v1alpha1

package
v0.3.14 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 26, 2019 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var EnforcementMode_name = map[int32]string{
	0: "ENFORCED",
	1: "PERMISSIVE",
}
View Source
var EnforcementMode_value = map[string]int32{
	"ENFORCED":   0,
	"PERMISSIVE": 1,
}
View Source
var RbacConfigCrd = crd.NewCrd("rbac.istio.io",
	"rbacconfigs",
	"rbac.istio.io",
	"v1alpha1",
	"RbacConfig",
	"rbacconfig",
	false,
	&RbacConfig{})
View Source
var RbacConfig_Mode_name = map[int32]string{
	0: "OFF",
	1: "ON",
	2: "ON_WITH_INCLUSION",
	3: "ON_WITH_EXCLUSION",
}
View Source
var RbacConfig_Mode_value = map[string]int32{
	"OFF":               0,
	"ON":                1,
	"ON_WITH_INCLUSION": 2,
	"ON_WITH_EXCLUSION": 3,
}
View Source
var ServiceRoleBindingCrd = crd.NewCrd("rbac.istio.io",
	"servicerolebindings",
	"rbac.istio.io",
	"v1alpha1",
	"ServiceRoleBinding",
	"servicerolebinding",
	false,
	&ServiceRoleBinding{})
View Source
var ServiceRoleCrd = crd.NewCrd("rbac.istio.io",
	"serviceroles",
	"rbac.istio.io",
	"v1alpha1",
	"ServiceRole",
	"servicerole",
	false,
	&ServiceRole{})

Functions

This section is empty.

Types

type AccessRule

type AccessRule struct {
	// Required. A list of service names.
	// Exact match, prefix match, and suffix match are supported for service names.
	// For example, the service name "bookstore.mtv.cluster.local" matches
	// "bookstore.mtv.cluster.local" (exact match), or "bookstore*" (prefix match),
	// or "*.mtv.cluster.local" (suffix match).
	// If set to ["*"], it refers to all services in the namespace.
	Services []string `protobuf:"bytes,1,rep,name=services,proto3" json:"services,omitempty"`
	// Optional. A list of HTTP paths or gRPC methods.
	// gRPC methods must be presented as fully-qualified name in the form of
	// "/packageName.serviceName/methodName" and are case sensitive.
	// Exact match, prefix match, and suffix match are supported for paths.
	// For example, the path "/books/review" matches
	// "/books/review" (exact match), or "/books/*" (prefix match),
	// or "*/review" (suffix match).
	// If not specified, it applies to any path.
	Paths []string `protobuf:"bytes,2,rep,name=paths,proto3" json:"paths,omitempty"`
	// Optional. A list of HTTP methods (e.g., "GET", "POST").
	// It is ignored in gRPC case because the value is always "POST".
	// If set to ["*"] or not specified, it applies to any method.
	Methods []string `protobuf:"bytes,3,rep,name=methods,proto3" json:"methods,omitempty"`
	// Optional. Extra constraints in the ServiceRole specification.
	// The above ServiceRole example shows an example of constraint "version".
	Constraints          []*AccessRule_Constraint `protobuf:"bytes,4,rep,name=constraints,proto3" json:"constraints,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                 `json:"-"`
	XXX_unrecognized     []byte                   `json:"-"`
	XXX_sizecache        int32                    `json:"-"`
}

AccessRule defines a permission to access a list of services.

func (*AccessRule) Descriptor

func (*AccessRule) Descriptor() ([]byte, []int)

func (*AccessRule) Equal

func (this *AccessRule) Equal(that interface{}) bool

func (*AccessRule) GetConstraints

func (m *AccessRule) GetConstraints() []*AccessRule_Constraint

func (*AccessRule) GetMethods

func (m *AccessRule) GetMethods() []string

func (*AccessRule) GetPaths

func (m *AccessRule) GetPaths() []string

func (*AccessRule) GetServices

func (m *AccessRule) GetServices() []string

func (*AccessRule) ProtoMessage

func (*AccessRule) ProtoMessage()

func (*AccessRule) Reset

func (m *AccessRule) Reset()

func (*AccessRule) String

func (m *AccessRule) String() string

func (*AccessRule) XXX_DiscardUnknown

func (m *AccessRule) XXX_DiscardUnknown()

func (*AccessRule) XXX_Marshal

func (m *AccessRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AccessRule) XXX_Merge

func (m *AccessRule) XXX_Merge(src proto.Message)

func (*AccessRule) XXX_Size

func (m *AccessRule) XXX_Size() int

func (*AccessRule) XXX_Unmarshal

func (m *AccessRule) XXX_Unmarshal(b []byte) error

type AccessRule_Constraint

type AccessRule_Constraint struct {
	// Key of the constraint.
	Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
	// List of valid values for the constraint.
	// Exact match, prefix match, and suffix match are supported for constraint values.
	// For example, the value "v1alpha2" matches
	// "v1alpha2" (exact match), or "v1*" (prefix match),
	// or "*alpha2" (suffix match).
	Values               []string `protobuf:"bytes,2,rep,name=values,proto3" json:"values,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Definition of a custom constraint. The supported keys are listed in the "constraint and properties" page.

func (*AccessRule_Constraint) Descriptor

func (*AccessRule_Constraint) Descriptor() ([]byte, []int)

func (*AccessRule_Constraint) Equal

func (this *AccessRule_Constraint) Equal(that interface{}) bool

func (*AccessRule_Constraint) GetKey

func (m *AccessRule_Constraint) GetKey() string

func (*AccessRule_Constraint) GetValues

func (m *AccessRule_Constraint) GetValues() []string

func (*AccessRule_Constraint) ProtoMessage

func (*AccessRule_Constraint) ProtoMessage()

func (*AccessRule_Constraint) Reset

func (m *AccessRule_Constraint) Reset()

func (*AccessRule_Constraint) String

func (m *AccessRule_Constraint) String() string

func (*AccessRule_Constraint) XXX_DiscardUnknown

func (m *AccessRule_Constraint) XXX_DiscardUnknown()

func (*AccessRule_Constraint) XXX_Marshal

func (m *AccessRule_Constraint) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AccessRule_Constraint) XXX_Merge

func (m *AccessRule_Constraint) XXX_Merge(src proto.Message)

func (*AccessRule_Constraint) XXX_Size

func (m *AccessRule_Constraint) XXX_Size() int

func (*AccessRule_Constraint) XXX_Unmarshal

func (m *AccessRule_Constraint) XXX_Unmarshal(b []byte) error

type EnforcementMode

type EnforcementMode int32

$hide_from_docs RBAC ServiceRoleBinding enforcement mode, used to verify new ServiceRoleBinding configs work as expected before rolling to production. RBAC engine only logs results from configs that are in permissive mode, and discards result before returning to the user.

const (
	// Policy in ENFORCED mode has impact on user experience.
	// Policy is in ENFORCED mode by default.
	EnforcementMode_ENFORCED EnforcementMode = 0
	// Policy in PERMISSIVE mode isn't enforced and has no impact on users.
	// RBAC engine run policies in PERMISSIVE mode and logs stats.
	EnforcementMode_PERMISSIVE EnforcementMode = 1
)

func (EnforcementMode) EnumDescriptor

func (EnforcementMode) EnumDescriptor() ([]byte, []int)

func (EnforcementMode) String

func (x EnforcementMode) String() string

type RbacConfig

type RbacConfig struct {
	// Status indicates the validation status of this resource.
	// Status is read-only by clients, and set by supergloo during validation
	Status core.Status `protobuf:"bytes,100,opt,name=status,proto3" json:"status" testdiff:"ignore"`
	// Metadata contains the object metadata for this resource
	Metadata core.Metadata `protobuf:"bytes,101,opt,name=metadata,proto3" json:"metadata"`
	// Istio RBAC mode.
	Mode RbacConfig_Mode `protobuf:"varint,1,opt,name=mode,proto3,enum=istio.rbac.v1alpha1.RbacConfig_Mode" json:"mode,omitempty"`
	// A list of services or namespaces that should be enforced by Istio RBAC policies. Note: This field have
	// effect only when mode is ON_WITH_INCLUSION and will be ignored for any other modes.
	Inclusion *RbacConfig_Target `protobuf:"bytes,2,opt,name=inclusion,proto3" json:"inclusion,omitempty"`
	// A list of services or namespaces that should not be enforced by Istio RBAC policies. Note: This field have
	// effect only when mode is ON_WITH_EXCLUSION and will be ignored for any other modes.
	Exclusion *RbacConfig_Target `protobuf:"bytes,3,opt,name=exclusion,proto3" json:"exclusion,omitempty"`
	// $hide_from_docs
	// Indicates enforcement mode of the RbacConfig, in ENFORCED mode by default.
	// It's used to verify new RbacConfig work as expected before rolling to production.
	// When setting as PERMISSIVE, RBAC isn't enforced and has no impact on users.
	// RBAC engine run RbacConfig in PERMISSIVE mode and logs stats.
	// Invalid to set RbacConfig in PERMISSIVE and ServiceRoleBinding in ENFORCED mode.
	EnforcementMode      EnforcementMode `` /* 148-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
	XXX_unrecognized     []byte          `json:"-"`
	XXX_sizecache        int32           `json:"-"`
}

