cache

package
v1.6.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 25, 2019 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// IdentityAllocator is an allocator for security identities from the
	// kvstore.
	IdentityAllocator *allocator.Allocator

	// GlobalIdentityAllocatorInitialized is closed whenever the global identity
	// allocator is initialized.
	GlobalIdentityAllocatorInitialized = make(chan struct{})

	// IdentitiesPath is the path to where identities are stored in the key-value
	// store.
	IdentitiesPath = path.Join(kvstore.BaseKeyPrefix, "state", "identities", "v1")
)

Functions

func AddUserDefinedNumericIdentitySet

func AddUserDefinedNumericIdentitySet(m map[string]string) error

AddUserDefinedNumericIdentitySet adds all key-value pairs from the given map to the map of user defined numeric identities and reserved identities. The key-value pairs should map a numeric identity to a valid label. Is not safe for concurrent use.

func AllocateIdentity

func AllocateIdentity(ctx context.Context, owner IdentityAllocatorOwner, lbls labels.Labels) (id *identity.Identity, allocated bool, err error)

AllocateIdentity allocates an identity described by the specified labels. If an identity for the specified set of labels already exist, the identity is re-used and reference counting is performed, otherwise a new identity is allocated via the kvstore.

func Close

func Close()

Close closes the identity allocator and allows to call InitIdentityAllocator() again

func IdentityAllocationIsLocal

func IdentityAllocationIsLocal(lbls labels.Labels) bool

IdentityAllocationIsLocal returns true if a call to AllocateIdentity with the given labels would not require accessing the KV store to allocate the identity. Currently, this function returns true only if the labels are those of a reserved identity, i.e. if the slice contains a single reserved "reserved:*" label.

func InitIdentityAllocator

func InitIdentityAllocator(owner IdentityAllocatorOwner, client clientset.Interface, identityStore cache.Store) <-chan struct{}

InitIdentityAllocator creates the the identity allocator. Only the first invocation of this function will have an effect. The Caller must have initialized well known identities before calling this (by calling identity.InitWellKnownIdentities()). client and identityStore are only used by the CRD identity allocator, currently, and identityStore may be nil. Returns a channel which is closed when initialization of the allocator is completed. TODO: identity backends are initialized directly in this function, pulling in dependencies on kvstore and k8s. It would be better to decouple this, since the backends are an interface.

func LookupIdentity

func LookupIdentity(lbls labels.Labels) *identity.Identity

LookupIdentity looks up the identity by its labels but does not create it. This function will first search through the local cache and fall back to querying the kvstore.

func LookupIdentityByID

func LookupIdentityByID(id identity.NumericIdentity) *identity.Identity

LookupIdentityByID returns the identity by ID. This function will first search through the local cache and fall back to querying the kvstore.

func LookupReservedIdentityByLabels

func LookupReservedIdentityByLabels(lbls labels.Labels) *identity.Identity

LookupReservedIdentityByLabels looks up a reserved identity by its labels and returns it if found. Returns nil if not found.

func Release

func Release(ctx context.Context, owner IdentityAllocatorOwner, id *identity.Identity) (released bool, err error)

Release is the reverse operation of AllocateIdentity() and releases the identity again. This function may result in kvstore operations. After the last user has released the ID, the returned lastUse value is true.

func ReleaseSlice

func ReleaseSlice(ctx context.Context, owner IdentityAllocatorOwner, identities []*identity.Identity) error

ReleaseSlice attempts to release a set of identities. It is a helper function that may be useful for cleaning up multiple identities in paths where several identities may be allocated and another error means that they should all be released.

func WaitForInitialGlobalIdentities added in v1.5.5

func WaitForInitialGlobalIdentities(ctx context.Context) error

WaitForInitialGlobalIdentities waits for the initial set of global security identities to have been received and populated into the allocator cache.

func WatchRemoteIdentities

func WatchRemoteIdentities(backend kvstore.BackendOperations) *allocator.RemoteCache

WatchRemoteIdentities starts watching for identities in another kvstore and syncs all identities to the local identity cache.

Types

type GlobalIdentity added in v1.6.0

type GlobalIdentity struct {
	labels.LabelArray
}

GlobalIdentity is the structure used to store an identity

func (GlobalIdentity) GetAsMap added in v1.6.0

func (gi GlobalIdentity) GetAsMap() map[string]string

GetAsMap encodes a GlobalIdentity a map of keys to values. The keys will include a source delimted by a ':'. This output is pareable by PutKeyFromMap.

func (GlobalIdentity) GetKey added in v1.6.0

func (gi GlobalIdentity) GetKey() (str string)

GetKey encodes an Identity as string

func (GlobalIdentity) PutKey added in v1.6.0

PutKey decodes an Identity from its string representation

func (GlobalIdentity) PutKeyFromMap added in v1.6.0

func (gi GlobalIdentity) PutKeyFromMap(v map[string]string) allocator.AllocatorKey

PutKeyFromMap decodes an Identity from a map of key to value. Output from GetAsMap can be parsed. Note: NewLabelArrayFromMap will parse the ':' separated label source from the keys because the source parameter is ""

type IdentitiesModel

type IdentitiesModel []*models.Identity

IdentitiesModel is a wrapper so that we can implement the sort.Interface to sort the slice by ID

func GetIdentities

func GetIdentities() IdentitiesModel

GetIdentities returns all known identities

func (IdentitiesModel) Less

func (s IdentitiesModel) Less(i, j int) bool

Less returns true if the element in index `i` is lower than the element in index `j`

type IdentityAllocatorOwner

type IdentityAllocatorOwner interface {
	// UpdateIdentities will be called when identities have changed
	//
	// The caller is responsible for making sure the same identity
	// is not present in both 'added' and 'deleted', so that they
	// can be processed in either order.
	UpdateIdentities(added, deleted IdentityCache)

	// GetSuffix must return the node specific suffix to use
	GetNodeSuffix() string
}

IdentityAllocatorOwner is the interface the owner of an identity allocator must implement

type IdentityCache

type IdentityCache map[identity.NumericIdentity]labels.LabelArray

IdentityCache is a cache of identity to labels mapping

func GetIdentityCache

func GetIdentityCache() IdentityCache

GetIdentityCache returns a cache of all known identities

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL