kongstate

package
v3.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 17, 2024 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	KongHashOnTypeHeader     string = "header"
	KongHashOnTypeCookie     string = "cookie"
	KongHashOnTypeQueryArg   string = "query_arg"
	KongHashOnTypeURICapture string = "uri_capture"
)
View Source 
const ImplicitPort = "implicitPort"

Variables

This section is empty.

Functions

func GetKongUpstreamPolicyForServices 

func GetKongUpstreamPolicyForServices(s store.Storer, servicesGroup []*corev1.Service) (*kongv1beta1.KongUpstreamPolicy, error)

GetKongUpstreamPolicyForServices scans all Services in the group to see if their KongUpstreamPolicy is consistent and returns a non-nil KongUpstreamPolicy if it is.

We require either: - all the Services to be configured with the same KongUpstreamPolicy. - none of the Services to be configured with a KongUpstreamPolicy.

If the KongUpstreamPolicy configuration is inconsistent or a configured KongUpstreamPolicy cannot be fetched from the store, an error is returned.

func NamespacedSecretToConfiguration added in v3.1.0 

func NamespacedSecretToConfiguration(
	s SecretGetter,
	reference kongv1.NamespacedSecretValueFromSource) (
	kong.Configuration, error,
)

NamespacedSecretToConfiguration fetches specified value from given namespace, secret and key, then parse the value to Kong plugin configurations. Exported primarily to be used in admission validators.

func RawConfigToConfiguration 

func RawConfigToConfiguration(raw []byte) (kong.Configuration, error)

RawConfigToConfiguration decodes raw JSON to the format of Kong configuration. it is run after all patches applied to the initial config.

func RawConfigurationWithNamespacedPatchesToConfiguration added in v3.1.0 

func RawConfigurationWithNamespacedPatchesToConfiguration(
	s SecretGetter,
	rawConfig apiextensionsv1.JSON,
	patches []kongv1.NamespacedConfigPatch,
) (kong.Configuration, error)

RawConfigurationWithNamespacedPatchesToConfiguration converts config and add patches from configPatches of KongClusterPlugin.

func RawConfigurationWithPatchesToConfiguration added in v3.1.0 

func RawConfigurationWithPatchesToConfiguration(
	s SecretGetter, namespace string,
	rawConfig apiextensionsv1.JSON,
	patches []kongv1.ConfigPatch,
) (kong.Configuration, error)

RawConfigurationWithPatchesToConfiguration converts config and add patches from configPatches of KongPlugin.

func SecretToConfiguration 

func SecretToConfiguration(
	s SecretGetter,
	reference kongv1.SecretValueFromSource, namespace string) (
	kong.Configuration, error,
)

SecretToConfiguration fetches specified value from secret and key in the namespace, then parse the value to Kong plugin configurations. Exported primarily to be used in admission validators.

func TranslateKongUpstreamPolicy 

func TranslateKongUpstreamPolicy(policy kongv1beta1.KongUpstreamPolicySpec) *kong.Upstream

TranslateKongUpstreamPolicy translates KongUpstreamPolicySpec to kong.Upstream. It makes assumption that KongUpstreamPolicySpec has been validated on the API level.

Types

type ACLGroup 

type ACLGroup struct {
	kong.ACLGroup
}

ACLGroup represents an ACL associated with a consumer. Due to ACL implementation in Kong being similar to credentials, ACLs are treated as credentials, too.

func NewACLGroup 

func NewACLGroup(config interface{}) (*ACLGroup, error)

type BasicAuth 

type BasicAuth struct {
	kong.BasicAuth
}

BasicAuth represents a basic authentication credential.

func NewBasicAuth 

func NewBasicAuth(config interface{}) (*BasicAuth, error)

func (*BasicAuth) SanitizedCopy 

func (c *BasicAuth) SanitizedCopy() *BasicAuth

SanitizedCopy returns a shallow copy with sensitive values redacted best-effort.

type Certificate 

type Certificate struct {
	kong.Certificate
}

Certificate represents the certificate object in Kong.

func (*Certificate) SanitizedCopy 

func (c *Certificate) SanitizedCopy() *Certificate

SanitizedCopy returns a shallow copy with sensitive values redacted best-effort.

