utils

package
v0.0.0-...-6e5ca5b Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 8, 2025 License: Apache-2.0 Imports: 21 Imported by: 22

Documentation

Index

Constants

View Source
const (

	// OperatorDisabledDefault holds the default behavior of whether CCO is disabled
	// in the absence of any setting in the ConfigMap
	OperatorDisabledDefault = false
)

Variables

This section is empty.

Functions

func CCODisabledCheck

func CCODisabledCheck(cm *corev1.ConfigMap, logger log.FieldLogger) (bool, error)

CCODisabledCheck will take the operator configuration ConfigMap and return whether the CCO operator is set to enabled or disabled. TODO: investigate unexporting this once the bootstrap render process can deal with the new config CR

func ErrorScrub

func ErrorScrub(err error) string

ErrorScrub scrubs cloud error messages destined for CRD status to remove things that change every attempt, such as request IDs, which subsequently cause an infinite update/reconcile loop.

func FindClusterOperatorCondition

FindClusterOperatorCondition iterates all conditions on a ClusterOperator looking for the specified condition type. If none exists nil will be returned.

func FindCredentialsRequestCondition

func FindCredentialsRequestCondition(conditions []minterv1.CredentialsRequestCondition, conditionType minterv1.CredentialsRequestConditionType) *minterv1.CredentialsRequestCondition

FindCredentialsRequestCondition iterates all conditions on a CredentialsRequest looking for the specified condition type. If none exists nil will be returned.

func GenerateNameWithFieldLimits

func GenerateNameWithFieldLimits(infraName string, infraNameMaxLen int, crName string, crNameLen int) (string, error)

GenerateNameWithFieldLimits lets you pass in two strings which will be clipped to their respective maximum lengths. Example: passing "thisIsInfraName", 8, "thisIsCrName", 8 will return:

'thisIsIn-thisIsCr'

func GenerateUniqueNameWithFieldLimits

func GenerateUniqueNameWithFieldLimits(infraName string, infraNameMaxLen int, crName string, crNameMaxlen int) (string, error)

GenerateUniqueNameWithFieldLimits will take infraName and crName and shorten them if necessary to no longer than their respective MaxLen argument. it will then add a unique ending to the resulting name by appending '-<5 random chars>' to the resulting string. Example: passing "thisIsInfraName", 8, "thisIsCrName", 8 will return:

'thisIsIn-thisIsCr-<5 random chars>'

func GetCredentialsRequestCloudType

func GetCredentialsRequestCloudType(providerSpec *runtime.RawExtension) (string, error)

GetCredentialsRequestCloudType decodes a Spec.ProviderSpec and returns the kind field.

func GetEffectiveOperatorMode

func GetEffectiveOperatorMode(configMapDisabledValue bool, operatorConfigMode operatorv1.CloudCredentialsMode) (operatorv1.CloudCredentialsMode, bool)

GetEffectiveOperatorMode will take the legacy configmap and the value in the operator config, and return the effective CCO mode and whether there is a conflict between the legacy and operator config values.

func GetInfrastructure

func GetInfrastructure(c client.Client) (*configv1.Infrastructure, error)

GetInfrastructure will return the cluster's Infrastructure object.

func GetLegacyConfigMap

func GetLegacyConfigMap(kubeClient client.Client) (*corev1.ConfigMap, error)

func GetLogLevel

func GetLogLevel(kubeClient client.Client, logger log.FieldLogger) (operatorv1.LogLevel, error)

func GetOperatorConfiguration

func GetOperatorConfiguration(kubeClient client.Client, logger log.FieldLogger) (
	effectiveOperatorMode operatorv1.CloudCredentialsMode,
	configurationConflict bool,
	err error)

GetOperatorConfiguration will return the value in the operator config (reporting "manual" mode if necessary), and whether there is a conflict between the legacy ConfigMap and CCO config (in the even of a conflict, the operator mode will be reported to reflect the actual value in the operator config).

func GetOperatorLogLevel

func GetOperatorLogLevel(kubeClient client.Client, logger log.FieldLogger) (operatorv1.LogLevel, error)

func IsTimedTokenCluster

func IsTimedTokenCluster(c client.Client, ctx context.Context, logger log.FieldLogger) (bool, error)

IsTimedTokenCluster answers a two part test to determine if we're running on a cluster enabled for timed access tokens (TAT) like STS enabled cluster on AWS, GCP Workload Identity Federation or Azure AAD Pod Identity.

  1. Is credential mode Manual
  2. Is serviceAccountIssuer non-empty

Both of these conditions must be true for any timed access token enabled clusters for the implementations mentioned above.

func IsValidMode

func IsValidMode(operatorMode operatorv1.CloudCredentialsMode) bool

func LiveClient

func LiveClient(mgr manager.Manager) client.Client

LiveClient returns a client.Client that never uses the cache by virtue of using the APIReader() for all read operations.

func LoadCredsFromSecret

func LoadCredsFromSecret(kubeClient client.Client, namespace, secretName string) ([]byte, []byte, error)

func LoadInfrastructureName

func LoadInfrastructureName(c client.Client, logger log.FieldLogger) (string, error)

LoadInfrastructureName loads the cluster Infrastructure config and returns the infra name used to identify this cluster, and tag some cloud objects.

func LoadInfrastructureTopology

func LoadInfrastructureTopology(c client.Client, logger log.FieldLogger) (configv1.TopologyMode, error)

LoadInfrastructureTopology loads the topology from the cluster Infrastructure config.

func ModeToAnnotation

func ModeToAnnotation(operatorMode operatorv1.CloudCredentialsMode) (string, error)

ModeToAnnotation converts a CCO operator mode to a CCO secret annotation or errors if the mode is not one that converts to a secret annotation.

func SetCredentialsRequestCondition

func SetCredentialsRequestCondition(
	conditions []minterv1.CredentialsRequestCondition,
	conditionType minterv1.CredentialsRequestConditionType,
	status corev1.ConditionStatus,
	reason string,
	message string,
	updateConditionCheck UpdateConditionCheck,
) []minterv1.CredentialsRequestCondition

SetCredentialsRequestCondition sets the condition for the CredentialsRequest and returns the new slice of conditions. If the CredentialsRequest does not already have a condition with the specified type, a condition will be added to the slice if and only if the specified status is True. If the CredentialsRequest does already have a condition with the specified type, the condition will be updated if either of the following are true. 1) Requested status is different than existing status. 2) The updateConditionCheck function returns true.

func UpdateConditionAlways

func UpdateConditionAlways(_, _, _, _ string) bool

UpdateConditionAlways returns true. The condition will always be updated.

func UpdateConditionIfReasonOrMessageChange

func UpdateConditionIfReasonOrMessageChange(oldReason, oldMessage, newReason, newMessage string) bool

UpdateConditionIfReasonOrMessageChange returns true if there is a change in the reason or the message of the condition.

func UpdateConditionNever

func UpdateConditionNever(_, _, _, _ string) bool

UpdateConditionNever return false. The condition will never be updated, unless there is a change in the status of the condition.

func UpdateStatus

func UpdateStatus(client client.Client, origCR, newCR *minterv1.CredentialsRequest, logger log.FieldLogger) error

UpdateStatus updates the status of the credentials request

func UpgradeableCheck

UpgradeableCheck will set the Upgradeable condition based on the mode CCO is in:

Mint/Passthrough: check that the root creds secret exists
Manual: check that the CCO's config CR has been annotated properly to signal that the user has performed the pre-upgrade credentials tasks.

Note: the upgradeable flag can only stop upgrades from 4.x to 4.y, not 4.x.y to 4.x.z.

Types

type UpdateConditionCheck

type UpdateConditionCheck func(oldReason, oldMessage, newReason, newMessage string) bool

UpdateConditionCheck tests whether a condition should be updated from the old condition to the new condition. Returns true if the condition should be updated.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL