Documentation ¶
Overview ¶
Package builders provides "Builders" for Access Requests
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrRequestDurationInvalid = errors.New("access request duration invalid")
ErrRequestDurationInvalid indicates that the requested access duration is an invalid time string.
View Source
var ErrRequestDurationTooLong = errors.New(
"access request duration longer than template maximum duration",
)
ErrRequestDurationTooLong indicates that the Access Request's "duration" field is longer than the target templates "maxDuration" field.
View Source
var ErrRequestExpired = errors.New("access expired")
ErrRequestExpired indicates that the Access Request has expired
View Source
var ErrTemplateDoesNotExist = errors.New("template does not exist")
ErrTemplateDoesNotExist indicates that the TargetTemplate for the Access Request does not exist and therefore the Access Request cannot be satisified.
Functions ¶
This section is empty.
Types ¶
type IBuilder ¶
type IBuilder interface { // GetTemplate checks whether or not the TargetTemplate actually exists GetTemplate( ctx context.Context, client client.Client, req v1alpha1.IRequestResource, ) (v1alpha1.ITemplateResource, error) // GetAccessDuration checks the durations of the Access Request against the Template. GetAccessDuration( req v1alpha1.IRequestResource, tmpl v1alpha1.ITemplateResource, ) (duration time.Duration, decision string, err error) // SetRequestOwnerReference ensures that if the TargetTemplate is ever deleted, // that all of the Access Requests pointing to it are also automatically // deleted, which automatically cascades down to delete all of the access // resources. // // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/ SetRequestOwnerReference( ctx context.Context, client client.Client, req v1alpha1.IRequestResource, tmpl v1alpha1.ITemplateResource, ) error // CreateAccessResources is the heavy lifter in an Access Builder - it is // responsible for creating any access resources required to satisfy the // access request. All resources created by this function must have an // OwnerReference set to the Access Request to ensure proper cleanup. CreateAccessResources( ctx context.Context, client client.Client, req v1alpha1.IRequestResource, tmpl v1alpha1.ITemplateResource, ) (string, error) // AccessResourcesAreReady returns an indication of whether the resources // are fully ready. For some this function may just return True right away // (in the case of creating only a Role/RoleBinding). In other cases there // may be work to check if the status of a resource is completed (eg, // waiting for a Pod to become Ready). AccessResourcesAreReady( ctx context.Context, client client.Client, req v1alpha1.IRequestResource, tmpl v1alpha1.ITemplateResource, ) (bool, error) }
IBuilder defines an interface that our RequestController can use to manage Access Request resources
Directories ¶
Path | Synopsis |
---|---|
Package execaccessbuilder implements the IBuilder interface for ExecAccessRequest resources
|
Package execaccessbuilder implements the IBuilder interface for ExecAccessRequest resources |
internal
Package internal separates out some of the internal builder logic from the top level execaccessbuilder package to make it easier to see the interface-implementing methods as separate from the backend business logic.
|
Package internal separates out some of the internal builder logic from the top level execaccessbuilder package to make it easier to see the interface-implementing methods as separate from the backend business logic. |
Package podaccessbuilder implements the IBuilder interface for PodAccessRequest resources
|
Package podaccessbuilder implements the IBuilder interface for PodAccessRequest resources |
internal
Package internal separates out some of the internal builder logic from the top level podaccessbuilder package to make it easier to see the interface-implementing methods as separate from the backend business logic.
|
Package internal separates out some of the internal builder logic from the top level podaccessbuilder package to make it easier to see the interface-implementing methods as separate from the backend business logic. |
Package utils provides a set of utility functions that make implementing the IBuilder interface easier.
|
Package utils provides a set of utility functions that make implementing the IBuilder interface easier. |
Click to show internal directories.
Click to hide internal directories.