Documentation ¶
Index ¶
- func Add(mgr manager.Manager, tfProvider *tfschema.Provider, ...) error
- func ComputePartialPolicyWithMergedBindings(partialPolicy *v1beta1.IAMPartialPolicy, livePolicy *v1beta1.IAMPolicy, ...) (*v1beta1.IAMPartialPolicy, error)
- func ComputePartialPolicyWithRemainingBindings(partialPolicy *v1beta1.IAMPartialPolicy, livePolicy *v1beta1.IAMPolicy) *v1beta1.IAMPartialPolicy
- func ConvertIAMPartialBindingsToIAMPolicyBindings(partialPolicy *v1beta1.IAMPartialPolicy, resolver MemberIdentityResolver) (bindings []v1beta1.IAMPolicyBinding, err error)
- func ToIAMPolicySkeleton(p *iamv1beta1.IAMPartialPolicy) *iamv1beta1.IAMPolicy
- type IAMMemberIdentityResolver
- type MemberIdentityResolver
- type ReconcileIAMPartialPolicy
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Add ¶
func Add(mgr manager.Manager, tfProvider *tfschema.Provider, smLoader *servicemappingloader.ServiceMappingLoader, converter *conversion.Converter, dclConfig *mmdcl.Config) error
Add creates a new IAM Partial Policy Controller and adds it to the Manager with default RBAC. The Manager will set fields on the Controller and start it when the Manager is started.
func ComputePartialPolicyWithMergedBindings ¶
func ComputePartialPolicyWithMergedBindings(partialPolicy *v1beta1.IAMPartialPolicy, livePolicy *v1beta1.IAMPolicy, resolver MemberIdentityResolver) (*v1beta1.IAMPartialPolicy, error)
The status.AllBindings in the returned IAMPartialPolicy reflects a mix of user specified bindings and the existing bindings associated with the GCP resource. The merge strategy takes effect on the member level with {role, condition} tuples as keys. The status.LastAppliedBindings in the returned IAMPartialPolicy reflects a list of canonical bindings that specified by users.
func ComputePartialPolicyWithRemainingBindings ¶
func ComputePartialPolicyWithRemainingBindings(partialPolicy *v1beta1.IAMPartialPolicy, livePolicy *v1beta1.IAMPolicy) *v1beta1.IAMPartialPolicy
ComputePartialPolicyWithRemainingBindings returns the IAMPartialPolicy that results after the user's last applied bindings (as specified by the input IAMPartialPolicy) are deleted from the underlying IAM Policy (as specified by the input IAMPolicy). This function is intended to be called on IAMPartialPolicy resources deletion.
The status.AllBindings in the returned IAMPartialPolicy reflects the remaining bindings that are computed by pruning last applied bindings (bindings managed by KCC) from all the existing bindings from the underlying IAM Policy. The status.LastAppliedBindings in the returned IAMPartialPolicy will be cleared.
func ConvertIAMPartialBindingsToIAMPolicyBindings ¶
func ConvertIAMPartialBindingsToIAMPolicyBindings(partialPolicy *v1beta1.IAMPartialPolicy, resolver MemberIdentityResolver) (bindings []v1beta1.IAMPolicyBinding, err error)
func ToIAMPolicySkeleton ¶
func ToIAMPolicySkeleton(p *iamv1beta1.IAMPartialPolicy) *iamv1beta1.IAMPolicy
ToIAMPolicySkeleton creates an IAMPolicy struct with ObjectMeta and resource reference copied from the partial policy. The skeleton struct can be passed to IAMClient.GetPolicy() to fetch the live IAM policy.
Types ¶
type IAMMemberIdentityResolver ¶
type IAMMemberIdentityResolver struct { Iamclient *kcciamclient.IAMClient Ctx context.Context }
IAMMemberIdentityResolver helps to resolve referenced member identity
func (*IAMMemberIdentityResolver) Resolve ¶
func (t *IAMMemberIdentityResolver) Resolve(member iamv1beta1.Member, memberFrom *iamv1beta1.MemberSource, defaultNamespace string) (string, error)
type MemberIdentityResolver ¶
type ReconcileIAMPartialPolicy ¶
type ReconcileIAMPartialPolicy struct { lifecyclehandler.LifecycleHandler client.Client metrics.ReconcilerMetrics // contains filtered or unexported fields }
ReconcileIAMPartialPolicy is a reconciler for handling IAM partial policies.
func NewReconciler ¶
func NewReconciler(mgr manager.Manager, provider *tfschema.Provider, smLoader *servicemappingloader.ServiceMappingLoader, converter *conversion.Converter, dclConfig *mmdcl.Config, immediateReconcileRequests chan event.GenericEvent, resourceWatcherRoutines *semaphore.Weighted) (*ReconcileIAMPartialPolicy, error)
NewReconciler returns a new reconcile.Reconciler.