Documentation ¶
Index ¶
- Constants
- Variables
- func NewBucketController(cfg *rest.Config, p *Provisioner) (*provisioner.Provisioner, error)
- type BucketPolicy
- type PolicyStatement
- func (ps *PolicyStatement) Actions(actions ...action) *PolicyStatement
- func (ps *PolicyStatement) Allows() *PolicyStatement
- func (ps *PolicyStatement) Denies() *PolicyStatement
- func (ps *PolicyStatement) EjectPrincipals(users ...string)
- func (ps *PolicyStatement) ForPrincipals(users ...string) *PolicyStatement
- func (ps *PolicyStatement) ForResources(resources ...string) *PolicyStatement
- func (ps *PolicyStatement) WithSID(sid string) *PolicyStatement
- type Provisioner
- func (p Provisioner) Delete(ob *bktv1alpha1.ObjectBucket) error
- func (p Provisioner) Grant(options *apibkt.BucketOptions) (*bktv1alpha1.ObjectBucket, error)
- func (p Provisioner) Provision(options *apibkt.BucketOptions) (*bktv1alpha1.ObjectBucket, error)
- func (p Provisioner) Revoke(ob *bktv1alpha1.ObjectBucket) error
- type S3Agent
Constants ¶
const ( All action = "s3:*" AbortMultipartUpload action = "s3:AbortMultipartUpload" CreateBucket action = "s3:CreateBucket" DeleteBucketPolicy action = "s3:DeleteBucketPolicy" DeleteBucket action = "s3:DeleteBucket" DeleteBucketWebsite action = "s3:DeleteBucketWebsite" DeleteObject action = "s3:DeleteObject" DeleteObjectVersion action = "s3:DeleteObjectVersion" DeleteReplicationConfiguration action = "s3:DeleteReplicationConfiguration" GetAccelerateConfiguration action = "s3:GetAccelerateConfiguration" GetBucketAcl action = "s3:GetBucketAcl" GetBucketCORS action = "s3:GetBucketCORS" GetBucketLocation action = "s3:GetBucketLocation" GetBucketLogging action = "s3:GetBucketLogging" GetBucketNotification action = "s3:GetBucketNotification" GetBucketPolicy action = "s3:GetBucketPolicy" GetBucketRequestPayment action = "s3:GetBucketRequestPayment" GetBucketTagging action = "s3:GetBucketTagging" GetBucketVersioning action = "s3:GetBucketVersioning" GetBucketWebsite action = "s3:GetBucketWebsite" GetLifecycleConfiguration action = "s3:GetLifecycleConfiguration" GetObjectAcl action = "s3:GetObjectAcl" GetObject action = "s3:GetObject" GetObjectTorrent action = "s3:GetObjectTorrent" GetObjectVersionAcl action = "s3:GetObjectVersionAcl" GetObjectVersion action = "s3:GetObjectVersion" GetObjectVersionTorrent action = "s3:GetObjectVersionTorrent" GetReplicationConfiguration action = "s3:GetReplicationConfiguration" ListAllMyBuckets action = "s3:ListAllMyBuckets" ListBucketMultiPartUploads action = "s3:ListBucketMultiPartUploads" ListBucket action = "s3:ListBucket" ListBucketVersions action = "s3:ListBucketVersions" ListMultipartUploadParts action = "s3:ListMultipartUploadParts" PutAccelerateConfiguration action = "s3:PutAccelerateConfiguration" PutBucketAcl action = "s3:PutBucketAcl" PutBucketCORS action = "s3:PutBucketCORS" PutBucketLogging action = "s3:PutBucketLogging" PutBucketNotification action = "s3:PutBucketNotification" PutBucketPolicy action = "s3:PutBucketPolicy" PutBucketRequestPayment action = "s3:PutBucketRequestPayment" PutBucketTagging action = "s3:PutBucketTagging" PutBucketVersioning action = "s3:PutBucketVersioning" PutBucketWebsite action = "s3:PutBucketWebsite" PutLifecycleConfiguration action = "s3:PutLifecycleConfiguration" PutObjectAcl action = "s3:PutObjectAcl" PutObject action = "s3:PutObject" PutObjectVersionAcl action = "s3:PutObjectVersionAcl" PutReplicationConfiguration action = "s3:PutReplicationConfiguration" RestoreObject action = "s3:RestoreObject" )
Variables ¶
var AllowedActions = []action{ DeleteObject, DeleteObjectVersion, GetBucketAcl, GetBucketCORS, GetBucketLocation, GetBucketLogging, GetBucketNotification, GetBucketPolicy, GetBucketTagging, GetBucketVersioning, GetBucketWebsite, GetObject, GetObjectAcl, GetObjectTorrent, GetObjectVersion, GetObjectVersionAcl, GetObjectVersionTorrent, ListAllMyBuckets, ListBucket, ListBucketMultiPartUploads, ListBucketVersions, ListMultipartUploadParts, PutBucketTagging, PutBucketVersioning, PutBucketWebsite, PutBucketVersioning, PutLifecycleConfiguration, PutObjectAcl, PutObjectVersionAcl, PutReplicationConfiguration, RestoreObject, }
AllowedActions is a lenient default list of actions
Functions ¶
func NewBucketController ¶
func NewBucketController(cfg *rest.Config, p *Provisioner) (*provisioner.Provisioner, error)
Types ¶
type BucketPolicy ¶
type BucketPolicy struct { // Id (optional) identifies the bucket policy Id string `json:"Id"` // Version is the version of the BucketPolicy data structure // should always be '2012-10-17' Version string `json:"Version"` Statement []PolicyStatement `json:"Statement"` }
BucketPolicy represents set of policy statements for a single bucket.
