-
Notifications
You must be signed in to change notification settings - Fork 7
/
api.go
68 lines (61 loc) · 2.42 KB
/
api.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
package v1alpha1
import (
"github.com/edgefarm/vault-plugin-secrets-nats/pkg/claims/common"
)
// Specifies claims of the JWT
// +kubebuilder:object:generate=true
type UserClaims struct {
// Common data for all JWTs
common.ClaimsData `json:",inline"`
// Specifies the user specific part of the JWT
// +kubebuilder:validation:Optional
User `json:"user,omitempty"`
}
// User holds user specific claims data
type User struct {
// The account that issued this user JWT
// +kubebuilder:validation:Optional
IssuerAccount string `json:"issuerAccount,omitempty"`
UserPermissionLimits `json:",inline"`
common.GenericFields `json:",inline"`
}
// UserPermissionLimits Specifies the permissions and limits for this user
type UserPermissionLimits struct {
common.Permissions `json:",inline"`
Limits `json:",inline"`
// Specifies if this user is allowed to use a bearer token to connect
// +kubebuilder:validation:Optional
BearerToken bool `json:"bearerToken,omitempty"`
// Specifies the allowed connection types for this user
// Allowed values are STANDARD, WEBSOCKET, LEAFNODE, LEAFNODE_WS, MQTT, MQTT_WS
// +kubebuilder:validation:Enum=STANDARD;WEBSOCKET;LEAFNODE;LEAFNODE_WS;MQTT;MQTT_WS
// +kubebuilder:validation:Optional
AllowedConnectionTypes []string `json:"allowedConnectionTypes,omitempty"`
}
// Limits Specifies the limits for this user
type Limits struct {
UserLimits `json:",inline"`
common.NatsLimits `json:",inline"`
}
// UserLimits Specifies the limits for this user
type UserLimits struct {
// A list of CIDR specifications the user is allowed to connect from
// Example: 192.168.1.0/24, 192.168.1.1/1 or 2001:db8:a0b:12f0::1/32
// +kubebuilder:validation:Optional
Src []string `json:"src,omitempty"`
// Represents allowed time ranges the user is allowed to interact with the system
Times []TimeRange `json:"times,omitempty"`
// The locale for the times in the format "Europe/Berlin"
// +kubebuilder:validation:Optional
Locale string `json:"timesLocation,omitempty"`
}
type TimeRange struct {
// The start time in the format HH:MM:SS
// +kubebuilder:validation:Pattern="^(((([0-1][0-9])|(2[0-3])):?[0-5][0-9]:?[0-5][0-9]+$))"
// +kubebuilder:validation:Optional
Start string `json:"start,omitempty"`
// The end time in the format HH:MM:SS
// +kubebuilder:validation:Pattern="^(((([0-1][0-9])|(2[0-3])):?[0-5][0-9]:?[0-5][0-9]+$))"
// +kubebuilder:validation:Optional
End string `json:"end,omitempty"`
}