projectreference

package

v0.0.0-...-ec4eabd Latest Latest Go to latest Published: Oct 24, 2024 License: Apache-2.0 Imports: 29 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/openshift/gcp-project-operator

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func EnsureDeletionProcessed(adapter *ReferenceAdapter) (util.OperationResult, error)
func EnsureFinalizerAdded(r *ReferenceAdapter) (util.OperationResult, error)
func EnsureProjectClaimReady(r *ReferenceAdapter) (util.OperationResult, error)
func EnsureProjectConfigured(r *ReferenceAdapter) (util.OperationResult, error)
func EnsureProjectCreated(r *ReferenceAdapter) (util.OperationResult, error)
func EnsureProjectID(adapter *ReferenceAdapter) (util.OperationResult, error)
func EnsureProjectReferenceInitialized(r *ReferenceAdapter) (util.OperationResult, error)
func EnsureProjectReferenceStatusCreating(adapter *ReferenceAdapter) (util.OperationResult, error)
func EnsureServiceAccountName(adapter *ReferenceAdapter) (util.OperationResult, error)
func EnsureStateReady(r *ReferenceAdapter) (util.OperationResult, error)
func GenerateProjectID() (string, error)
func VerifyProjectClaimPending(r *ReferenceAdapter) (util.OperationResult, error)
type AddorUpdateBindingResponse
type ProjectReferenceReconciler
- func (r *ProjectReferenceReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
- func (r *ProjectReferenceReconciler) ReconcileHandler(adapter *ReferenceAdapter, reqLogger logr.Logger) (ctrl.Result, error)
- func (r *ProjectReferenceReconciler) SetupWithManager(mgr ctrl.Manager) error
type ReferenceAdapter
- func NewReferenceAdapter(projectReference *gcpv1alpha1.ProjectReference, logger logr.Logger, ...) (*ReferenceAdapter, error)
- func (r *ReferenceAdapter) AddOrUpdateBindings(serviceAccountEmail string, policies []string, memberType util.IamMemberType) (AddorUpdateBindingResponse, error)
- func (r *ReferenceAdapter) DeleteIAMPolicy(serviceAccountEmail string, memberType util.IamMemberType) error
- func (r *ReferenceAdapter) EnsureFinalizerDeleted() error
- func (r *ReferenceAdapter) EnsureProjectCleanedUp() error
- func (r *ReferenceAdapter) IsDeletionRequested() bool
- func (r *ReferenceAdapter) SetIAMPolicy(serviceAccountEmail string, policies []string, memberType util.IamMemberType) error
- func (r *ReferenceAdapter) SetProjectReferenceCondition(reason string, err error) error
- func (r *ReferenceAdapter) StatusUpdate() error
- func (r *ReferenceAdapter) UpdateProjectID() error
- func (r *ReferenceAdapter) UpdateServiceAccountName() error
type ReferenceReconcileOperation

Constants ¶

View Source

const (
	FinalizerName = "finalizer.gcp.managed.openshift.io"
)

Variables ¶

View Source

var OSDReadOnlyConsoleAccessRoles = []string{
	"roles/viewer",
}

OSDReadOnlyConsoleAccessRoles is a list of Roles that a service account required to get read only console access.

View Source

var OSDRequiredAPIS = []string{
	"serviceusage.googleapis.com",
	"cloudresourcemanager.googleapis.com",
	"storage-component.googleapis.com",
	"storage-api.googleapis.com",
	"dns.googleapis.com",
	"iam.googleapis.com",
	"compute.googleapis.com",
	"cloudapis.googleapis.com",
	"iamcredentials.googleapis.com",
	"servicemanagement.googleapis.com",
	"networksecurity.googleapis.com",
	"iap.googleapis.com",
}

OSDRequiredAPIS is list of API's, required to setup OpenShift cluster. Order is important.

View Source

var OSDRequiredRoles = []string{
	"roles/compute.admin",
	"roles/dns.admin",
	"roles/iam.roleAdmin",
	"roles/iam.securityAdmin",
	"roles/iam.serviceAccountAdmin",
	"roles/iam.serviceAccountKeyAdmin",
	"roles/iam.serviceAccountUser",
	"roles/storage.admin",
}

OSDRequiredRoles is a list of Roles for service account osd-managed-admin used by the cloud-credential-operator to setup Openshift cluster

View Source

var OSDSREConsoleAccessRoles = []string{
	"roles/compute.admin",
	"roles/editor",
	"roles/resourcemanager.projectIamAdmin",
	"roles/servicemanagement.quotaAdmin",
	"roles/iam.serviceAccountAdmin",
	"roles/serviceusage.serviceUsageAdmin",
	"roles/iam.roleAdmin",
	"roles/cloudsupport.techSupportEditor",
	"roles/iap.tunnelResourceAccessor",
}

OSDSREConsoleAccessRoles is a list of Roles that a service account required to get console access.

