apiserver

package
v4.2.2+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 12, 2020 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source
const APPLY_POLICY_PERM = "ApplyPolicy"
View Source
const CAT_PERM = "Cat"

MISC

View Source
const CLONE_PERM = "Clone"
View Source
const CREATE_BACKUP_PERM = "CreateBackup"

CREATE

View Source
const CREATE_BENCHMARK_PERM = "CreateBenchmark"
View Source
const CREATE_CLUSTER_PERM = "CreateCluster"
View Source
const CREATE_DUMP_PERM = "CreateDump"
View Source
const CREATE_FAILOVER_PERM = "CreateFailover"
View Source
const CREATE_INGEST_PERM = "CreateIngest"
View Source
const CREATE_NAMESPACE_PERM = "CreateNamespace"
View Source
const CREATE_PGBOUNCER_PERM = "CreatePgbouncer"
View Source
const CREATE_PGOROLE_PERM = "CreatePgorole"
View Source
const CREATE_PGOUSER_PERM = "CreatePgouser"
View Source
const CREATE_POLICY_PERM = "CreatePolicy"
View Source
const CREATE_SCHEDULE_PERM = "CreateSchedule"
View Source
const CREATE_UPGRADE_PERM = "CreateUpgrade"
View Source
const CREATE_USER_PERM = "CreateUser"
View Source
const DELETE_BACKUP_PERM = "DeleteBackup"

DELETE

View Source
const DELETE_BENCHMARK_PERM = "DeleteBenchmark"
View Source
const DELETE_CLUSTER_PERM = "DeleteCluster"
View Source
const DELETE_INGEST_PERM = "DeleteIngest"
View Source
const DELETE_NAMESPACE_PERM = "DeleteNamespace"
View Source
const DELETE_PGBOUNCER_PERM = "DeletePgbouncer"
View Source
const DELETE_PGOROLE_PERM = "DeletePgorole"
View Source
const DELETE_PGOUSER_PERM = "DeletePgouser"
View Source
const DELETE_POLICY_PERM = "DeletePolicy"
View Source
const DELETE_SCHEDULE_PERM = "DeleteSchedule"
View Source
const DELETE_USER_PERM = "DeleteUser"
View Source
const DF_CLUSTER_PERM = "DfCluster"
View Source
const LABEL_PERM = "Label"
View Source
const LOAD_PERM = "Load"
View Source
const LS_PERM = "Ls"
View Source
const PGOSecretName = "pgo.tls"
View Source
const RELOAD_PERM = "Reload"
View Source
const RESTORE_DUMP_PERM = "RestoreDump"

RESTORE

View Source
const RESTORE_PERM = "Restore"
View Source
const RESTORE_PGBASEBACKUP_PERM = "RestorePgbasebackup"
View Source
const SCALE_CLUSTER_PERM = "ScaleCluster"

SCALE

View Source
const SHOW_BACKUP_PERM = "ShowBackup"

SHOW

View Source
const SHOW_BENCHMARK_PERM = "ShowBenchmark"
View Source
const SHOW_CLUSTER_PERM = "ShowCluster"
View Source
const SHOW_CONFIG_PERM = "ShowConfig"
View Source
const SHOW_INGEST_PERM = "ShowIngest"
View Source
const SHOW_NAMESPACE_PERM = "ShowNamespace"
View Source
const SHOW_PGOROLE_PERM = "ShowPgorole"
View Source
const SHOW_PGOUSER_PERM = "ShowPgouser"
View Source
const SHOW_POLICY_PERM = "ShowPolicy"
View Source
const SHOW_PVC_PERM = "ShowPVC"
View Source
const SHOW_SCHEDULE_PERM = "ShowSchedule"
View Source
const SHOW_SECRETS_PERM = "ShowSecrets"
View Source
const SHOW_USER_PERM = "ShowUser"
View Source
const SHOW_WORKFLOW_PERM = "ShowWorkflow"
View Source
const STATUS_PERM = "Status"
View Source
const TEST_CLUSTER_PERM = "TestCluster"
View Source
const TreeBranch = "├── "

TreeBranch is for debugging only in this context

View Source
const TreeTrunk = "└── "

TreeTrunk is for debugging only in this context

View Source
const UPDATE_CLUSTER_PERM = "UpdateCluster"

UPDATE

View Source
const UPDATE_NAMESPACE_PERM = "UpdateNamespace"
View Source
const UPDATE_PGOROLE_PERM = "UpdatePgorole"
View Source
const UPDATE_PGOUSER_PERM = "UpdatePgouser"
View Source
const UPDATE_USER_PERM = "UpdateUser"
View Source
const VERSION_MISMATCH_ERROR = "pgo client and server version mismatch"
View Source
const VERSION_PERM = "Version"

Variables

View Source
var AuditFlag bool

AuditFlag if set to true will cause auditing to occur in the logs

View Source
var BasicAuth bool

BasicAuth comes from the apiserver config

View Source
var CRUNCHY_DEBUG bool

Clientset ...

