Documentation ¶
Index ¶
- Variables
- func AddUserDefinedNumericIdentitySet(m map[string]string) error
- func AllocateIdentity(ctx context.Context, owner IdentityAllocatorOwner, lbls labels.Labels) (id *identity.Identity, allocated bool, err error)
- func Close()
- func IdentityAllocationIsLocal(lbls labels.Labels) bool
- func InitIdentityAllocator(owner IdentityAllocatorOwner, client clientset.Interface, ...) <-chan struct{}
- func LookupIdentity(lbls labels.Labels) *identity.Identity
- func LookupIdentityByID(id identity.NumericIdentity) *identity.Identity
- func LookupReservedIdentityByLabels(lbls labels.Labels) *identity.Identity
- func Release(ctx context.Context, owner IdentityAllocatorOwner, id *identity.Identity) (released bool, err error)
- func ReleaseSlice(ctx context.Context, owner IdentityAllocatorOwner, ...) error
- func WaitForInitialGlobalIdentities(ctx context.Context) error
- func WatchRemoteIdentities(backend kvstore.BackendOperations) *allocator.RemoteCache
- type GlobalIdentity
- type IdentitiesModel
- type IdentityAllocatorOwner
- type IdentityCache
Constants ¶
This section is empty.
Variables ¶
var ( // IdentityAllocator is an allocator for security identities from the // kvstore. IdentityAllocator *allocator.Allocator // GlobalIdentityAllocatorInitialized is closed whenever the global identity // allocator is initialized. GlobalIdentityAllocatorInitialized = make(chan struct{}) // IdentitiesPath is the path to where identities are stored in the key-value // store. IdentitiesPath = path.Join(kvstore.BaseKeyPrefix, "state", "identities", "v1") )
Functions ¶
func AddUserDefinedNumericIdentitySet ¶
AddUserDefinedNumericIdentitySet adds all key-value pairs from the given map to the map of user defined numeric identities and reserved identities. The key-value pairs should map a numeric identity to a valid label. Is not safe for concurrent use.
func AllocateIdentity ¶
func AllocateIdentity(ctx context.Context, owner IdentityAllocatorOwner, lbls labels.Labels) (id *identity.Identity, allocated bool, err error)
AllocateIdentity allocates an identity described by the specified labels. If an identity for the specified set of labels already exist, the identity is re-used and reference counting is performed, otherwise a new identity is allocated via the kvstore.
func Close ¶
func Close()
Close closes the identity allocator and allows to call InitIdentityAllocator() again
func IdentityAllocationIsLocal ¶
IdentityAllocationIsLocal returns true if a call to AllocateIdentity with the given labels would not require accessing the KV store to allocate the identity. Currently, this function returns true only if the labels are those of a reserved identity, i.e. if the slice contains a single reserved "reserved:*" label.
func InitIdentityAllocator ¶
func InitIdentityAllocator(owner IdentityAllocatorOwner, client clientset.Interface, identityStore cache.Store) <-chan struct{}
InitIdentityAllocator creates the the identity allocator. Only the first invocation of this function will have an effect. The Caller must have initialized well known identities before calling this (by calling identity.InitWellKnownIdentities()). client and identityStore are only used by the CRD identity allocator, currently, and identityStore may be nil. Returns a channel which is closed when initialization of the allocator is completed. TODO: identity backends are initialized directly in this function, pulling in dependencies on kvstore and k8s. It would be better to decouple this, since the backends are an interface.
func LookupIdentity ¶
LookupIdentity looks up the identity by its labels but does not create it. This function will first search through the local cache and fall back to querying the kvstore.
func LookupIdentityByID ¶
func LookupIdentityByID(id identity.NumericIdentity) *identity.Identity
LookupIdentityByID returns the identity by ID. This function will first search through the local cache and fall back to querying the kvstore.
func LookupReservedIdentityByLabels ¶
LookupReservedIdentityByLabels looks up a reserved identity by its labels and returns it if found. Returns nil if not found.
func Release ¶
func Release(ctx context.Context, owner IdentityAllocatorOwner, id *identity.Identity) (released bool, err error)
Release is the reverse operation of AllocateIdentity() and releases the identity again. This function may result in kvstore operations. After the last user has released the ID, the returned lastUse value is true.
func ReleaseSlice ¶
func ReleaseSlice(ctx context.Context, owner IdentityAllocatorOwner, identities []*identity.Identity) error
ReleaseSlice attempts to release a set of identities. It is a helper function that may be useful for cleaning up multiple identities in paths where several identities may be allocated and another error means that they should all be released.
func WaitForInitialGlobalIdentities ¶ added in v1.5.5
WaitForInitialGlobalIdentities waits for the initial set of global security identities to have been received and populated into the allocator cache.
func WatchRemoteIdentities ¶
func WatchRemoteIdentities(backend kvstore.BackendOperations) *allocator.RemoteCache
WatchRemoteIdentities starts watching for identities in another kvstore and syncs all identities to the local identity cache.
Types ¶
type GlobalIdentity ¶ added in v1.6.0
type GlobalIdentity struct {
labels.LabelArray
}
GlobalIdentity is the structure used to store an identity
func (GlobalIdentity) GetAsMap ¶ added in v1.6.0
func (gi GlobalIdentity) GetAsMap() map[string]string
GetAsMap encodes a GlobalIdentity a map of keys to values. The keys will include a source delimted by a ':'. This output is pareable by PutKeyFromMap.
func (GlobalIdentity) GetKey ¶ added in v1.6.0
func (gi GlobalIdentity) GetKey() (str string)
GetKey encodes an Identity as string
func (GlobalIdentity) PutKey ¶ added in v1.6.0
func (gi GlobalIdentity) PutKey(v string) allocator.AllocatorKey
PutKey decodes an Identity from its string representation
func (GlobalIdentity) PutKeyFromMap ¶ added in v1.6.0
func (gi GlobalIdentity) PutKeyFromMap(v map[string]string) allocator.AllocatorKey
PutKeyFromMap decodes an Identity from a map of key to value. Output from GetAsMap can be parsed. Note: NewLabelArrayFromMap will parse the ':' separated label source from the keys because the source parameter is ""
type IdentitiesModel ¶
IdentitiesModel is a wrapper so that we can implement the sort.Interface to sort the slice by ID
func GetIdentities ¶
func GetIdentities() IdentitiesModel
GetIdentities returns all known identities
func (IdentitiesModel) Less ¶
func (s IdentitiesModel) Less(i, j int) bool
Less returns true if the element in index `i` is lower than the element in index `j`
type IdentityAllocatorOwner ¶
type IdentityAllocatorOwner interface { // UpdateIdentities will be called when identities have changed // // The caller is responsible for making sure the same identity // is not present in both 'added' and 'deleted', so that they // can be processed in either order. UpdateIdentities(added, deleted IdentityCache) // GetSuffix must return the node specific suffix to use GetNodeSuffix() string }
IdentityAllocatorOwner is the interface the owner of an identity allocator must implement
type IdentityCache ¶
type IdentityCache map[identity.NumericIdentity]labels.LabelArray
IdentityCache is a cache of identity to labels mapping
func GetIdentityCache ¶
func GetIdentityCache() IdentityCache
GetIdentityCache returns a cache of all known identities