RbacConfig defines the global config to control Istio RBAC behavior. This Custom Resource is a singleton where only one Custom Resource should be created globally in the mesh and the namespace should be the same to other Istio components, which usually is istio-system. Note: This is enforced in both istioctl and server side, new Custom Resource will be rejected if found any existing one, the user should either delete the existing one or change the existing one directly.

Below is an example of RbacConfig object "istio-rbac-config" which enables Istio RBAC for all services in the default namespace.

```yaml apiVersion: "rbac.istio.io/v1alpha1" kind: RbacConfig metadata:

name: default
namespace: istio-system

spec:

mode: ON_WITH_INCLUSION
inclusion:
  namespaces: [ "default" ]

```

func NewRbacConfig

func NewRbacConfig(namespace, name string) *RbacConfig

func (*RbacConfig) DeepCopyObject

func (o *RbacConfig) DeepCopyObject() runtime.Object

func (*RbacConfig) Descriptor

func (*RbacConfig) Descriptor() ([]byte, []int)

func (*RbacConfig) Equal

func (this *RbacConfig) Equal(that interface{}) bool

func (*RbacConfig) GetEnforcementMode

func (m *RbacConfig) GetEnforcementMode() EnforcementMode

func (*RbacConfig) GetExclusion

func (m *RbacConfig) GetExclusion() *RbacConfig_Target

func (*RbacConfig) GetInclusion

func (m *RbacConfig) GetInclusion() *RbacConfig_Target

func (*RbacConfig) GetMetadata

func (m *RbacConfig) GetMetadata() core.Metadata

func (*RbacConfig) GetMode

func (m *RbacConfig) GetMode() RbacConfig_Mode

func (*RbacConfig) GetObjectKind

func (o *RbacConfig) GetObjectKind() schema.ObjectKind

func (*RbacConfig) GetStatus

func (m *RbacConfig) GetStatus() core.Status

func (*RbacConfig) Hash

func (r *RbacConfig) Hash() uint64

func (*RbacConfig) ProtoMessage

func (*RbacConfig) ProtoMessage()

func (*RbacConfig) Reset

func (m *RbacConfig) Reset()

func (*RbacConfig) SetMetadata

func (r *RbacConfig) SetMetadata(meta core.Metadata)

func (*RbacConfig) SetStatus

func (r *RbacConfig) SetStatus(status core.Status)

func (*RbacConfig) String

func (m *RbacConfig) String() string

func (*RbacConfig) XXX_DiscardUnknown

func (m *RbacConfig) XXX_DiscardUnknown()

func (*RbacConfig) XXX_Marshal

func (m *RbacConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RbacConfig) XXX_Merge

func (m *RbacConfig) XXX_Merge(src proto.Message)

func (*RbacConfig) XXX_Size

func (m *RbacConfig) XXX_Size() int

func (*RbacConfig) XXX_Unmarshal

func (m *RbacConfig) XXX_Unmarshal(b []byte) error

type RbacConfigClient

type RbacConfigClient interface {
	BaseClient() clients.ResourceClient
	Register() error
	Read(namespace, name string, opts clients.ReadOpts) (*RbacConfig, error)
	Write(resource *RbacConfig, opts clients.WriteOpts) (*RbacConfig, error)
	Delete(namespace, name string, opts clients.DeleteOpts) error
	List(namespace string, opts clients.ListOpts) (RbacConfigList, error)
	Watch(namespace string, opts clients.WatchOpts) (<-chan RbacConfigList, <-chan error, error)
}

func NewRbacConfigClient

func NewRbacConfigClient(rcFactory factory.ResourceClientFactory) (RbacConfigClient, error)

func NewRbacConfigClientWithBase

func NewRbacConfigClientWithBase(rc clients.ResourceClient) RbacConfigClient

func NewRbacConfigClientWithToken

func NewRbacConfigClientWithToken(rcFactory factory.ResourceClientFactory, token string) (RbacConfigClient, error)

type RbacConfigList

type RbacConfigList []*RbacConfig

func (RbacConfigList) AsInputResources

func (list RbacConfigList) AsInputResources() resources.InputResourceList

func (RbacConfigList) AsInterfaces

func (list RbacConfigList) AsInterfaces() []interface{}

func (RbacConfigList) AsResources

func (list RbacConfigList) AsResources() resources.ResourceList

func (RbacConfigList) Clone

func (list RbacConfigList) Clone() RbacConfigList

func (RbacConfigList) Each

func (list RbacConfigList) Each(f func(element *RbacConfig))

func (RbacConfigList) Find

func (list RbacConfigList) Find(namespace, name string) (*RbacConfig, error)

namespace is optional, if left empty, names can collide if the list contains more than one with the same name

func (RbacConfigList) Names

func (list RbacConfigList) Names() []string

func (RbacConfigList) NamespacesDotNames

func (list RbacConfigList) NamespacesDotNames() []string

func (RbacConfigList) Sort

func (list RbacConfigList) Sort() RbacConfigList

type RbacConfigReconciler

type RbacConfigReconciler interface {
	Reconcile(namespace string, desiredResources RbacConfigList, transition TransitionRbacConfigFunc, opts clients.ListOpts) error
}

func NewRbacConfigReconciler

func NewRbacConfigReconciler(client RbacConfigClient) RbacConfigReconciler

type RbacConfig_Mode

type RbacConfig_Mode int32
const (
	// Disable Istio RBAC completely, any other config in RbacConfig will be ignored and Istio RBAC policies
	// will not be enforced.
	RbacConfig_OFF RbacConfig_Mode = 0
	// Enable Istio RBAC for all services and namespaces.
	RbacConfig_ON RbacConfig_Mode = 1
	// Enable Istio RBAC only for services and namespaces specified in the inclusion field. Any other
	// services and namespaces not in the inclusion field will not be enforced by Istio RBAC policies.
	RbacConfig_ON_WITH_INCLUSION RbacConfig_Mode = 2
	// Enable Istio RBAC for all services and namespaces except those specified in the exclusion field. Any other
	// services and namespaces not in the exclusion field will be enforced by Istio RBAC policies.
	RbacConfig_ON_WITH_EXCLUSION RbacConfig_Mode = 3
)

func (RbacConfig_Mode) EnumDescriptor

func (RbacConfig_Mode) EnumDescriptor() ([]byte, []int)

func (RbacConfig_Mode) String

func (x RbacConfig_Mode) String() string

type RbacConfig_Target

type RbacConfig_Target struct {
	// A list of services.
	Services []string `protobuf:"bytes,1,rep,name=services,proto3" json:"services,omitempty"`
	// A list of namespaces.
	Namespaces           []string `protobuf:"bytes,2,rep,name=namespaces,proto3" json:"namespaces,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Target defines a list of services or namespaces.

func (*RbacConfig_Target) Descriptor

func (*RbacConfig_Target) Descriptor() ([]byte, []int)

func (*RbacConfig_Target) Equal

func (this *RbacConfig_Target) Equal(that interface{}) bool

func (*RbacConfig_Target) GetNamespaces

func (m *RbacConfig_Target) GetNamespaces() []string

func (*RbacConfig_Target) GetServices

func (m *RbacConfig_Target) GetServices() []string

func (*RbacConfig_Target) ProtoMessage

func (*RbacConfig_Target) ProtoMessage()

func (*RbacConfig_Target) Reset

func (m *RbacConfig_Target) Reset()

func (*RbacConfig_Target) String

func (m *RbacConfig_Target) String() string

func (*RbacConfig_Target) XXX_DiscardUnknown

func (m *RbacConfig_Target) XXX_DiscardUnknown()

func (*RbacConfig_Target) XXX_Marshal

func (m *RbacConfig_Target) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RbacConfig_Target) XXX_Merge

func (m *RbacConfig_Target) XXX_Merge(src proto.Message)

