v1alpha1

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 15, 2020 License: MIT Imports: 9 Imported by: 35

Documentation

Overview

+k8s:openapi-gen=true +k8s:deepcopy-gen=package,register +k8s:conversion-gen=github.com/gocardless/theatre/pkg/apis/workloads +k8s:defaulter-gen=TypeMeta +groupName=workloads.crd.gocardless.com

Index

Constants

This section is empty.

Variables

View Source
var (
	// GroupName is taken from our parent API group
	GroupName = workloads.GroupName

	// SchemeGroupVersion is group version used to register these objects
	SchemeGroupVersion = schema.GroupVersion{Group: workloads.GroupName, Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)

	// AddToScheme is required by pkg/client/...
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

func Kind

func Kind(kind string) schema.GroupKind

func Resource

func Resource(resource string) schema.GroupResource

Types

type Console

type Console struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ConsoleSpec   `json:"spec"`
	Status ConsoleStatus `json:"status,omitempty"`
}

Console declares an instance of a console environment to be created by a specific user +kubebuilder:printcolumn:name="User",type="string",JSONPath=".spec.user" +kubebuilder:printcolumn:name="Phase",type="string",JSONPath=".status.phase" +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:printcolumn:name="Expiry",type="string",JSONPath=".status.expiryTime"

func (*Console) Creating

func (c *Console) Creating() bool

Creating returns true if the console has no status (the console has just been created)

func (*Console) DeepCopy

func (in *Console) DeepCopy() *Console

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Console.

func (*Console) DeepCopyInto

func (in *Console) DeepCopyInto(out *Console)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Console) DeepCopyObject

func (in *Console) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Console) Destroyed

func (c *Console) Destroyed() bool

Destroyed returns true if the console is Destroyed

func (*Console) EligibleForGC

func (c *Console) EligibleForGC() bool

EligibleForGC returns whether a console can be garbage collected

func (*Console) GetGCTime

func (c *Console) GetGCTime() *time.Time

GetGCTime returns time time at which a console can be garbage collected, or nil if it cannot be.

This will be the case if: - TTLSecondsBeforeRunning has elapsed and the console hasn't progressed to running - TTLSecondsAfterFinished has elapsed and the console is stopped or destroyed

func (*Console) Pending

func (c *Console) Pending() bool

Pending returns true if the console is Pending

func (*Console) PendingAuthorisation

func (c *Console) PendingAuthorisation() bool

PendingAuthorisation returns true if the is Pending Authorisation

func (*Console) PendingJob

func (c *Console) PendingJob() bool

PendingJob returns true if the console is in a phase that occurs before job creation

func (*Console) PostRunning

func (c *Console) PostRunning() bool

PostRunning returns true if the console is in a phase after Running

func (*Console) PreRunning

func (c *Console) PreRunning() bool

PreRunning returns true if the console is in a phase before Running

func (*Console) Running

func (c *Console) Running() bool

Running returns true if the console is Running

func (*Console) Stopped

func (c *Console) Stopped() bool

Stopped returns true if the console is Stopped

func (*Console) TTLSecondsAfterFinished

func (c *Console) TTLSecondsAfterFinished() time.Duration

TTLSecondsAfterFinished returns the console's after finished TTL as a time.Duration

func (*Console) TTLSecondsBeforeRunning

func (c *Console) TTLSecondsBeforeRunning() time.Duration

TTLSecondsBeforeRunning returns the console's before running TTL as a time.Duration

type ConsoleAuthorisation

type ConsoleAuthorisation struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec ConsoleAuthorisationSpec `json:"spec"`
}

ConsoleAuthorisation declares a console authorisation that is instantiated when a console that requires authoristion is created. It is used to store authorisations for the associated console.

func (*ConsoleAuthorisation) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleAuthorisation.

func (*ConsoleAuthorisation) DeepCopyInto

func (in *ConsoleAuthorisation) DeepCopyInto(out *ConsoleAuthorisation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ConsoleAuthorisation) DeepCopyObject

func (in *ConsoleAuthorisation) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ConsoleAuthorisationList

type ConsoleAuthorisationList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`

	Items []ConsoleAuthorisation `json:"items"`
}

ConsoleAuthorisationList is a list of console authorisations

func (*ConsoleAuthorisationList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleAuthorisationList.

func (*ConsoleAuthorisationList) DeepCopyInto

func (in *ConsoleAuthorisationList) DeepCopyInto(out *ConsoleAuthorisationList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ConsoleAuthorisationList) DeepCopyObject

func (in *ConsoleAuthorisationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ConsoleAuthorisationRule

type ConsoleAuthorisationRule struct {
	// Human readable name of authorisation rule added to logs for auditing.
	Name string `json:"name"`

	// The matching rule to compare to the command and arguments of the console.
	//
	// This uses basic wildcard matching: Each element of the array is evaluated
	// against the corresponding element of the console's `spec.command` field.
	// An element consisting of a single `*` character will assert on the
	// presence of an element, but will allow any contents.
	// An element consisting of `**`, at the end of the match array, will match 0
	// or more additional elements in the command, but can only be used at the
	// end of the rule.
	//
	// Pattern matching _within_ elements is deliberately not supported, as this
	// makes it much harder to construct rules which are secure and do not allow chaining of additional commands (e.g. in a shell context).
	//
	// +kubebuilder:validation:MinItems=1
	MatchCommandElements []string `json:"matchCommandElements"`

	ConsoleAuthorisers `json:",inline"`
}

ConsoleAuthorisationRule declares rules specifying what commands need to be authorised and by whom.

func (*ConsoleAuthorisationRule) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleAuthorisationRule.

func (*ConsoleAuthorisationRule) DeepCopyInto

func (in *ConsoleAuthorisationRule) DeepCopyInto(out *ConsoleAuthorisationRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConsoleAuthorisationSpec

type ConsoleAuthorisationSpec struct {
	// The reference to the console by name that this console authorisation belongs to.
	ConsoleRef corev1.LocalObjectReference `json:"consoleRef"`

	// List of authorisations that have been given to the referenced console.
	Authorisations []rbacv1.Subject `json:"authorisations"`
}

ConsoleAuthorisationSpec defines the specification for a console authorisation

func (*ConsoleAuthorisationSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleAuthorisationSpec.

func (*ConsoleAuthorisationSpec) DeepCopyInto

func (in *ConsoleAuthorisationSpec) DeepCopyInto(out *ConsoleAuthorisationSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConsoleAuthorisers

type ConsoleAuthorisers struct {
	// The number of authorisations required from members of the subjects before the console can run.
	AuthorisationsRequired int `json:"authorisationsRequired"`

	// List of subjects that can provide authorisation for the console command to run.
	Subjects []rbacv1.Subject `json:"subjects"`
}

ConsoleAuthorisers declares the subjects required to perform authorisations.

func (*ConsoleAuthorisers) DeepCopy

func (in *ConsoleAuthorisers) DeepCopy() *ConsoleAuthorisers

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleAuthorisers.

func (*ConsoleAuthorisers) DeepCopyInto

func (in *ConsoleAuthorisers) DeepCopyInto(out *ConsoleAuthorisers)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConsoleList

type ConsoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`

	Items []Console `json:"items"`
}

ConsoleList is a list of consoles

func (*ConsoleList) DeepCopy

func (in *ConsoleList) DeepCopy() *ConsoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleList.

func (*ConsoleList) DeepCopyInto

func (in *ConsoleList) DeepCopyInto(out *ConsoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ConsoleList) DeepCopyObject

func (in *ConsoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ConsolePhase

type ConsolePhase string
const (
	// ConsolePendingAuthorisation means the console been created but it is not yet authorised to run
	ConsolePendingAuthorisation ConsolePhase = "Pending Authorisation"
	// ConsolePending means the console has been created but its pod is not yet ready
	ConsolePending ConsolePhase = "Pending"
	// ConsoleRunning means the pod has started and is running
	ConsoleRunning ConsolePhase = "Running"
	// ConsoleStopped means the console has completed or timed out
	ConsoleStopped ConsolePhase = "Stopped"
	// ConsoleDestroyed means the consoles job has been deleted
	ConsoleDestroyed ConsolePhase = "Destroyed"
)