View Source
var DebugFlag bool

DebugFlag is the debug flag value

View Source
var (

	// ErrDBContainerNotFound is an error that indicates that a "database" container
	// could not be found in a specific pod
	ErrDBContainerNotFound = errors.New("\"database\" container not found in pod")
)
View Source
var InstallationName string
View Source
var MetricsFlag, BadgerFlag bool

MetricsFlag if set to true will cause crunchy-collect to be added into new clusters

View Source
var PermMap map[string]string
View Source
var PgoNamespace string

Namespace comes from the apiserver config in this version

View Source
var RESTClient *rest.RESTClient

RESTClient ...

View Source
var RESTConfig *rest.Config
View Source
var RoleMap map[string]map[string]string

Functions

func Authn

func Authn(perm string, w http.ResponseWriter, r *http.Request) (string, error)

Authn performs HTTP Basic Authentication against a user if "BasicAuth" is set to "true" (which it is by default).

...it also performs Authorization (Authz) against the user that is attempting to authenticate, and as such, to truly "authenticate/authorize," one needs at least a valid Operator User account.

func BasicAuthCheck

func BasicAuthCheck(username, password string) bool

func BasicAuthzCheck

func BasicAuthzCheck(username, perm string) bool

func ConnectToKube

func ConnectToKube()

ConnectToKube ...

func CreateRMDataTask

func CreateRMDataTask(clusterName, replicaName, taskName string, deleteBackups, deleteData, isReplica, isBackup bool, ns, clusterPGHAScope string) error

func GetBackrestStorageTypes

func GetBackrestStorageTypes() []string

func GetContainerResourcesJSON

func GetContainerResourcesJSON(resources *crv1.PgContainerResources) string

GetContainerResources ...

func GetNamespace

func GetNamespace(clientset *kubernetes.Clientset, username, requestedNS string) (string, error)

GetNamespace determines if a user has permission for a namespace they are requesting a valid requested namespace is required

func GetPVCName

func GetPVCName(pod *v1.Pod) map[string]string

func GetSecrets

func GetSecrets(cluster *crv1.Pgcluster, ns string) ([]msgs.ShowUserSecret, error)

func HasPerm

func HasPerm(role string, perm string) bool

func Initialize

func Initialize()

func InitializePerms

func InitializePerms()

func IsValidContainerResource

func IsValidContainerResource(name string) bool

func IsValidContainerResourceValues

func IsValidContainerResourceValues() bool

func IsValidNodeLabel

func IsValidNodeLabel(key, value string) (bool, bool, error)

IsValidNodeLabel returns bool for key validity returns bool for value validity returns error

func IsValidPVC

func IsValidPVC(pvcName, ns string) bool

IsValidPVC determines if a PVC with the name provided exits

func IsValidStorageName

func IsValidStorageName(name string) bool

func NewCertEnforcer

func NewCertEnforcer(reqRoutes []string) (*certEnforcer, error)

NewCertEnforcer ensures a certEnforcer is created with skipped routes and validates that the configured routes are allowed

func UserIsPermittedInNamespace

func UserIsPermittedInNamespace(username, requestedNS string) (bool, bool)

returns installation access and user access installation access means a namespace belongs to this Operator installation user access means this user has access to a namespace

func ValidateNodeLabel

func ValidateNodeLabel(nodeLabel string) error

ValidateNodeLabel returns error if node label is invalid

func WriteTLSCert

func WriteTLSCert(certPath, keyPath string) error

WriteTLSCert writes the server certificate and key to files from the PGOSecretName secret or generates a new key (writing to both the secret and the expected files

Types

type CredentialDetail

type CredentialDetail struct {
	Username   string
	Password   string
	Role       string
	Namespaces []string
}

type ReplicaPodStatus

type ReplicaPodStatus struct {
	NodeName    string
	ReadyStatus string
}

ReplicaPodStatus stores the name of the node a replica pod is assigned to, as well as whether or not the pod is considered "Ready" in the Kubernetes cluster

func GetReplicaPodStatus

func GetReplicaPodStatus(clusterName, ns string) (*ReplicaPodStatus, error)

GetReplicaPodStatus gets the status of all replica pods in the cluster. Specifically, using the provided cluster name and namespace, it looks up all replica pod in the cluster, and then provides a status for each pod ("Ready" or "Not Ready")

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL