feat: Role, ClusterRole, RoleBinding, ClusterRoleBinding L2s (#432)

.projenrc.js → .projenrc.ts

@@ -1,9 +1,10 @@
-const path = require('path');
-const { cdk, javascript, JsonFile } = require('projen');
-const { JobPermission } = require('projen/lib/github/workflows-model');
+import * as path from 'path';
+import { cdk, github, javascript, JsonFile } from 'projen';
+import { JobPermission } from 'projen/lib/github/workflows-model';
+import { generateApiResources } from './projenrc/gen-api-resource';
 
 // the latest version of k8s we support
-const LATEST_SUPPORTED_K8S_VERSION = '22';
+const LATEST_SUPPORTED_K8S_VERSION = 22;
 
 // the version of k8s this branch supports
 const SPEC_VERSION = '20';
@@ -12,10 +13,11 @@ const K8S_VERSION = `1.${SPEC_VERSION}.0`;
 const project = new cdk.JsiiProject({
   name: `cdk8s-plus-${SPEC_VERSION}`,
   description: `cdk8s+ is a software development framework that provides high level abstractions for authoring Kubernetes applications. cdk8s-plus-${SPEC_VERSION} synthesizes Kubernetes manifests for Kubernetes ${K8S_VERSION}`,
+  projenrcTs: true,
 
   repositoryUrl: 'https://github.com/cdk8s-team/cdk8s-plus.git',
-  authorName: 'Amazon Web Services',
-  authorUrl: 'https://aws.amazon.com',
+  author: 'Amazon Web Services',
+  authorAddress: 'https://aws.amazon.com',
   keywords: [
     'cdk',
     'kubernetes',
@@ -26,7 +28,7 @@ const project = new cdk.JsiiProject({
     'microservices',
   ],
 
-  projenUpgradeSecret: 'PROJEN_GITHUB_TOKEN',
+  projenCredentials: github.GithubCredentials.fromPersonalAccessToken(),
   prerelease: 'beta',
 
   peerDeps: [
@@ -45,6 +47,7 @@ const project = new cdk.JsiiProject({
     'cdk8s',
     'cdk8s-cli',
     'constructs',
+    'snake-case',
   ],
 
   majorVersion: 1,
@@ -103,7 +106,7 @@ const importTask = project.addTask('import', {
 });
 project.compileTask.prependSpawn(importTask);
 
-const docgenTask = project.tasks.tryFind('docgen');
+const docgenTask = project.tasks.tryFind('docgen')!;
 docgenTask.reset();
 for (const lang of ['typescript', 'python', 'java']) {
   const genTask = project.addTask(`docgen:${lang}`);
@@ -125,10 +128,10 @@ for (const spec of [LATEST_SUPPORTED_K8S_VERSION, LATEST_SUPPORTED_K8S_VERSION -
   t.exec(`npx backport --accesstoken \${GITHUB_TOKEN} --pr \${BACKPORT_PR_NUMBER} --branch k8s-${spec}/main`);
 }
 
-const backportWorkflow = project.github.addWorkflow('backport');
+const backportWorkflow = project.github!.addWorkflow('backport');
 backportWorkflow.on({ pullRequestTarget: { types: ['closed'] } });
 backportWorkflow.addJob('backport', {
-  runsOn: 'ubuntu-18.04',
+  runsOn: ['ubuntu-18.04'],
   permissions: {
     contents: JobPermission.WRITE,
   },
@@ -169,11 +172,17 @@ const backportConfig = {
   publishStatusCommentOnFailure: true,
   publishStatusCommentOnSuccess: true,
   publishStatusCommentOnAbort: true,
-  targetPRLabels: [project.autoApprove.label],
+  targetPRLabels: [project.autoApprove!.label],
 };
 
 new JsonFile(project, '.backportrc.json', {
   obj: backportConfig,
 });
 
+project.addTask('regenerate-api-information', {
+  description: 'Regenerate the information about the kubernetes API needed for auto-generating source code files. Requires access to a kubernetes cluster.',
+  exec: 'kubectl api-resources -o wide > api-resources.txt',
+});
+generateApiResources(project, 'api-resources.txt', 'src/api-resource.generated.ts');
+
 project.synth();

api-resources.txt

@@ -0,0 +1,57 @@
+NAME                              SHORTNAMES   APIVERSION                             NAMESPACED   KIND                             VERBS
+bindings                                       v1                                     true         Binding                          [create]
+componentstatuses                 cs           v1                                     false        ComponentStatus                  [get list]
+configmaps                        cm           v1                                     true         ConfigMap                        [create delete deletecollection get list patch update watch]
+endpoints                         ep           v1                                     true         Endpoints                        [create delete deletecollection get list patch update watch]
+events                            ev           v1                                     true         Event                            [create delete deletecollection get list patch update watch]
+limitranges                       limits       v1                                     true         LimitRange                       [create delete deletecollection get list patch update watch]
+namespaces                        ns           v1                                     false        Namespace                        [create delete get list patch update watch]
+nodes                             no           v1                                     false        Node                             [create delete deletecollection get list patch update watch]
+persistentvolumeclaims            pvc          v1                                     true         PersistentVolumeClaim            [create delete deletecollection get list patch update watch]
+persistentvolumes                 pv           v1                                     false        PersistentVolume                 [create delete deletecollection get list patch update watch]
+pods                              po           v1                                     true         Pod                              [create delete deletecollection get list patch update watch]
+podtemplates                                   v1                                     true         PodTemplate                      [create delete deletecollection get list patch update watch]
+replicationcontrollers            rc           v1                                     true         ReplicationController            [create delete deletecollection get list patch update watch]
+resourcequotas                    quota        v1                                     true         ResourceQuota                    [create delete deletecollection get list patch update watch]
+secrets                                        v1                                     true         Secret                           [create delete deletecollection get list patch update watch]
+serviceaccounts                   sa           v1                                     true         ServiceAccount                   [create delete deletecollection get list patch update watch]
+services                          svc          v1                                     true         Service                          [create delete deletecollection get list patch update watch]
+mutatingwebhookconfigurations                  admissionregistration.k8s.io/v1        false        MutatingWebhookConfiguration     [create delete deletecollection get list patch update watch]
+validatingwebhookconfigurations                admissionregistration.k8s.io/v1        false        ValidatingWebhookConfiguration   [create delete deletecollection get list patch update watch]
+customresourcedefinitions         crd,crds     apiextensions.k8s.io/v1                false        CustomResourceDefinition         [create delete deletecollection get list patch update watch]
+apiservices                                    apiregistration.k8s.io/v1              false        APIService                       [create delete deletecollection get list patch update watch]
+controllerrevisions                            apps/v1                                true         ControllerRevision               [create delete deletecollection get list patch update watch]
+daemonsets                        ds           apps/v1                                true         DaemonSet                        [create delete deletecollection get list patch update watch]
+deployments                       deploy       apps/v1                                true         Deployment                       [create delete deletecollection get list patch update watch]
+replicasets                       rs           apps/v1                                true         ReplicaSet                       [create delete deletecollection get list patch update watch]
+statefulsets                      sts          apps/v1                                true         StatefulSet                      [create delete deletecollection get list patch update watch]
+tokenreviews                                   authentication.k8s.io/v1               false        TokenReview                      [create]
+localsubjectaccessreviews                      authorization.k8s.io/v1                true         LocalSubjectAccessReview         [create]
+selfsubjectaccessreviews                       authorization.k8s.io/v1                false        SelfSubjectAccessReview          [create]
+selfsubjectrulesreviews                        authorization.k8s.io/v1                false        SelfSubjectRulesReview           [create]
+subjectaccessreviews                           authorization.k8s.io/v1                false        SubjectAccessReview              [create]
+horizontalpodautoscalers          hpa          autoscaling/v2                         true         HorizontalPodAutoscaler          [create delete deletecollection get list patch update watch]
+cronjobs                          cj           batch/v1                               true         CronJob                          [create delete deletecollection get list patch update watch]
+jobs                                           batch/v1                               true         Job                              [create delete deletecollection get list patch update watch]
+certificatesigningrequests        csr          certificates.k8s.io/v1                 false        CertificateSigningRequest        [create delete deletecollection get list patch update watch]
+leases                                         coordination.k8s.io/v1                 true         Lease                            [create delete deletecollection get list patch update watch]
+endpointslices                                 discovery.k8s.io/v1                    true         EndpointSlice                    [create delete deletecollection get list patch update watch]
+events                            ev           events.k8s.io/v1                       true         Event                            [create delete deletecollection get list patch update watch]
+flowschemas                                    flowcontrol.apiserver.k8s.io/v1beta2   false        FlowSchema                       [create delete deletecollection get list patch update watch]
+prioritylevelconfigurations                    flowcontrol.apiserver.k8s.io/v1beta2   false        PriorityLevelConfiguration       [create delete deletecollection get list patch update watch]
+ingressclasses                                 networking.k8s.io/v1                   false        IngressClass                     [create delete deletecollection get list patch update watch]
+ingresses                         ing          networking.k8s.io/v1                   true         Ingress                          [create delete deletecollection get list patch update watch]
+networkpolicies                   netpol       networking.k8s.io/v1                   true         NetworkPolicy                    [create delete deletecollection get list patch update watch]
+runtimeclasses                                 node.k8s.io/v1                         false        RuntimeClass                     [create delete deletecollection get list patch update watch]
+poddisruptionbudgets              pdb          policy/v1                              true         PodDisruptionBudget              [create delete deletecollection get list patch update watch]
+podsecuritypolicies               psp          policy/v1beta1                         false        PodSecurityPolicy                [create delete deletecollection get list patch update watch]
+clusterrolebindings                            rbac.authorization.k8s.io/v1           false        ClusterRoleBinding               [create delete deletecollection get list patch update watch]
+clusterroles                                   rbac.authorization.k8s.io/v1           false        ClusterRole                      [create delete deletecollection get list patch update watch]
+rolebindings                                   rbac.authorization.k8s.io/v1           true         RoleBinding                      [create delete deletecollection get list patch update watch]
+roles                                          rbac.authorization.k8s.io/v1           true         Role                             [create delete deletecollection get list patch update watch]
+priorityclasses                   pc           scheduling.k8s.io/v1                   false        PriorityClass                    [create delete deletecollection get list patch update watch]
+csidrivers                                     storage.k8s.io/v1                      false        CSIDriver                        [create delete deletecollection get list patch update watch]
+csinodes                                       storage.k8s.io/v1                      false        CSINode                          [create delete deletecollection get list patch update watch]
+csistoragecapacities                           storage.k8s.io/v1beta1                 true         CSIStorageCapacity               [create delete deletecollection get list patch update watch]
+storageclasses                    sc           storage.k8s.io/v1                      false        StorageClass                     [create delete deletecollection get list patch update watch]
+volumeattachments                              storage.k8s.io/v1                      false        VolumeAttachment                 [create delete deletecollection get list patch update watch]