func (*RbacConfig_Target) XXX_Size

func (m *RbacConfig_Target) XXX_Size() int

func (*RbacConfig_Target) XXX_Unmarshal

func (m *RbacConfig_Target) XXX_Unmarshal(b []byte) error

type RbacconfigsByNamespace

type RbacconfigsByNamespace map[string]RbacConfigList

func (RbacconfigsByNamespace) Add

func (byNamespace RbacconfigsByNamespace) Add(rbacConfig ...*RbacConfig)

func (RbacconfigsByNamespace) Clear

func (byNamespace RbacconfigsByNamespace) Clear(namespace string)

func (RbacconfigsByNamespace) Clone

func (byNamespace RbacconfigsByNamespace) Clone() RbacconfigsByNamespace

func (RbacconfigsByNamespace) List

func (byNamespace RbacconfigsByNamespace) List() RbacConfigList

type RoleRef

type RoleRef struct {
	// Required. The type of the role being referenced.
	// Currently, "ServiceRole" is the only supported value for "kind".
	Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"`
	// Required. The name of the ServiceRole object being referenced.
	// The ServiceRole object must be in the same namespace as the ServiceRoleBinding
	// object.
	Name                 string   `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

RoleRef refers to a role object.

func (*RoleRef) Descriptor

func (*RoleRef) Descriptor() ([]byte, []int)

func (*RoleRef) Equal

func (this *RoleRef) Equal(that interface{}) bool

func (*RoleRef) GetKind

func (m *RoleRef) GetKind() string

func (*RoleRef) GetName

func (m *RoleRef) GetName() string

func (*RoleRef) ProtoMessage

func (*RoleRef) ProtoMessage()

func (*RoleRef) Reset

func (m *RoleRef) Reset()

func (*RoleRef) String

func (m *RoleRef) String() string

func (*RoleRef) XXX_DiscardUnknown

func (m *RoleRef) XXX_DiscardUnknown()

func (*RoleRef) XXX_Marshal

func (m *RoleRef) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RoleRef) XXX_Merge

func (m *RoleRef) XXX_Merge(src proto.Message)

func (*RoleRef) XXX_Size

func (m *RoleRef) XXX_Size() int

func (*RoleRef) XXX_Unmarshal

func (m *RoleRef) XXX_Unmarshal(b []byte) error

type ServiceRole

type ServiceRole struct {
	// Status indicates the validation status of this resource.
	// Status is read-only by clients, and set by supergloo during validation
	Status core.Status `protobuf:"bytes,100,opt,name=status,proto3" json:"status" testdiff:"ignore"`
	// Metadata contains the object metadata for this resource
	Metadata core.Metadata `protobuf:"bytes,101,opt,name=metadata,proto3" json:"metadata"`
	// Required. The set of access rules (permissions) that the role has.
	Rules                []*AccessRule `protobuf:"bytes,1,rep,name=rules,proto3" json:"rules,omitempty"`
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

ServiceRole specification contains a list of access rules (permissions). This represent the "Spec" part of the ServiceRole object. The name and namespace of the ServiceRole is specified in "metadata" section of the ServiceRole object.

func NewServiceRole

func NewServiceRole(namespace, name string) *ServiceRole

func (*ServiceRole) DeepCopyObject

func (o *ServiceRole) DeepCopyObject() runtime.Object

func (*ServiceRole) Descriptor

func (*ServiceRole) Descriptor() ([]byte, []int)

func (*ServiceRole) Equal

func (this *ServiceRole) Equal(that interface{}) bool

func (*ServiceRole) GetMetadata

func (m *ServiceRole) GetMetadata() core.Metadata

func (*ServiceRole) GetObjectKind

func (o *ServiceRole) GetObjectKind() schema.ObjectKind

func (*ServiceRole) GetRules

func (m *ServiceRole) GetRules() []*AccessRule

func (*ServiceRole) GetStatus

func (m *ServiceRole) GetStatus() core.Status

func (*ServiceRole) Hash

func (r *ServiceRole) Hash() uint64

func (*ServiceRole) ProtoMessage

func (*ServiceRole) ProtoMessage()

func (*ServiceRole) Reset

func (m *ServiceRole) Reset()

func (*ServiceRole) SetMetadata

func (r *ServiceRole) SetMetadata(meta core.Metadata)

func (*ServiceRole) SetStatus

func (r *ServiceRole) SetStatus(status core.Status)

func (*ServiceRole) String

func (m *ServiceRole) String() string

func (*ServiceRole) XXX_DiscardUnknown

func (m *ServiceRole) XXX_DiscardUnknown()

func (*ServiceRole) XXX_Marshal

func (m *ServiceRole) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ServiceRole) XXX_Merge

func (m *ServiceRole) XXX_Merge(src proto.Message)

func (*ServiceRole) XXX_Size

func (m *ServiceRole) XXX_Size() int

func (*ServiceRole) XXX_Unmarshal

func (m *ServiceRole) XXX_Unmarshal(b []byte) error

type ServiceRoleBinding

type ServiceRoleBinding struct {
	// Status indicates the validation status of this resource.
	// Status is read-only by clients, and set by supergloo during validation
	Status core.Status `protobuf:"bytes,100,opt,name=status,proto3" json:"status" testdiff:"ignore"`
	// Metadata contains the object metadata for this resource
	Metadata core.Metadata `protobuf:"bytes,101,opt,name=metadata,proto3" json:"metadata"`
	// Required. List of subjects that are assigned the ServiceRole object.
	Subjects []*Subject `protobuf:"bytes,1,rep,name=subjects,proto3" json:"subjects,omitempty"`
	// Required. Reference to the ServiceRole object.
	RoleRef *RoleRef `protobuf:"bytes,2,opt,name=roleRef,proto3" json:"roleRef,omitempty"`
	// $hide_from_docs
	// Indicates enforcement mode of the ServiceRoleBinding.
	Mode                 EnforcementMode `protobuf:"varint,3,opt,name=mode,proto3,enum=istio.rbac.v1alpha1.EnforcementMode" json:"mode,omitempty"`
	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
	XXX_unrecognized     []byte          `json:"-"`
	XXX_sizecache        int32           `json:"-"`
}

ServiceRoleBinding assigns a ServiceRole to a list of subjects. This represents the "Spec" part of the ServiceRoleBinding object. The name and namespace of the ServiceRoleBinding is specified in "metadata" section of the ServiceRoleBinding object.

func NewServiceRoleBinding

func NewServiceRoleBinding(namespace, name string) *ServiceRoleBinding

func (*ServiceRoleBinding) DeepCopyObject

func (o *ServiceRoleBinding) DeepCopyObject() runtime.Object

func (*ServiceRoleBinding) Descriptor

func (*ServiceRoleBinding) Descriptor() ([]byte, []int)

func (*ServiceRoleBinding) Equal

func (this *ServiceRoleBinding) Equal(that interface{}) bool

func (*ServiceRoleBinding) GetMetadata

func (m *ServiceRoleBinding) GetMetadata() core.Metadata

func (*ServiceRoleBinding) GetMode

func (m *ServiceRoleBinding) GetMode() EnforcementMode

func (*ServiceRoleBinding) GetObjectKind

func (o *ServiceRoleBinding) GetObjectKind() schema.ObjectKind

func (*ServiceRoleBinding) GetRoleRef

func (m *ServiceRoleBinding) GetRoleRef() *RoleRef

func (*ServiceRoleBinding) GetStatus

func (m *ServiceRoleBinding) GetStatus() core.Status

func (*ServiceRoleBinding) GetSubjects

func (m *ServiceRoleBinding) GetSubjects() []*Subject

func (*ServiceRoleBinding) Hash

func (r *ServiceRoleBinding) Hash() uint64

func (*ServiceRoleBinding) ProtoMessage

func (*ServiceRoleBinding) ProtoMessage()

func (*ServiceRoleBinding) Reset

func (m *ServiceRoleBinding) Reset()

func (*ServiceRoleBinding) SetMetadata

func (r *ServiceRoleBinding) SetMetadata(meta core.Metadata)

func (*ServiceRoleBinding) SetStatus

func (r *ServiceRoleBinding) SetStatus(status core.Status)

func (*ServiceRoleBinding) String

func (m *ServiceRoleBinding) String() string

func (*ServiceRoleBinding) XXX_DiscardUnknown

func (m *ServiceRoleBinding) XXX_DiscardUnknown()

func (*ServiceRoleBinding) XXX_Marshal

func (m *ServiceRoleBinding) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ServiceRoleBinding) XXX_Merge

func (m *ServiceRoleBinding) XXX_Merge(src proto.Message)

func (*ServiceRoleBinding) XXX_Size

func (m *ServiceRoleBinding) XXX_Size() int

func (*ServiceRoleBinding) XXX_Unmarshal

func (m *ServiceRoleBinding) XXX_Unmarshal(b []byte) error

type ServiceRoleBindingClient

type ServiceRoleBindingClient interface {
	BaseClient() clients.ResourceClient
	Register() error
	Read(namespace, name string, opts clients.ReadOpts) (*ServiceRoleBinding, error)
	Write(resource *ServiceRoleBinding, opts clients.WriteOpts) (*ServiceRoleBinding, error)
	Delete(namespace, name string, opts clients.DeleteOpts) error
	List(namespace string, opts clients.ListOpts) (ServiceRoleBindingList, error)
	Watch(namespace string, opts clients.WatchOpts) (<-chan ServiceRoleBindingList, <-chan error, error)
}

func NewServiceRoleBindingClient

func NewServiceRoleBindingClient(rcFactory factory.ResourceClientFactory) (ServiceRoleBindingClient, error)

func NewServiceRoleBindingClientWithBase

func NewServiceRoleBindingClientWithBase(rc clients.ResourceClient) ServiceRoleBindingClient

func NewServiceRoleBindingClientWithToken

func NewServiceRoleBindingClientWithToken(rcFactory factory.ResourceClientFactory, token string) (ServiceRoleBindingClient, error)

type ServiceRoleBindingList

type ServiceRoleBindingList []*ServiceRoleBinding

func (ServiceRoleBindingList) AsInputResources

func (list ServiceRoleBindingList) AsInputResources() resources.InputResourceList

func (ServiceRoleBindingList) AsInterfaces

func (list ServiceRoleBindingList) AsInterfaces() []interface{}

func (ServiceRoleBindingList) AsResources

func (list ServiceRoleBindingList) AsResources() resources.ResourceList

func (ServiceRoleBindingList) Clone

func (ServiceRoleBindingList) Each

func (list ServiceRoleBindingList) Each(f func(element *ServiceRoleBinding))

func (ServiceRoleBindingList) Find

func (list ServiceRoleBindingList) Find(namespace, name string) (*ServiceRoleBinding, error)

namespace is optional, if left empty, names can collide if the list contains more than one with the same name

func (ServiceRoleBindingList) Names

func (list ServiceRoleBindingList) Names() []string

func (ServiceRoleBindingList) NamespacesDotNames

func (list ServiceRoleBindingList) NamespacesDotNames() []string

func (ServiceRoleBindingList) Sort

type ServiceRoleBindingReconciler

type ServiceRoleBindingReconciler interface {
	Reconcile(namespace string, desiredResources ServiceRoleBindingList, transition TransitionServiceRoleBindingFunc, opts clients.ListOpts) error
}

type ServiceRoleClient

type ServiceRoleClient interface {
	BaseClient() clients.ResourceClient
	Register() error
	Read(namespace, name string, opts clients.ReadOpts) (*ServiceRole, error)
	Write(resource *ServiceRole, opts clients.WriteOpts) (*ServiceRole, error)
	Delete(namespace, name string, opts clients.DeleteOpts) error
	List(namespace string, opts clients.ListOpts) (ServiceRoleList, error)
	Watch(namespace string, opts clients.WatchOpts) (<-chan ServiceRoleList, <-chan error, error)
}

func NewServiceRoleClient

func NewServiceRoleClient(rcFactory factory.ResourceClientFactory) (ServiceRoleClient, error)

func NewServiceRoleClientWithBase

func NewServiceRoleClientWithBase(rc clients.ResourceClient) ServiceRoleClient

func NewServiceRoleClientWithToken

func NewServiceRoleClientWithToken(rcFactory factory.ResourceClientFactory, token string) (ServiceRoleClient, error)

type ServiceRoleList

type ServiceRoleList []*ServiceRole

func (ServiceRoleList) AsInputResources

func (list ServiceRoleList) AsInputResources() resources.InputResourceList

func (ServiceRoleList) AsInterfaces

func (list ServiceRoleList) AsInterfaces() []interface{}

func (ServiceRoleList) AsResources

func (list ServiceRoleList) AsResources() resources.ResourceList

func (ServiceRoleList) Clone

func (list ServiceRoleList) Clone() ServiceRoleList

func (ServiceRoleList) Each

func (list ServiceRoleList) Each(f func(element *ServiceRole))