func NewBucketPolicy ¶
func NewBucketPolicy(ps ...PolicyStatement) *BucketPolicy
NewBucketPolicy obviously returns a new BucketPolicy. PolicyStatements may be passed in at creation or added after the fact. BucketPolicies should be passed to PutBucketPolicy().
func (*BucketPolicy) DropPolicyStatements ¶
func (bp *BucketPolicy) DropPolicyStatements(sid ...string) *BucketPolicy
func (*BucketPolicy) EjectPrincipals ¶
func (bp *BucketPolicy) EjectPrincipals(users ...string) *BucketPolicy
func (*BucketPolicy) ModifyBucketPolicy ¶
func (bp *BucketPolicy) ModifyBucketPolicy(ps ...PolicyStatement) *BucketPolicy
ModifyBucketPolicy new and old statement SIDs and overwrites on a match. This allows users to Get, modify, and Replace existing statements as well as add new ones.
type PolicyStatement ¶
type PolicyStatement struct { // Sid (optional) is the PolicyStatement's unique identifier Sid string `json:"Sid"` // Effect determins whether the Action(s) are 'Allow'ed or 'Deny'ed. Effect effect `json:"Effect"` // Principle is/are the Ceph user names affected by this PolicyStatement Principal map[string][]string `json:"Principal"` // Action is a list of s3:* actions Action []action `json:"Action"` // Resource is the ARN identifier for the S3 resource (bucket) // Must be in the format of 'arn:aws:s3:::<bucket> Resource []string `json:"Resource"` }
PolicyStatment is the Go representation of a PolicyStatement json struct it defines what Actions that a Principle can or cannot perform on a Resource
func NewPolicyStatement ¶
func NewPolicyStatement() *PolicyStatement
NewPolicyStatement generates a new PolicyStatement. PolicyStatment methods are designed to be chain called with dot notation to allow for easy configuration at creation. This is preferable to a long parameter list.
func (*PolicyStatement) Actions ¶
func (ps *PolicyStatement) Actions(actions ...action) *PolicyStatement
Actions is the set of "s3:*" actions for the PolicyStatement is concerned
func (*PolicyStatement) Allows ¶
func (ps *PolicyStatement) Allows() *PolicyStatement
Allows sets the effect of the PolicyStatement to allow PolicyStatement's Actions
func (*PolicyStatement) Denies ¶
func (ps *PolicyStatement) Denies() *PolicyStatement
Denies sets the effect of the PolicyStatement to deny the PolicyStatement's Actions
func (*PolicyStatement) EjectPrincipals ¶
func (ps *PolicyStatement) EjectPrincipals(users ...string)
func (*PolicyStatement) ForPrincipals ¶
func (ps *PolicyStatement) ForPrincipals(users ...string) *PolicyStatement
ForPrincipals adds users to the PolicyStatement
func (*PolicyStatement) ForResources ¶
func (ps *PolicyStatement) ForResources(resources ...string) *PolicyStatement
ForResources adds resources (buckets) to the PolicyStatement with the appropriate ARN prefix
func (*PolicyStatement) WithSID ¶
func (ps *PolicyStatement) WithSID(sid string) *PolicyStatement
type Provisioner ¶
type Provisioner struct {
// contains filtered or unexported fields
}
func NewProvisioner ¶
func NewProvisioner(context *clusterd.Context, namespace string) *Provisioner
func (Provisioner) Delete ¶
func (p Provisioner) Delete(ob *bktv1alpha1.ObjectBucket) error
Delete is called when the ObjectBucketClaim (OBC) is deleted and the associated storage class' reclaimPolicy is "Delete". Or, if a Provision() error occurs and the bucket controller needs to clean up before retrying.
func (Provisioner) Grant ¶
func (p Provisioner) Grant(options *apibkt.BucketOptions) (*bktv1alpha1.ObjectBucket, error)
Grant attaches to an existing rgw bucket and returns a connection info representing the bucket's endpoint and user access credentials.
func (Provisioner) Provision ¶
func (p Provisioner) Provision(options *apibkt.BucketOptions) (*bktv1alpha1.ObjectBucket, error)
Provision creates an s3 bucket and returns a connection info representing the bucket's endpoint and user access credentials.
func (Provisioner) Revoke ¶
func (p Provisioner) Revoke(ob *bktv1alpha1.ObjectBucket) error
Revoke removes a user and creds from an existing bucket. Note: cleanup order below matters.
type S3Agent ¶
type S3Agent struct {
// contains filtered or unexported fields
}
S3Agent wraps the s3.S3 structure to allow for wrapper methods
func NewS3Agent ¶
func (S3Agent) CreateBucket ¶
CreateBucket creates a bucket with the given name
func (S3Agent) GetBucketPolicy ¶
func (s S3Agent) GetBucketPolicy(bucket string) (*BucketPolicy, error)
func (S3Agent) PutBucketPolicy ¶
func (s S3Agent) PutBucketPolicy(bucket string, policy BucketPolicy) (*s3.PutBucketPolicyOutput, error)
PutBucketPolicy applies the policy to the bucket