Documentation ¶
Index ¶
Constants ¶
View Source
const ( // GCPAuthJSONKey is the key name in GCP credentials secrets where the json auth // contents will be stored. GCPAuthJSONKey = "service_account.json" )
Variables ¶
This section is empty.
Functions ¶
func NewReconciler ¶
Types ¶
type ReconcileCloudCredSecret ¶
type ReconcileCloudCredSecret struct { Client client.Client RootCredClient client.Client ProjectName string Logger log.FieldLogger GCPClientBuilder func(projectName string, authJSON []byte) (ccgcp.Client, error) }
func (*ReconcileCloudCredSecret) Reconcile ¶
func (r *ReconcileCloudCredSecret) Reconcile(ctx context.Context, request reconcile.Request) (returnResult reconcile.Result, returnErr error)
Reconcile will typically annotate the cloud cred secret to indicate the capabilities of the cloud credentials: 1) 'mint' for indicating that the creds can be used to create new sub-creds 2) 'passthrough' for indicating that the creds are capable enough to potentially be used as-is 3) 'insufficient' for indicating that the creds are not usable for the cluster In the event that the operator config resource has specified a mode to operate under (mint/passthrough) then skip trying to determine the capabilities, and just annotate the secret. +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch;update
Click to show internal directories.
Click to hide internal directories.