func (ServiceRoleList) Find

func (list ServiceRoleList) Find(namespace, name string) (*ServiceRole, error)

namespace is optional, if left empty, names can collide if the list contains more than one with the same name

func (ServiceRoleList) Names

func (list ServiceRoleList) Names() []string

func (ServiceRoleList) NamespacesDotNames

func (list ServiceRoleList) NamespacesDotNames() []string

func (ServiceRoleList) Sort

func (list ServiceRoleList) Sort() ServiceRoleList

type ServiceRoleReconciler

type ServiceRoleReconciler interface {
	Reconcile(namespace string, desiredResources ServiceRoleList, transition TransitionServiceRoleFunc, opts clients.ListOpts) error
}

func NewServiceRoleReconciler

func NewServiceRoleReconciler(client ServiceRoleClient) ServiceRoleReconciler

type ServicerolebindingsByNamespace

type ServicerolebindingsByNamespace map[string]ServiceRoleBindingList

func (ServicerolebindingsByNamespace) Add

func (byNamespace ServicerolebindingsByNamespace) Add(serviceRoleBinding ...*ServiceRoleBinding)

func (ServicerolebindingsByNamespace) Clear

func (byNamespace ServicerolebindingsByNamespace) Clear(namespace string)

func (ServicerolebindingsByNamespace) Clone

func (ServicerolebindingsByNamespace) List

type ServicerolesByNamespace

type ServicerolesByNamespace map[string]ServiceRoleList

func (ServicerolesByNamespace) Add

func (byNamespace ServicerolesByNamespace) Add(serviceRole ...*ServiceRole)

func (ServicerolesByNamespace) Clear

func (byNamespace ServicerolesByNamespace) Clear(namespace string)

func (ServicerolesByNamespace) Clone

func (ServicerolesByNamespace) List

func (byNamespace ServicerolesByNamespace) List() ServiceRoleList

type Subject

type Subject struct {
	// Optional. The user name/ID that the subject represents.
	User string `protobuf:"bytes,1,opt,name=user,proto3" json:"user,omitempty"`
	// $hide_from_docs
	// Optional. The group that the subject belongs to.
	Group string `protobuf:"bytes,2,opt,name=group,proto3" json:"group,omitempty"`
	// Optional. The set of properties that identify the subject.
	// The above ServiceRoleBinding example shows an example of property "source.namespace".
	Properties           map[string]string `` /* 161-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

Subject defines an identity. The identity is either a user or identified by a set of `properties`. The supported keys in `properties` are listed in "constraint and properties" page.

func (*Subject) Descriptor

func (*Subject) Descriptor() ([]byte, []int)

func (*Subject) Equal

func (this *Subject) Equal(that interface{}) bool

func (*Subject) GetGroup

func (m *Subject) GetGroup() string

func (*Subject) GetProperties

func (m *Subject) GetProperties() map[string]string

func (*Subject) GetUser

func (m *Subject) GetUser() string

func (*Subject) ProtoMessage

func (*Subject) ProtoMessage()

func (*Subject) Reset

func (m *Subject) Reset()

func (*Subject) String

func (m *Subject) String() string

func (*Subject) XXX_DiscardUnknown

func (m *Subject) XXX_DiscardUnknown()

func (*Subject) XXX_Marshal

func (m *Subject) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Subject) XXX_Merge

func (m *Subject) XXX_Merge(src proto.Message)

func (*Subject) XXX_Size

func (m *Subject) XXX_Size() int

func (*Subject) XXX_Unmarshal

func (m *Subject) XXX_Unmarshal(b []byte) error

type TransitionRbacConfigFunc

type TransitionRbacConfigFunc func(original, desired *RbacConfig) (bool, error)

Option to copy anything from the original to the desired before writing. Return value of false means don't update

type TransitionServiceRoleBindingFunc

type TransitionServiceRoleBindingFunc func(original, desired *ServiceRoleBinding) (bool, error)

Option to copy anything from the original to the desired before writing. Return value of false means don't update

type TransitionServiceRoleFunc

type TransitionServiceRoleFunc func(original, desired *ServiceRole) (bool, error)

Option to copy anything from the original to the desired before writing. Return value of false means don't update

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL