Documentation ¶
Index ¶
- Constants
- Variables
- func Authn(perm string, w http.ResponseWriter, r *http.Request) (string, error)
- func BasicAuthCheck(username, password string) bool
- func BasicAuthzCheck(username, perm string) bool
- func ConnectToKube()
- func CreateRMDataTask(clusterName, replicaName, taskName string, ...) error
- func FindStandbyClusters(clusterList crv1.PgclusterList) (standbyClusters []string)
- func GetBackrestStorageTypes() []string
- func GetContainerResourcesJSON(resources *crv1.PgContainerResources) string
- func GetNamespace(clientset *kubernetes.Clientset, username, requestedNS string) (string, error)
- func GetPVCName(pod *v1.Pod) map[string]string
- func Initialize()
- func InitializePerms()
- func IsValidContainerResource(name string) bool
- func IsValidContainerResourceValues() bool
- func IsValidNodeLabel(key, value string) (bool, bool, error)
- func IsValidPVC(pvcName, ns string) bool
- func IsValidStorageName(name string) bool
- func NewCertEnforcer(reqRoutes []string) (*certEnforcer, error)
- func PGClusterListHasStandby(clusterList crv1.PgclusterList) (bool, []string)
- func UserIsPermittedInNamespace(username, requestedNS string) (bool, bool)
- func ValidateNodeLabel(nodeLabel string) error
- func ValidateQuantity(quantity string) error
- func WriteTLSCert(certPath, keyPath string) error
- type CredentialDetail
- type ReplicaPodStatus
Constants ¶
const ( // ErrMessageCPURequest provides a standard error message when a CPURequest // is not specified to the Kubernetes sstandard ErrMessageCPURequest = `could not parse CPU request "%s":%s (hint: try a value like "1" or "100m")` // ErrMessageMemoryRequest provides a standard error message when a MemoryRequest // is not specified to the Kubernetes sstandard ErrMessageMemoryRequest = `could not parse memory request "%s":%s (hint: try a value like "1Gi")` // ErrMessagePVCSize provides a standard error message when a PVCSize is not // specified to the Kubernetes stnadard ErrMessagePVCSize = `could not parse PVC size "%s": %s (hint: try a value like "1Gi")` )
const ( // MISC APPLY_POLICY_PERM = "ApplyPolicy" CAT_PERM = "Cat" CLONE_PERM = "Clone" DF_CLUSTER_PERM = "DfCluster" LABEL_PERM = "Label" LOAD_PERM = "Load" RELOAD_PERM = "Reload" RESTORE_PERM = "Restore" STATUS_PERM = "Status" TEST_CLUSTER_PERM = "TestCluster" VERSION_PERM = "Version" // CREATE CREATE_BACKUP_PERM = "CreateBackup" CREATE_CLUSTER_PERM = "CreateCluster" CREATE_DUMP_PERM = "CreateDump" CREATE_FAILOVER_PERM = "CreateFailover" CREATE_INGEST_PERM = "CreateIngest" CREATE_NAMESPACE_PERM = "CreateNamespace" CREATE_PGBOUNCER_PERM = "CreatePgbouncer" CREATE_PGOUSER_PERM = "CreatePgouser" CREATE_PGOROLE_PERM = "CreatePgorole" CREATE_POLICY_PERM = "CreatePolicy" CREATE_SCHEDULE_PERM = "CreateSchedule" CREATE_UPGRADE_PERM = "CreateUpgrade" CREATE_USER_PERM = "CreateUser" // RESTORE RESTORE_DUMP_PERM = "RestoreDump" // DELETE DELETE_BACKUP_PERM = "DeleteBackup" DELETE_CLUSTER_PERM = "DeleteCluster" DELETE_INGEST_PERM = "DeleteIngest" DELETE_NAMESPACE_PERM = "DeleteNamespace" DELETE_PGBOUNCER_PERM = "DeletePgbouncer" DELETE_PGOROLE_PERM = "DeletePgorole" DELETE_PGOUSER_PERM = "DeletePgouser" DELETE_POLICY_PERM = "DeletePolicy" DELETE_SCHEDULE_PERM = "DeleteSchedule" DELETE_USER_PERM = "DeleteUser" // SHOW SHOW_BACKUP_PERM = "ShowBackup" SHOW_CLUSTER_PERM = "ShowCluster" SHOW_CONFIG_PERM = "ShowConfig" SHOW_INGEST_PERM = "ShowIngest" SHOW_NAMESPACE_PERM = "ShowNamespace" SHOW_PGBOUNCER_PERM = "ShowPgBouncer" SHOW_PGOROLE_PERM = "ShowPgorole" SHOW_PGOUSER_PERM = "ShowPgouser" SHOW_POLICY_PERM = "ShowPolicy" SHOW_PVC_PERM = "ShowPVC" SHOW_SCHEDULE_PERM = "ShowSchedule" SHOW_SECRETS_PERM = "ShowSecrets" SHOW_SYSTEM_ACCOUNTS_PERM = "ShowSystemAccounts" SHOW_USER_PERM = "ShowUser" SHOW_WORKFLOW_PERM = "ShowWorkflow" // SCALE SCALE_CLUSTER_PERM = "ScaleCluster" // UPDATE UPDATE_CLUSTER_PERM = "UpdateCluster" UPDATE_NAMESPACE_PERM = "UpdateNamespace" UPDATE_PGBOUNCER_PERM = "UpdatePgBouncer" UPDATE_PGOROLE_PERM = "UpdatePgorole" UPDATE_PGOUSER_PERM = "UpdatePgouser" UPDATE_USER_PERM = "UpdateUser" )
The below constants contains the "apiserver RBAC permissions" -- this was reorganized to make it...slightly more organized as we continue to evole the system
const PGOSecretName = "pgo.tls"
const TreeBranch = "├── "
TreeBranch is for debugging only in this context
const TreeTrunk = "└── "
TreeTrunk is for debugging only in this context
const VERSION_MISMATCH_ERROR = "pgo client and server version mismatch"
Variables ¶
var ( // ErrDBContainerNotFound is an error that indicates that a "database" container // could not be found in a specific pod ErrDBContainerNotFound = errors.New("\"database\" container not found in pod") // ErrStandbyNotAllowed contains the error message returned when an API call is not // permitted because it involves a cluster that is in standby mode ErrStandbyNotAllowed = errors.New("Action not permitted because standby mode is enabled") )
var AuditFlag bool
AuditFlag if set to true will cause auditing to occur in the logs
var BasicAuth bool
BasicAuth comes from the apiserver config
var CRUNCHY_DEBUG bool
var Clientset *kubernetes.Clientset
Clientset ...
var DebugFlag bool
DebugFlag is the debug flag value
var InstallationName string
var MetricsFlag, BadgerFlag bool
MetricsFlag if set to true will cause crunchy-collect to be added into new clusters
var PermMap map[string]string
var Pgo config.PgoConfig
var PgoNamespace string
Namespace comes from the apiserver config in this version
var RESTClient *rest.RESTClient
RESTClient ...
var RESTConfig *rest.Config
var RoleMap map[string]map[string]string
Functions ¶
func Authn ¶
Authn performs HTTP Basic Authentication against a user if "BasicAuth" is set to "true" (which it is by default).
...it also performs Authorization (Authz) against the user that is attempting to authenticate, and as such, to truly "authenticate/authorize," one needs at least a valid Operator User account.
func BasicAuthCheck ¶
func BasicAuthzCheck ¶
func CreateRMDataTask ¶
func FindStandbyClusters ¶
func FindStandbyClusters(clusterList crv1.PgclusterList) (standbyClusters []string)
FindStandbyClusters takes a list of pgcluster structs and returns a slice containing the names of those clusters that are in standby mode as indicated by whether or not the standby prameter in the pgcluster spec is true.
func GetBackrestStorageTypes ¶
func GetBackrestStorageTypes() []string
func GetContainerResourcesJSON ¶
func GetContainerResourcesJSON(resources *crv1.PgContainerResources) string
GetContainerResources ...
func GetNamespace ¶
func GetNamespace(clientset *kubernetes.Clientset, username, requestedNS string) (string, error)
GetNamespace determines if a user has permission for a namespace they are requesting a valid requested namespace is required
func Initialize ¶
func Initialize()
func InitializePerms ¶
func InitializePerms()
func IsValidContainerResourceValues ¶
func IsValidContainerResourceValues() bool
func IsValidNodeLabel ¶
IsValidNodeLabel returns bool for key validity returns bool for value validity returns error
func IsValidPVC ¶
IsValidPVC determines if a PVC with the name provided exits
func IsValidStorageName ¶
func NewCertEnforcer ¶
NewCertEnforcer ensures a certEnforcer is created with skipped routes and validates that the configured routes are allowed
func PGClusterListHasStandby ¶
func PGClusterListHasStandby(clusterList crv1.PgclusterList) (bool, []string)
PGClusterListHasStandby determines if a PgclusterList has any standby clusters, specifically returning "true" if one or more standby clusters exist, along with a slice of strings containing the names of the clusters in standby mode
func UserIsPermittedInNamespace ¶
returns installation access and user access installation access means a namespace belongs to this Operator installation user access means this user has access to a namespace
func ValidateNodeLabel ¶
ValidateNodeLabel returns error if node label is invalid
func ValidateQuantity ¶
ValidateQuantity runs the Kubernetes "ParseQuantity" function on a string and determine whether or not it is a valid quantity object. Returns an error if it is invalid, along with the error message
See: https://github.com/kubernetes/apimachinery/blob/master/pkg/api/resource/quantity.go
func WriteTLSCert ¶
WriteTLSCert writes the server certificate and key to files from the PGOSecretName secret or generates a new key (writing to both the secret and the expected files
Types ¶
type CredentialDetail ¶
type ReplicaPodStatus ¶
ReplicaPodStatus stores the name of the node a replica pod is assigned to, as well as whether or not the pod is considered "Ready" in the Kubernetes cluster
func GetReplicaPodStatus ¶
func GetReplicaPodStatus(clusterName, ns string) (*ReplicaPodStatus, error)
GetReplicaPodStatus gets the status of all replica pods in the cluster. Specifically, using the provided cluster name and namespace, it looks up all replica pod in the cluster, and then provides a status for each pod ("Ready" or "Not Ready")