Documentation ¶
Index ¶
Constants ¶
const ( RPDevARMSecretName = "dev-arm" RPFirstPartySecretName = "rp-firstparty" RPServerSecretName = "rp-server" ClusterLoggingSecretName = "cluster-mdsd" EncryptionSecretName = "encryption-key" EncryptionSecretV2Name = "encryption-key-v2" FrontendEncryptionSecretName = "fe-encryption-key" FrontendEncryptionSecretV2Name = "fe-encryption-key-v2" DBTokenServerSecretName = "dbtoken-server" PortalServerSecretName = "portal-server" PortalServerClientSecretName = "portal-client" PortalServerSessionKeySecretName = "portal-session-key" PortalServerSSHKeySecretName = "portal-sshkey" ClusterKeyvaultSuffix = "-cls" DBTokenKeyvaultSuffix = "-dbt" GatewayKeyvaultSuffix = "-gwy" PortalKeyvaultSuffix = "-por" ServiceKeyvaultSuffix = "-svc" RPPrivateEndpointPrefix = "rp-pe-" ProxyHostName = "PROXY_HOSTNAME" )
const (
KeyvaultPrefix = "KEYVAULT_PREFIX"
)
Variables ¶
This section is empty.
Functions ¶
func IsLocalDevelopmentMode ¶
func IsLocalDevelopmentMode() bool
func ValidateVars ¶
ValidateVars iterates over all the elements of vars and if it does not exist an environment variable with that name, it will return an error. Otherwise it returns nil.
Types ¶
type CertificateRefresher ¶
type CertificateRefresher interface { Start(context.Context) error GetCertificates() (*rsa.PrivateKey, []*x509.Certificate) }
type Core ¶
type Core interface { IsLocalDevelopmentMode() bool IsCI() bool NewMSITokenCredential() (azcore.TokenCredential, error) NewMSIAuthorizer(...string) (autorest.Authorizer, error) NewLiveConfigManager(context.Context) (liveconfig.Manager, error) instancemetadata.InstanceMetadata Component() string Logger() *logrus.Entry }
Core collects basic configuration information which is expected to be available on any PROD service VMSS (i.e. instance metadata, MSI authorizer, etc.)
func NewCoreForCI ¶
NewCoreForCI returns an env.Core which respects RP_MODE but always uses AZURE_* environment variables instead of IMDS. This is used for entrypoints which may run on CI VMs. CI VMs don't currently have MSI and hence cannot resolve their tenant ID, and also may access resources in a different tenant (e.g. AME).
type Feature ¶
type Feature int
const ( FeatureDisableDenyAssignments Feature = iota FeatureDisableSignedCertificates FeatureEnableDevelopmentAuthorizer FeatureRequireD2sV3Workers FeatureDisableReadinessDelay FeatureEnableOCMEndpoints )
At least to start with, features are intended to be used so that the production default is not set (in production RP_FEATURES is unset).
func FeatureString ¶
FeatureString retrieves an enum value from the enum constants string name. Throws an error if the param is not part of the enum.
func (Feature) IsAFeature ¶
IsAFeature returns "true" if the value is listed in the enum definition. "false" otherwise
type Interface ¶
type Interface interface { Core proxy.Dialer ARMHelper InitializeAuthorizers() error ArmClientAuthorizer() clientauthorizer.ClientAuthorizer AdminClientAuthorizer() clientauthorizer.ClientAuthorizer ClusterGenevaLoggingAccount() string ClusterGenevaLoggingConfigVersion() string ClusterGenevaLoggingEnvironment() string ClusterGenevaLoggingNamespace() string ClusterGenevaLoggingSecret() (*rsa.PrivateKey, *x509.Certificate) ClusterKeyvault() keyvault.Manager Domain() string FeatureIsSet(Feature) bool FPAuthorizer(string, ...string) (autorest.Authorizer, error) FPNewClientCertificateCredential(string) (*azidentity.ClientCertificateCredential, error) FPClientID() string Listen() (net.Listener, error) GatewayDomains() []string GatewayResourceGroup() string ServiceKeyvault() keyvault.Manager ACRResourceID() string ACRDomain() string AROOperatorImage() string LiveConfig() liveconfig.Manager // VMSku returns SKU for a given vm size. Note that this // returns a pointer to partly populated object. VMSku(vmSize string) (*mgmtcompute.ResourceSku, error) }
Interface is clunky and somewhat legacy and only used in the RP codebase (not monitor/portal/gateway, etc.). It is a grab-bag of items which modify RP behaviour depending on where it is running (dev, prod, etc.) Outside of the RP codebase, use Core. Ideally we might break Interface into smaller pieces, either closer to their point of use, or maybe using dependency injection. Try to remove methods, not add more. A refactored approach to configuration is generally necessary across all of the ARO services; dealing with Interface should be part of that.
type MSIContext ¶
type MSIContext string
const ( MSIContextRP MSIContext = "RP" MSIContextGateway MSIContext = "GATEWAY" )
type ServiceComponent ¶
type ServiceComponent string
const ( COMPONENT_RP ServiceComponent = "RP" COMPONENT_GATEWAY ServiceComponent = "GATEWAY" COMPONENT_MONITOR ServiceComponent = "MONITOR" COMPONENT_DBTOKEN ServiceComponent = "DBTOKEN" COMPONENT_OPERATOR ServiceComponent = "OPERATOR" COMPONENT_MIRROR ServiceComponent = "MIRROR" COMPONENT_PORTAL ServiceComponent = "PORTAL" COMPONENT_UPDATE_OCP_VERSIONS ServiceComponent = "UPDATE_OCP_VERSIONS" COMPONENT_DEPLOY ServiceComponent = "DEPLOY" COMPONENT_TOOLING ServiceComponent = "TOOLING" )