These are valid phases for a console

type ConsoleSpec

type ConsoleSpec struct {
	User   string `json:"user"`
	Reason string `json:"reason"`

	// Number of seconds that the console should run for.
	// If the process running within the console has not exited before this
	// timeout is reached, then the console will be terminated.
	// If this value exceeds the Maximum Timeout Seconds specified in the
	// ConsoleTemplate that this console refers to, then this timeout will be
	// clamped to that value.
	// Maximum value of 1 week (as per ConsoleTemplate.Spec.MaxTimeoutSeconds).
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=604800
	TimeoutSeconds int `json:"timeoutSeconds,omitempty"`

	ConsoleTemplateRef corev1.LocalObjectReference `json:"consoleTemplateRef"`

	// Specifies the TTL before running for this Console. The Console will be
	// eligible for garbage collection TTLSecondsBeforeRunning seconds if it has
	// not progressed to the Running phase. This field is modeled on the TTL
	// mechanism in Kubernetes 1.12.
	// +optional
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=86400
	TTLSecondsBeforeRunning *int32 `json:"ttlSecondsBeforeRunning,omitempty"`

	// Specifies the TTL for this Console. The Console will be eligible for
	// garbage collection TTLSecondsAfterFinished seconds after it enters the
	// Stopped or Destroyed phase. This field is modeled on the TTL mechanism in
	// Kubernetes 1.12.
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=604800
	// +optional
	TTLSecondsAfterFinished *int32 `json:"ttlSecondsAfterFinished,omitempty"`

	// The command and arguments to execute. If not specified the command from
	// the template specification will be used.
	Command []string `json:"command,omitempty"`
}

ConsoleSpec defines the specification for a console

func (*ConsoleSpec) DeepCopy

func (in *ConsoleSpec) DeepCopy() *ConsoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleSpec.

func (*ConsoleSpec) DeepCopyInto

func (in *ConsoleSpec) DeepCopyInto(out *ConsoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConsoleStatus

type ConsoleStatus struct {
	PodName    string       `json:"podName"`
	ExpiryTime *metav1.Time `json:"expiryTime,omitempty"`
	// Time at which the job completed successfully
	CompletionTime *metav1.Time `json:"completionTime,omitempty"`
	Phase          ConsolePhase `json:"phase"`
}

ConsoleStatus defines the status of a created console, populated at runtime

func (*ConsoleStatus) DeepCopy

func (in *ConsoleStatus) DeepCopy() *ConsoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleStatus.

func (*ConsoleStatus) DeepCopyInto

func (in *ConsoleStatus) DeepCopyInto(out *ConsoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConsoleTemplate

type ConsoleTemplate struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec ConsoleTemplateSpec `json:"spec"`
}

ConsoleTemplate declares a console template that can be instantiated through a Console object

func (*ConsoleTemplate) DeepCopy

func (in *ConsoleTemplate) DeepCopy() *ConsoleTemplate

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleTemplate.

func (*ConsoleTemplate) DeepCopyInto

func (in *ConsoleTemplate) DeepCopyInto(out *ConsoleTemplate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ConsoleTemplate) DeepCopyObject

func (in *ConsoleTemplate) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ConsoleTemplate) GetAuthorisationRuleForCommand

func (ct *ConsoleTemplate) GetAuthorisationRuleForCommand(command []string) (ConsoleAuthorisationRule, error)

GetAuthorisationRuleForCommand returns an authorisation rule that matches the command that a console is being started with, or an error if one does not exist.

It does this by iterating through the console template's authorisation rules list until it finds a match, and then falls back to the default authorisation rule if one is defined.

The `matchCommandElements` field, within an AuthorisationRule, is an array of matchers, of which there are 3 supported types:

  1. `*` - a wildcard that matches the presence of an element.
  2. `**` - a wildcard that matches any number (including 0) of elements. This can only be used at the end of the array.
  3. Any other string of characters, this is used to perform an exact string match against the current element.

The elements of the command array are evaluated in order; any failure to match will result in falling back to the next rule.

Examples:

| Matcher | Command | Matches? | | --------------------- | -------------------------------- | -------- | | ["bash"] | ["bash"] | Yes | | ["ls", "*"] | ["ls"] | No | | ["ls", "*"] | ["ls", "file"] | Yes | | ["ls", "*", "file2"] | ["ls", "file", "file3", "file2"] | No | | ["ls", "*", "file2"] | ["ls", "file", "file2"] | Yes | | ["echo", "**"] | ["echo"] | Yes | | ["echo", "**"] | ["echo", "hello"] | Yes | | ["echo", "**"] | ["echo", "hi", "bye" ] | Yes | | ["echo", "**", "bye"] | ["echo", "hi", "bye" ] | Error |

func (*ConsoleTemplate) GetDefaultCommandWithArgs

func (ct *ConsoleTemplate) GetDefaultCommandWithArgs() ([]string, error)

GetDefaultCommandWithArgs returns a concatenated list of command and arguments, if defined on the template

func (*ConsoleTemplate) HasAuthorisationRules

func (ct *ConsoleTemplate) HasAuthorisationRules() bool

HasAuthorisationRules defines whether a console template has authorisation rules defined on it.

func (*ConsoleTemplate) Validate

func (ct *ConsoleTemplate) Validate() error

Validate checks the console template object for correctness and returns a list of errors.

type ConsoleTemplateList

type ConsoleTemplateList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`

	Items []ConsoleTemplate `json:"items"`
}

ConsoleTemplateList is a list of console templates

func (*ConsoleTemplateList) DeepCopy

func (in *ConsoleTemplateList) DeepCopy() *ConsoleTemplateList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleTemplateList.

func (*ConsoleTemplateList) DeepCopyInto

func (in *ConsoleTemplateList) DeepCopyInto(out *ConsoleTemplateList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ConsoleTemplateList) DeepCopyObject

func (in *ConsoleTemplateList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ConsoleTemplateSpec

type ConsoleTemplateSpec struct {
	Template corev1.PodTemplateSpec `json:"template"`

	// Default time, in seconds, that a Console will be created for.
	// Maximum value of 1 week (as per MaxTimeoutSeconds).
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=604800
	DefaultTimeoutSeconds int `json:"defaultTimeoutSeconds"`

	// Maximum time, in seconds, that a Console can be created for.
	// Maximum value of 1 week.
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=604800
	MaxTimeoutSeconds        int              `json:"maxTimeoutSeconds"`
	AdditionalAttachSubjects []rbacv1.Subject `json:"additionalAttachSubjects,omitempty"`

	// Specifies the TTL before running for any Console created with this
	// template. If set, the Console will be eligible for garbage collection
	// TTLSecondsBeforeRunning seconds if it has not progressed to the Running
	// phase. If not set, this value defaults to 60 minutes. This field is
	// modeled on the TTL mechanism in Kubernetes 1.12.
	// +optional
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=86400
	DefaultTTLSecondsBeforeRunning *int32 `json:"defaultTtlSecondsBeforeRunning,omitempty"`

	// Specifies the TTL for any Console created with this template. If set, the
	// Console will be eligible for garbage collection
	// DefaultTTLSecondsAfterFinished seconds after it enters the Stopped or
	// Destroyed phase. If not set, this value defaults to 24 hours. This field
	// is modeled closely on the TTL mechanism in Kubernetes 1.12.
	// +optional
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=604800
	DefaultTTLSecondsAfterFinished *int32 `json:"defaultTtlSecondsAfterFinished,omitempty"`

	// List of authorisation rules to match against in order from top to bottom.
	// +optional
	AuthorisationRules []ConsoleAuthorisationRule `json:"authorisationRules,omitempty"`
	// Default authorisation rule to use if no authorisation rules are defined or no authorisation rules match.
	// +optional
	DefaultAuthorisationRule *ConsoleAuthorisers `json:"defaultAuthorisationRule,omitempty"`
}

ConsoleTemplateSpec defines the parameters that a created console will adhere to

func (*ConsoleTemplateSpec) DeepCopy

func (in *ConsoleTemplateSpec) DeepCopy() *ConsoleTemplateSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleTemplateSpec.

func (*ConsoleTemplateSpec) DeepCopyInto

func (in *ConsoleTemplateSpec) DeepCopyInto(out *ConsoleTemplateSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL