partialpolicy

package
v1.125.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 12, 2024 License: Apache-2.0 Imports: 45 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Add

func Add(mgr manager.Manager, deps *kontroller.Deps) error

Add creates a new IAM Partial Policy Controller and adds it to the Manager with default RBAC. The Manager will set fields on the Controller and start it when the Manager is started.

func ComputePartialPolicyWithMergedBindings

func ComputePartialPolicyWithMergedBindings(partialPolicy *v1beta1.IAMPartialPolicy, livePolicy *v1beta1.IAMPolicy, resolver MemberIdentityResolver) (*v1beta1.IAMPartialPolicy, error)

The status.AllBindings in the returned IAMPartialPolicy reflects a mix of user specified bindings and the existing bindings associated with the GCP resource. The merge strategy takes effect on the member level with {role, condition} tuples as keys. The status.LastAppliedBindings in the returned IAMPartialPolicy reflects a list of canonical bindings that specified by users.

func ComputePartialPolicyWithRemainingBindings

func ComputePartialPolicyWithRemainingBindings(partialPolicy *v1beta1.IAMPartialPolicy, livePolicy *v1beta1.IAMPolicy) *v1beta1.IAMPartialPolicy

ComputePartialPolicyWithRemainingBindings returns the IAMPartialPolicy that results after the user's last applied bindings (as specified by the input IAMPartialPolicy) are deleted from the underlying IAM Policy (as specified by the input IAMPolicy). This function is intended to be called on IAMPartialPolicy resources deletion.

The status.AllBindings in the returned IAMPartialPolicy reflects the remaining bindings that are computed by pruning last applied bindings (bindings managed by KCC) from all the existing bindings from the underlying IAM Policy. The status.LastAppliedBindings in the returned IAMPartialPolicy will be cleared.

func ConvertIAMPartialBindingsToIAMPolicyBindings

func ConvertIAMPartialBindingsToIAMPolicyBindings(partialPolicy *v1beta1.IAMPartialPolicy, resolver MemberIdentityResolver) (bindings []v1beta1.IAMPolicyBinding, err error)

func ToIAMPolicySkeleton

func ToIAMPolicySkeleton(p *iamv1beta1.IAMPartialPolicy) *iamv1beta1.IAMPolicy

ToIAMPolicySkeleton creates an IAMPolicy struct with ObjectMeta and resource reference copied from the partial policy. The skeleton struct can be passed to IAMClient.GetPolicy() to fetch the live IAM policy.

Types

type IAMMemberIdentityResolver

type IAMMemberIdentityResolver struct {
	Iamclient *kcciamclient.IAMClient
	Ctx       context.Context
}

IAMMemberIdentityResolver helps to resolve referenced member identity

func (*IAMMemberIdentityResolver) Resolve

func (t *IAMMemberIdentityResolver) Resolve(member iamv1beta1.Member, memberFrom *iamv1beta1.MemberSource, defaultNamespace string) (string, error)

type MemberIdentityResolver

type MemberIdentityResolver interface {
	Resolve(v1beta1.Member, *v1beta1.MemberSource, string) (string, error)
}

type ReconcileIAMPartialPolicy

type ReconcileIAMPartialPolicy struct {
	lifecyclehandler.LifecycleHandler
	client.Client
	metrics.ReconcilerMetrics
	// contains filtered or unexported fields
}

ReconcileIAMPartialPolicy is a reconciler for handling IAM partial policies.

func NewReconciler

func NewReconciler(mgr manager.Manager, provider *tfschema.Provider, smLoader *servicemappingloader.ServiceMappingLoader, converter *conversion.Converter, dclConfig *mmdcl.Config, immediateReconcileRequests chan event.GenericEvent, resourceWatcherRoutines *semaphore.Weighted, defaulters []k8s.Defaulter, jg jitter.Generator) (*ReconcileIAMPartialPolicy, error)

NewReconciler returns a new reconcile.Reconciler.

func (*ReconcileIAMPartialPolicy) Reconcile

func (r *ReconcileIAMPartialPolicy) Reconcile(ctx context.Context, request reconcile.Request) (result reconcile.Result, err error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL