frontend/src/api/omni/specs/ephemeral.proto
 RUN protoc -I/frontend/src/api --grpc-gateway-ts_out=source_relative:/frontend/src/api --grpc-gateway-ts_opt=use_proto_names=true /frontend/src/api/google/rpc/status.proto
@@ -173,6 +176,7 @@ RUN rm /frontend/src/api/omni/specs/omni.proto
 RUN rm /frontend/src/api/omni/specs/siderolink.proto
 RUN rm /frontend/src/api/omni/specs/system.proto
 RUN rm /frontend/src/api/omni/specs/auth.proto
+RUN rm /frontend/src/api/omni/specs/cloud/cloud.proto
 RUN rm /frontend/src/api/omni/specs/virtual.proto
 RUN rm /frontend/src/api/omni/specs/ephemeral.proto
 
@@ -193,13 +197,14 @@ RUN mkdir -p internal/version/data && \
 FROM tools AS proto-compile
 COPY --from=proto-specs / /
 RUN protoc -I/client/api --go_out=paths=source_relative:/client/api --go-grpc_out=paths=source_relative:/client/api --go-vtproto_out=paths=source_relative:/client/api --go-vtproto_opt=features=marshal+unmarshal+size+equal+clone /client/api/common/omni.proto
-RUN protoc -I/client/api --grpc-gateway_out=paths=source_relative:/client/api --grpc-gateway_opt=generate_unbound_methods=true --go_out=paths=source_relative:/client/api --go-grpc_out=paths=source_relative:/client/api --go-vtproto_out=paths=source_relative:/client/api --go-vtproto_opt=features=marshal+unmarshal+size+equal+clone /client/api/omni/resources/resources.proto /client/api/omni/management/management.proto /client/api/omni/oidc/oidc.proto /client/api/omni/specs/auth.proto /client/api/omni/specs/virtual.proto /client/api/omni/specs/ephemeral.proto /client/api/omni/specs/oidc.proto /client/api/omni/specs/omni.proto /client/api/omni/specs/siderolink.proto /client/api/omni/specs/system.proto
+RUN protoc -I/client/api --grpc-gateway_out=paths=source_relative:/client/api --grpc-gateway_opt=generate_unbound_methods=true --go_out=paths=source_relative:/client/api --go-grpc_out=paths=source_relative:/client/api --go-vtproto_out=paths=source_relative:/client/api --go-vtproto_opt=features=marshal+unmarshal+size+equal+clone /client/api/omni/resources/resources.proto /client/api/omni/management/management.proto /client/api/omni/oidc/oidc.proto /client/api/omni/specs/auth.proto /client/api/omni/specs/cloud/cloud.proto /client/api/omni/specs/virtual.proto /client/api/omni/specs/ephemeral.proto /client/api/omni/specs/oidc.proto /client/api/omni/specs/omni.proto /client/api/omni/specs/siderolink.proto /client/api/omni/specs/system.proto
 RUN protoc -I/client/api --grpc-gateway_out=paths=source_relative:/client/api --grpc-gateway_opt=generate_unbound_methods=true --grpc-gateway_opt=standalone=true /client/api/google/rpc/status.proto /client/api/common/common.proto /client/api/talos/machine/machine.proto /client/api/v1alpha1/resource.proto
 RUN rm /client/api/common/omni.proto
 RUN rm /client/api/omni/resources/resources.proto
 RUN rm /client/api/omni/management/management.proto
 RUN rm /client/api/omni/oidc/oidc.proto
 RUN rm /client/api/omni/specs/auth.proto
+RUN rm /client/api/omni/specs/cloud/cloud.proto
 RUN rm /client/api/omni/specs/virtual.proto
 RUN rm /client/api/omni/specs/ephemeral.proto
 RUN rm /client/api/omni/specs/oidc.proto