Documentation ¶
Index ¶
- Constants
- func CCODisabledCheck(cm *corev1.ConfigMap, logger log.FieldLogger) (bool, error)
- func ErrorScrub(err error) string
- func FindClusterOperatorCondition(conditions []configv1.ClusterOperatorStatusCondition, ...) *configv1.ClusterOperatorStatusCondition
- func FindCredentialsRequestCondition(conditions []minterv1.CredentialsRequestCondition, ...) *minterv1.CredentialsRequestCondition
- func GenerateNameWithFieldLimits(infraName string, infraNameMaxLen int, crName string, crNameLen int) (string, error)
- func GenerateUniqueNameWithFieldLimits(infraName string, infraNameMaxLen int, crName string, crNameMaxlen int) (string, error)
- func GetAuth(ctx context.Context, c client.Client) (*configv1.Authentication, error)
- func GetCredentialsRequestCloudType(providerSpec *runtime.RawExtension) (string, error)
- func GetEffectiveOperatorMode(configMapDisabledValue bool, ...) (operatorv1.CloudCredentialsMode, bool)
- func GetInfrastructure(c client.Client) (*configv1.Infrastructure, error)
- func GetLegacyConfigMap(kubeClient client.Client) (*corev1.ConfigMap, error)
- func GetLogLevel(kubeClient client.Client, logger log.FieldLogger) (operatorv1.LogLevel, error)
- func GetOperatorConfiguration(kubeClient client.Client, logger log.FieldLogger) (effectiveOperatorMode operatorv1.CloudCredentialsMode, ...)
- func GetOperatorLogLevel(kubeClient client.Client, logger log.FieldLogger) (operatorv1.LogLevel, error)
- func IsTimedTokenCluster(c client.Client, ctx context.Context, logger log.FieldLogger) (bool, error)
- func IsValidMode(operatorMode operatorv1.CloudCredentialsMode) bool
- func LiveClient(mgr manager.Manager) client.Client
- func LoadCredsFromSecret(kubeClient client.Client, namespace, secretName string) ([]byte, []byte, error)
- func LoadInfrastructureName(c client.Client, logger log.FieldLogger) (string, error)
- func LoadInfrastructureTopology(c client.Client, logger log.FieldLogger) (configv1.TopologyMode, error)
- func ModeToAnnotation(operatorMode operatorv1.CloudCredentialsMode) (string, error)
- func SetCredentialsRequestCondition(conditions []minterv1.CredentialsRequestCondition, ...) []minterv1.CredentialsRequestCondition
- func UpdateConditionAlways(_, _, _, _ string) bool
- func UpdateConditionIfReasonOrMessageChange(oldReason, oldMessage, newReason, newMessage string) bool
- func UpdateConditionNever(_, _, _, _ string) bool
- func UpdateStatus(client client.Client, origCR, newCR *minterv1.CredentialsRequest, ...) error
- func UpgradeableCheck(kubeClient client.Client, mode operatorv1.CloudCredentialsMode, ...) *configv1.ClusterOperatorStatusCondition
- type UpdateConditionCheck
Constants ¶
const ( // OperatorDisabledDefault holds the default behavior of whether CCO is disabled // in the absence of any setting in the ConfigMap OperatorDisabledDefault = false )
Variables ¶
This section is empty.
Functions ¶
func CCODisabledCheck ¶
CCODisabledCheck will take the operator configuration ConfigMap and return whether the CCO operator is set to enabled or disabled. TODO: investigate unexporting this once the bootstrap render process can deal with the new config CR
func ErrorScrub ¶
ErrorScrub scrubs cloud error messages destined for CRD status to remove things that change every attempt, such as request IDs, which subsequently cause an infinite update/reconcile loop.
func FindClusterOperatorCondition ¶
func FindClusterOperatorCondition(conditions []configv1.ClusterOperatorStatusCondition, conditionType configv1.ClusterStatusConditionType) *configv1.ClusterOperatorStatusCondition
FindClusterOperatorCondition iterates all conditions on a ClusterOperator looking for the specified condition type. If none exists nil will be returned.
func FindCredentialsRequestCondition ¶
func FindCredentialsRequestCondition(conditions []minterv1.CredentialsRequestCondition, conditionType minterv1.CredentialsRequestConditionType) *minterv1.CredentialsRequestCondition
FindCredentialsRequestCondition iterates all conditions on a CredentialsRequest looking for the specified condition type. If none exists nil will be returned.
func GenerateNameWithFieldLimits ¶
func GenerateNameWithFieldLimits(infraName string, infraNameMaxLen int, crName string, crNameLen int) (string, error)
GenerateNameWithFieldLimits lets you pass in two strings which will be clipped to their respective maximum lengths. Example: passing "thisIsInfraName", 8, "thisIsCrName", 8 will return:
'thisIsIn-thisIsCr'
func GenerateUniqueNameWithFieldLimits ¶
func GenerateUniqueNameWithFieldLimits(infraName string, infraNameMaxLen int, crName string, crNameMaxlen int) (string, error)
GenerateUniqueNameWithFieldLimits will take infraName and crName and shorten them if necessary to no longer than their respective MaxLen argument. it will then add a unique ending to the resulting name by appending '-<5 random chars>' to the resulting string. Example: passing "thisIsInfraName", 8, "thisIsCrName", 8 will return:
'thisIsIn-thisIsCr-<5 random chars>'
func GetCredentialsRequestCloudType ¶
func GetCredentialsRequestCloudType(providerSpec *runtime.RawExtension) (string, error)
GetCredentialsRequestCloudType decodes a Spec.ProviderSpec and returns the kind field.
func GetEffectiveOperatorMode ¶
func GetEffectiveOperatorMode(configMapDisabledValue bool, operatorConfigMode operatorv1.CloudCredentialsMode) (operatorv1.CloudCredentialsMode, bool)
GetEffectiveOperatorMode will take the legacy configmap and the value in the operator config, and return the effective CCO mode and whether there is a conflict between the legacy and operator config values.
func GetInfrastructure ¶
func GetInfrastructure(c client.Client) (*configv1.Infrastructure, error)
GetInfrastructure will return the cluster's Infrastructure object.
func GetLegacyConfigMap ¶
func GetLogLevel ¶
func GetLogLevel(kubeClient client.Client, logger log.FieldLogger) (operatorv1.LogLevel, error)
func GetOperatorConfiguration ¶
func GetOperatorConfiguration(kubeClient client.Client, logger log.FieldLogger) ( effectiveOperatorMode operatorv1.CloudCredentialsMode, configurationConflict bool, err error)
GetOperatorConfiguration will return the value in the operator config (reporting "manual" mode if necessary), and whether there is a conflict between the legacy ConfigMap and CCO config (in the even of a conflict, the operator mode will be reported to reflect the actual value in the operator config).
func GetOperatorLogLevel ¶
func GetOperatorLogLevel(kubeClient client.Client, logger log.FieldLogger) (operatorv1.LogLevel, error)
func IsTimedTokenCluster ¶
func IsTimedTokenCluster(c client.Client, ctx context.Context, logger log.FieldLogger) (bool, error)
IsTimedTokenCluster answers a two part test to determine if we're running on a cluster enabled for timed access tokens (TAT) like STS enabled cluster on AWS, GCP Workload Identity Federation or Azure AAD Pod Identity.
- Is credential mode Manual
- Is serviceAccountIssuer non-empty
Both of these conditions must be true for any timed access token enabled clusters for the implementations mentioned above.
func IsValidMode ¶
func IsValidMode(operatorMode operatorv1.CloudCredentialsMode) bool
func LiveClient ¶
LiveClient returns a client.Client that never uses the cache by virtue of using the APIReader() for all read operations.
func LoadCredsFromSecret ¶
func LoadInfrastructureName ¶
LoadInfrastructureName loads the cluster Infrastructure config and returns the infra name used to identify this cluster, and tag some cloud objects.
func LoadInfrastructureTopology ¶
func LoadInfrastructureTopology(c client.Client, logger log.FieldLogger) (configv1.TopologyMode, error)
LoadInfrastructureTopology loads the topology from the cluster Infrastructure config.
func ModeToAnnotation ¶
func ModeToAnnotation(operatorMode operatorv1.CloudCredentialsMode) (string, error)
ModeToAnnotation converts a CCO operator mode to a CCO secret annotation or errors if the mode is not one that converts to a secret annotation.
func SetCredentialsRequestCondition ¶
func SetCredentialsRequestCondition( conditions []minterv1.CredentialsRequestCondition, conditionType minterv1.CredentialsRequestConditionType, status corev1.ConditionStatus, reason string, message string, updateConditionCheck UpdateConditionCheck, ) []minterv1.CredentialsRequestCondition
SetCredentialsRequestCondition sets the condition for the CredentialsRequest and returns the new slice of conditions. If the CredentialsRequest does not already have a condition with the specified type, a condition will be added to the slice if and only if the specified status is True. If the CredentialsRequest does already have a condition with the specified type, the condition will be updated if either of the following are true. 1) Requested status is different than existing status. 2) The updateConditionCheck function returns true.
func UpdateConditionAlways ¶
UpdateConditionAlways returns true. The condition will always be updated.
func UpdateConditionIfReasonOrMessageChange ¶
func UpdateConditionIfReasonOrMessageChange(oldReason, oldMessage, newReason, newMessage string) bool
UpdateConditionIfReasonOrMessageChange returns true if there is a change in the reason or the message of the condition.
func UpdateConditionNever ¶
UpdateConditionNever return false. The condition will never be updated, unless there is a change in the status of the condition.
func UpdateStatus ¶
func UpdateStatus(client client.Client, origCR, newCR *minterv1.CredentialsRequest, logger log.FieldLogger) error
UpdateStatus updates the status of the credentials request
func UpgradeableCheck ¶
func UpgradeableCheck(kubeClient client.Client, mode operatorv1.CloudCredentialsMode, rootSecret types.NamespacedName) *configv1.ClusterOperatorStatusCondition
UpgradeableCheck will set the Upgradeable condition based on the mode CCO is in:
Mint/Passthrough: check that the root creds secret exists Manual: check that the CCO's config CR has been annotated properly to signal that the user has performed the pre-upgrade credentials tasks.
Note: the upgradeable flag can only stop upgrades from 4.x to 4.y, not 4.x.y to 4.x.z.
Types ¶
type UpdateConditionCheck ¶
UpdateConditionCheck tests whether a condition should be updated from the old condition to the new condition. Returns true if the condition should be updated.