type Consumer 

type Consumer struct {
	kong.Consumer
	Plugins        []kong.Plugin
	ConsumerGroups []kong.ConsumerGroup

	KeyAuths   []*KeyAuth
	HMACAuths  []*HMACAuth
	JWTAuths   []*JWTAuth
	BasicAuths []*BasicAuth
	ACLGroups  []*ACLGroup

	Oauth2Creds []*Oauth2Credential
	MTLSAuths   []*MTLSAuth

	K8sKongConsumer kongv1.KongConsumer
}

Consumer holds a Kong consumer and its plugins and credentials.

func (*Consumer) SanitizedCopy 

func (c *Consumer) SanitizedCopy(uuidGenerator util.UUIDGenerator) *Consumer

SanitizedCopy returns a shallow copy with sensitive values redacted best-effort.

func (*Consumer) SetCredential 

func (c *Consumer) SetCredential(credType string, credConfig interface{}, tags []*string) error

type ConsumerGroup 

type ConsumerGroup struct {
	kong.ConsumerGroup

	K8sKongConsumerGroup kongv1beta1.KongConsumerGroup
}

ConsumerGroup holds a Kong Consumer.

type HMACAuth 

type HMACAuth struct {
	kong.HMACAuth
}

HMACAuth represents a HMAC credential.

func NewHMACAuth 

func NewHMACAuth(config interface{}) (*HMACAuth, error)

func (*HMACAuth) SanitizedCopy 

func (c *HMACAuth) SanitizedCopy() *HMACAuth

SanitizedCopy returns a shallow copy with sensitive values redacted best-effort.

type JSONPatchOp added in v3.1.0 

type JSONPatchOp string
var (
	JSONPatchOpAdd     JSONPatchOp = "add"
	JSONPatchOpReplace JSONPatchOp = "replace"
)

type JWTAuth 

type JWTAuth struct {
	kong.JWTAuth
}

JWTAuth represents a JWT credential.

func NewJWTAuth 

func NewJWTAuth(config interface{}) (*JWTAuth, error)

func (*JWTAuth) SanitizedCopy 

func (c *JWTAuth) SanitizedCopy() *JWTAuth

SanitizedCopy returns a shallow copy with sensitive values redacted best-effort.

type KeyAuth 

type KeyAuth struct {
	kong.KeyAuth
}

KeyAuth represents a key-auth credential.

func NewKeyAuth 

func NewKeyAuth(config interface{}) (*KeyAuth, error)

func (*KeyAuth) SanitizedCopy 

func (c *KeyAuth) SanitizedCopy(uuidGenerator util.UUIDGenerator) *KeyAuth

SanitizedCopy returns a shallow copy with sensitive values redacted best-effort.

type KongState 

type KongState struct {
	Services       []Service
	Upstreams      []Upstream
	Certificates   []Certificate
	CACertificates []kong.CACertificate
	Licenses       []License
	Plugins        []Plugin
	Consumers      []Consumer
	ConsumerGroups []ConsumerGroup
	Vaults         []Vault
}

KongState holds the configuration that should be applied to Kong.

func (*KongState) FillConsumerGroups 

func (ks *KongState) FillConsumerGroups(_ logr.Logger, s store.Storer)

func (*KongState) FillConsumersAndCredentials 

func (ks *KongState) FillConsumersAndCredentials(
	logger logr.Logger,
	s store.Storer,
	failuresCollector *failures.ResourceFailuresCollector,
)

func (*KongState) FillIDs 

func (ks *KongState) FillIDs(logger logr.Logger, workspace string)

FillIDs iterates over the KongState and fills in the ID field for each entity that supports the FillID method (these are Service, Route, Consumer and Consumer Group). It makes their IDs deterministic, enabling their correct identification in external systems (e.g. Konnect Analytics). The workspace parameter is used for guarantee that the ID is unique across all workspaces, as required by Kong gateway.

func (*KongState) FillOverrides 

func (ks *KongState) FillOverrides(
	logger logr.Logger,
	s store.Storer,
	failuresCollector *failures.ResourceFailuresCollector,
)

func (*KongState) FillPlugins 

func (ks *KongState) FillPlugins(
	log logr.Logger,
	s store.Storer,
	failuresCollector *failures.ResourceFailuresCollector,
)

func (*KongState) FillUpstreamOverrides 

func (ks *KongState) FillUpstreamOverrides(
	s store.Storer,
	logger logr.Logger,
	failuresCollector *failures.ResourceFailuresCollector,
)

func (*KongState) FillVaults added in v3.1.0 

func (ks *KongState) FillVaults(
	logger logr.Logger,
	s store.Storer,
	failuresCollector *failures.ResourceFailuresCollector,
)

func (*KongState) SanitizedCopy 

func (ks *KongState) SanitizedCopy(uuidGenerator util.UUIDGenerator) *KongState

SanitizedCopy returns a shallow copy with sensitive values redacted best-effort.

type License 

type License struct {
	kong.License
}

License represents the license object in Kong.

func (License) SanitizedCopy 

func (l License) SanitizedCopy() *License

SanitizedCopy returns a shallow copy with sensitive values redacted best-effort.

type MTLSAuth 

type MTLSAuth struct {
	kong.MTLSAuth
}

MTLSAuth represents an MTLS auth credential.

func NewMTLSAuth 

func NewMTLSAuth(config interface{}) (*MTLSAuth, error)

type Oauth2Credential 

type Oauth2Credential struct {
	kong.Oauth2Credential
}

Oauth2Credential represents an OAuth2 client configuration including credentials.

func NewOauth2Credential 

func NewOauth2Credential(config interface{}) (*Oauth2Credential, error)

func (*Oauth2Credential) SanitizedCopy 

func (c *Oauth2Credential) SanitizedCopy() *Oauth2Credential

SanitizedCopy returns a shallow copy with sensitive values redacted best-effort.

type Plugin 

type Plugin struct {
	kong.Plugin
	K8sParent           client.Object
	SensitiveFieldsMeta PluginSensitiveFieldsMetadata
}

Plugin represents a plugin Object in Kong.

func (Plugin) DeepCopy 

func (p Plugin) DeepCopy() Plugin

func (Plugin) SanitizedCopy added in v3.1.0 

func (p Plugin) SanitizedCopy() Plugin

type PluginSensitiveFieldsMetadata added in v3.1.0 

type PluginSensitiveFieldsMetadata struct {
	// WholeConfigIsSensitive indicates that the entire configuration of the plugin is sensitive.
	// If this is true, the configuration should be redacted entirely (each of its fields' values
	// should be replaced with a redacted string).
	WholeConfigIsSensitive bool

	// JSONPaths holds a list of JSON paths to sensitive fields in the plugin's configuration.
	// If this is not empty, the configuration should be redacted by replacing the values of the
	// fields at these paths with a redacted string.
	JSONPaths []string
}

PluginSensitiveFieldsMetadata holds metadata about sensitive fields in a plugin's configuration. It can be used to sanitize them before exposing the configuration to the user (e.g. in debug dumps or in Konnect Admin API).

type PortDef 

type PortDef struct {
	Mode PortMode

	// Name is the port name as stated in the Kubernetes service. Must be set iff Mode == PortModeName.
	Name string

	// Number is the port number. Must be set iff PortMode == PortModeNumber.
	Number int32
}

func (*PortDef) CanonicalString 

func (p *PortDef) CanonicalString() string

type PortMode 

type PortMode int
const (
	// PortModeImplicit means that the Ingress does not specify the Kubernetes Service port, and that KIC should expect
	// the Service to have only one port defined.
	PortModeImplicit PortMode = iota
	// PortModeByNumber means that the Ingress specifies the Service port by raw port number.
	PortModeByNumber PortMode = iota
	// PortModeByName means that the Ingress specifies the Service port by its name field.
	PortModeByName PortMode = iota
)

type Route 

type Route struct {
	kong.Route

	Ingress          util.K8sObjectInfo
	Plugins          []kong.Plugin
	ExpressionRoutes bool
}

Route represents a Kong Route and holds a reference to the Ingress rule.

type SecretGetter 

type SecretGetter interface {
	GetSecret(namespace, name string) (*corev1.Secret, error)
}

type Service 

type Service struct {
	kong.Service
	Namespace string
	Routes    []Route
	Plugins   []kong.Plugin

	Backends    []ServiceBackend
	K8sServices map[string]*corev1.Service

	// Parent is the parent object of this Service.
	// It is expected to be a Kubernetes object which translation resulted in creating this Kong Service.
	// For example, if this Service was created as a result of translating a Kubernetes Ingress, then
	// Parent is expected to be the Ingress object itself.
	Parent client.Object
}

Service represents a service in Kong and holds routes associated with the service and other k8s metadata.

type ServiceBackend 

type ServiceBackend struct {
	// contains filtered or unexported fields
}

ServiceBackend represents a backend for a Kong Service. It can be a Kubernetes Service or a KongServiceFacade.

func NewServiceBackend added in v3.1.0 

func NewServiceBackend(
	t ServiceBackendType,
	nn k8stypes.NamespacedName,
	portDef PortDef,
) (ServiceBackend, error)

NewServiceBackend creates a new ServiceBackend with an arbitrary backend type.

func NewServiceBackendForService added in v3.1.0 

func NewServiceBackendForService(nn k8stypes.NamespacedName, portDef PortDef) (ServiceBackend, error)

NewServiceBackendForService creates a new ServiceBackend for a Kubernetes Service.

func NewServiceBackendForServiceFacade added in v3.1.0 

func NewServiceBackendForServiceFacade(nn k8stypes.NamespacedName, portDef PortDef) (ServiceBackend, error)

NewServiceBackendForServiceFacade creates a new ServiceBackend for a KongServiceFacade.

func (*ServiceBackend) IsServiceFacade added in v3.1.0 

func (s *ServiceBackend) IsServiceFacade() bool

IsServiceFacade returns true if the backend is a KongServiceFacade. Otherwise, returns false what means that the backend is a Kubernetes Service.

func (*ServiceBackend) Name 

func (s *ServiceBackend) Name() string

Name returns the name of the backend resource (Service or KongServiceFacade).

func (*ServiceBackend) Namespace 

func (s *ServiceBackend) Namespace() string

Namespace returns the namespace of the backend resource (Service or KongServiceFacade).

func (*ServiceBackend) PortDef 

func (s *ServiceBackend) PortDef() PortDef

PortDef returns the port definition of the backend.

func (*ServiceBackend) SetWeight added in v3.1.0 

func (s *ServiceBackend) SetWeight(weight int32)

SetWeight sets the weight of the backend used for load-balancing.

func (*ServiceBackend) Weight 

func (s *ServiceBackend) Weight() mo.Option[int]

Weight returns the weight of the backend used for load-balancing.

type ServiceBackendType added in v3.1.0 

type ServiceBackendType string

ServiceBackendType is the type of the backend. 

const (
	// ServiceBackendTypeKongServiceFacade means that the backend is an incubatorv1alpha1.KongServiceFacade.
	ServiceBackendTypeKongServiceFacade ServiceBackendType = "KongServiceFacade"

	// ServiceBackendTypeKubernetesService means that the backend is a Kubernetes Service.
	ServiceBackendTypeKubernetesService ServiceBackendType = "KubernetesService"
)

type ServiceBackends 

type ServiceBackends []ServiceBackend

type Services 

type Services []*Service

Services is a list of kongstate.Service objects with sorting enabled based on a lexographical comparison of the underlying kong.Service names which are always expected to be unique.

func (Services) Len 

func (s Services) Len() int

func (Services) Less 

func (s Services) Less(i, j int) bool

func (Services) Swap 

func (s Services) Swap(i, j int)

type Target 

type Target struct {
	kong.Target
}

Target is a wrapper around Target object in Kong.

type Upstream 

type Upstream struct {
	kong.Upstream
	Targets []Target
	// Service this upstream is associated with.
	Service Service
}

Upstream is a wrapper around Upstream object in Kong.

type Vault added in v3.1.0 

type Vault struct {
	kong.Vault

	K8sKongVault *kongv1alpha1.KongVault
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.