resources

package
v0.0.0-...-5c79d48 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 15, 2024 License: AGPL-3.0 Imports: 32 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// DeletionFinalizer is a name of finalizer added to resource's 'finalizers' field
	// for tracking deletion events.
	DeletionFinalizer = "resources.teleport.dev/deletion"
	// AnnotationFlagIgnore is the Kubernetes annotation containing the "ignore" flag.
	// When set to true, the operator will not reconcile the CR.
	AnnotationFlagIgnore = "teleport.dev/ignore"
	// AnnotationFlagKeep is the Kubernetes annotation containing the "keep" flag.
	// When set to true, the operator will not delete the Teleport resource if the
	// CR is deleted.
	AnnotationFlagKeep = "teleport.dev/keep"
)
View Source 
const (
	ConditionReasonFailedToDecode         = "FailedToDecode"
	ConditionReasonOriginLabelNotMatching = "OriginLabelNotMatching"
	ConditionReasonOriginLabelMatching    = "OriginLabelMatching"
	ConditionReasonNewResource            = "NewResource"
	ConditionReasonNoError                = "NoError"
	ConditionReasonTeleportError          = "TeleportError"
	ConditionReasonTeleportClientError    = "TeleportClientError"
	ConditionTypeTeleportResourceOwned    = "TeleportResourceOwned"
	ConditionTypeSuccessfullyReconciled   = "SuccessfullyReconciled"
	ConditionTypeValidStructure           = "ValidStructure"
	ConditionTypeTeleportClient           = "TeleportClient"
)

Variables

View Source 
var Scheme = runtime.NewScheme()

Scheme is a singleton scheme for all controllers

Functions

func GetUnstructuredObjectFromGVK 

func GetUnstructuredObjectFromGVK(gvk schema.GroupVersionKind) (*unstructured.Unstructured, error)

GetUnstructuredObjectFromGVK creates a new empty unstructured object with the given Group Version and Kind.

func SetupAllControllers 

func SetupAllControllers(log logr.Logger, mgr manager.Manager, teleportClient *client.Client, features *proto.Features) error

Types

type DeleteExternal 

type DeleteExternal func(context.Context, kclient.Object) error

type Reconciler 

type Reconciler interface {
	reconcile.Reconciler
	SetupWithManager(mgr manager.Manager) error
}

Reconciler extends the reconcile.Reconciler interface by adding a SetupWithManager function that creates a controller in the given manager.

func NewAccessListReconciler 

func NewAccessListReconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)

NewAccessListReconciler instantiates a new Kubernetes controller reconciling access_list resources

func NewGithubConnectorReconciler 

func NewGithubConnectorReconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)

NewGithubConnectorReconciler instantiates a new Kubernetes controller reconciling github_connector resources

func NewLoginRuleReconciler 

func NewLoginRuleReconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)

NewLoginRuleReconciler instantiates a new Kubernetes controller reconciling login_rule resources

func NewOIDCConnectorReconciler 

func NewOIDCConnectorReconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)

NewOIDCConnectorReconciler instantiates a new Kubernetes controller reconciling oidc_connector resources

func NewOktaImportRuleReconciler 

func NewOktaImportRuleReconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)

NewOktaImportRuleReconciler instantiates a new Kubernetes controller reconciling okta_import_rule resources

func NewProvisionTokenReconciler 

func NewProvisionTokenReconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)

NewProvisionTokenReconciler instantiates a new Kubernetes controller reconciling provision token resources

func NewRoleReconciler 

func NewRoleReconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)

NewRoleReconciler instantiates a new Kubernetes controller reconciling legacy role v5 resources

func NewRoleV6Reconciler 

func NewRoleV6Reconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)

NewRoleV6Reconciler instantiates a new Kubernetes controller reconciling role v6 resources

func NewRoleV7Reconciler 

func NewRoleV7Reconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)

NewRoleV7Reconciler instantiates a new Kubernetes controller reconciling role v7 resources

func NewSAMLConnectorReconciler 

func NewSAMLConnectorReconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)

NewSAMLConnectorReconciler instantiates a new Kubernetes controller reconciling saml_connector resources

func NewUserReconciler 

func NewUserReconciler(client kclient.Client, tClient *client.Client) (Reconciler, error)

NewUserReconciler instantiates a new Kubernetes controller reconciling user resources

type ResourceBaseReconciler 

type ResourceBaseReconciler struct {
	kclient.Client
	DeleteExternal DeleteExternal
	UpsertExternal UpsertExternal
}

func (ResourceBaseReconciler) Do 

func (r ResourceBaseReconciler) Do(ctx context.Context, req ctrl.Request, obj kclient.Object) (ctrl.Result, error)

Do will receive an update request and reconcile the resource.

When an event arrives we must propagate that change into the Teleport cluster. We have two types of events: update/create and delete.

For creating/updating we check if the resource exists in Teleport - if it does, we update it - otherwise we create it Always using the state of the resource in the cluster as the source of truth.

For deleting, the recommendation is to use finalizers. Finalizers allow us to map an external resource to a kubernetes resource. So, when we create or update a resource, we add our own finalizer to the kubernetes resource list of finalizers.

For a delete event which has our finalizer: the resource is deleted in Teleport. If it doesn't have the finalizer, we do nothing.

----

Every time we update a resource in Kubernetes (adding finalizers or the OriginLabel), we end the reconciliation process. Afterwards, we receive the request again and we progress to the next step. This allow us to progress with smaller changes and avoid a long-running reconciliation.

type TeleportExistingResourceMutator 

type TeleportExistingResourceMutator[T TeleportResource] interface {
	MutateExisting(new, existing T)
}

TeleportExistingResourceMutator can be implemented by TeleportResourceClients to edit a resource before its update based on the existing one.

type TeleportKubernetesResource 

type TeleportKubernetesResource[T TeleportResource] interface {
	kclient.Object
	ToTeleport() T
	StatusConditions() *[]v1.Condition
}

TeleportKubernetesResource is a Kubernetes resource representing a Teleport resource

type TeleportResource 

type TeleportResource interface {
	GetName() string
	SetOrigin(string)
	GetMetadata() types.Metadata
	GetRevision() string
	SetRevision(string)
}

type TeleportResourceClient 

type TeleportResourceClient[T TeleportResource] interface {
	Get(context.Context, string) (T, error)
	Create(context.Context, T) error
	Update(context.Context, T) error
	Delete(context.Context, string) error
}

TeleportResourceClient is a CRUD client for a specific Teleport resource. Implementing this interface allows to be reconciled by the TeleportResourceReconciler instead of writing a new specific reconciliation loop. TeleportResourceClient implementations can optionally implement TeleportResourceMutator

type TeleportResourceMutator 

type TeleportResourceMutator[T TeleportResource] interface {
	Mutate(new T)
}

TeleportResourceMutator can be implemented by TeleportResourceClients to edit a resource before its creation/update.

type TeleportResourceReconciler 

type TeleportResourceReconciler[T TeleportResource, K TeleportKubernetesResource[T]] struct {
	ResourceBaseReconciler
	// contains filtered or unexported fields
}

TeleportResourceReconciler is a Teleport generic reconciler. It reconciles TeleportKubernetesResource with Teleport's types.ResourceWithOrigin

func NewTeleportResourceReconciler 

func NewTeleportResourceReconciler[T TeleportResource, K TeleportKubernetesResource[T]](
	client kclient.Client,
	resourceClient TeleportResourceClient[T],
) (*TeleportResourceReconciler[T, K], error)

NewTeleportResourceReconciler instanciates a TeleportResourceReconciler from a TeleportResourceClient.

func (TeleportResourceReconciler[T, K]) Delete 

func (r TeleportResourceReconciler[T, K]) Delete(ctx context.Context, obj kclient.Object) error

Delete is the TeleportResourceReconciler of the ResourceBaseReconciler DeleteExertal

func (TeleportResourceReconciler[T, K]) Reconcile 

func (r TeleportResourceReconciler[T, K]) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile allows the TeleportResourceReconciler to implement the reconcile.Reconciler interface

func (TeleportResourceReconciler[T, K]) SetupWithManager 

func (r TeleportResourceReconciler[T, K]) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager have a controllerruntime.Manager run the TeleportResourceReconciler

func (TeleportResourceReconciler[T, K]) Upsert 

func (r TeleportResourceReconciler[T, K]) Upsert(ctx context.Context, obj kclient.Object) error

Upsert is the TeleportResourceReconciler of the ResourceBaseReconciler UpsertExternal It contains the logic to check if the resource already exists, if it is owned by the operator and what to do to reconcile the Teleport resource based on the Kubernetes one.

type UpsertExternal 

type UpsertExternal func(context.Context, kclient.Object) error

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.