View Source

var OSDSharedVPCRoles = []string{
	"roles/iam.securityReviewer",
	"roles/compute.loadBalancerAdmin",
	"roles/resourcemanager.tagUser",
	"roles/compute.networkAdmin",
}

OSDSharedVPCRoles is a list of Roles that a service account required to get shared VPC access

Functions ¶

func EnsureDeletionProcessed ¶

func EnsureDeletionProcessed(adapter *ReferenceAdapter) (util.OperationResult, error)

func EnsureFinalizerAdded ¶

func EnsureFinalizerAdded(r *ReferenceAdapter) (util.OperationResult, error)

EnsureFinalizerAdded parses the meta.Finalizers of ProjectReference instance and adds FinalizerName if not found.

func EnsureProjectClaimReady ¶

func EnsureProjectClaimReady(r *ReferenceAdapter) (util.OperationResult, error)

EnsureProjectClaimReady sets the ProjectClaim to Ready after the ProjectReference was reconciled correctly and gcp project has been created

func EnsureProjectConfigured ¶

func EnsureProjectConfigured(r *ReferenceAdapter) (util.OperationResult, error)

func EnsureProjectCreated ¶

func EnsureProjectCreated(r *ReferenceAdapter) (util.OperationResult, error)

func EnsureProjectID ¶

func EnsureProjectID(adapter *ReferenceAdapter) (util.OperationResult, error)

func EnsureProjectReferenceInitialized ¶

func EnsureProjectReferenceInitialized(r *ReferenceAdapter) (util.OperationResult, error)

func EnsureProjectReferenceStatusCreating ¶

func EnsureProjectReferenceStatusCreating(adapter *ReferenceAdapter) (util.OperationResult, error)

func EnsureServiceAccountName ¶

func EnsureServiceAccountName(adapter *ReferenceAdapter) (util.OperationResult, error)

func EnsureStateReady ¶

func EnsureStateReady(r *ReferenceAdapter) (util.OperationResult, error)

func GenerateProjectID ¶

func GenerateProjectID() (string, error)

func VerifyProjectClaimPending ¶

func VerifyProjectClaimPending(r *ReferenceAdapter) (util.OperationResult, error)

VerifyProjectClaimPending waits until the ProjectClaim has been initialized, meaning is in state PendingProject

Types ¶

type AddorUpdateBindingResponse ¶

type AddorUpdateBindingResponse struct {
	// contains filtered or unexported fields
}

AddorUpdateBindingResponse contains the data that is returned by the AddOrUpdarteBindings function

type ProjectReferenceReconciler ¶

type ProjectReferenceReconciler struct {
	client.Client
	Scheme           *runtime.Scheme
	GcpClientBuilder func(projectName string, authJSON []byte) (gcpclient.Client, error)
}

ProjectReferenceReconciler reconciles a ProjectReference object

func (*ProjectReferenceReconciler) Reconcile ¶

func (r *ProjectReferenceReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile is part of the main kubernetes reconciliation loop which aims to move the current state of the cluster closer to the desired state. TODO(user): Modify the Reconcile function to compare the state specified by the ProjectReference object against the actual cluster state, and then perform operations to make the cluster state reflect the state specified by the user.

For more details, check Reconcile and its Result here: - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.11.0/pkg/reconcile

func (*ProjectReferenceReconciler) ReconcileHandler ¶

func (r *ProjectReferenceReconciler) ReconcileHandler(adapter *ReferenceAdapter, reqLogger logr.Logger) (ctrl.Result, error)

ReconcileHandler reads that state of the cluster for a ProjectReference object and makes changes based on the state read and what is in the ProjectReference.Spec

func (*ProjectReferenceReconciler) SetupWithManager ¶

func (r *ProjectReferenceReconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager sets up the controller with the Manager.

type ReferenceAdapter ¶

type ReferenceAdapter struct {
	ProjectClaim     *gcpv1alpha1.ProjectClaim
	ProjectReference *gcpv1alpha1.ProjectReference

	OperatorConfig configmap.OperatorConfigMap
	// contains filtered or unexported fields
}

ReferenceAdapter is used to do all the processing of the ProjectReference type inside the reconcile loop

func NewReferenceAdapter ¶

func NewReferenceAdapter(
	projectReference *gcpv1alpha1.ProjectReference,
	logger logr.Logger, client client.Client,
	gcpClient gcpclient.Client,
	manager condition.Conditions,
	cm configmap.OperatorConfigMap,
) (*ReferenceAdapter, error)

NewReferenceAdapter creates an adapter to turn what is requested in a ProjectReference into a GCP project and write the output back.

func (*ReferenceAdapter) AddOrUpdateBindings ¶

func (r *ReferenceAdapter) AddOrUpdateBindings(serviceAccountEmail string, policies []string, memberType util.IamMemberType) (AddorUpdateBindingResponse, error)

AddOrUpdateBindings gets the policy and checks if the bindings match the required roles

func (*ReferenceAdapter) DeleteIAMPolicy ¶

func (r *ReferenceAdapter) DeleteIAMPolicy(serviceAccountEmail string, memberType util.IamMemberType) error

func (*ReferenceAdapter) EnsureFinalizerDeleted ¶

func (r *ReferenceAdapter) EnsureFinalizerDeleted() error

EnsureFinalizerDeleted parses the meta.Finalizers of ProjectReference instance and removes FinalizerName if found;

func (*ReferenceAdapter) EnsureProjectCleanedUp ¶

func (r *ReferenceAdapter) EnsureProjectCleanedUp() error

EnsureProjectCleanedUp deletes the project, the secret and the finalizer if they still exist

func (*ReferenceAdapter) IsDeletionRequested ¶

func (r *ReferenceAdapter) IsDeletionRequested() bool

IsDeletionRequested checks the metadata.deletionTimestamp of ProjectReference instance, and returns if delete requested. The controllers watching the ProjectReference use this as a signal to know when to execute the finalizer.

func (*ReferenceAdapter) SetIAMPolicy ¶

func (r *ReferenceAdapter) SetIAMPolicy(serviceAccountEmail string, policies []string, memberType util.IamMemberType) error

SetIAMPolicy attempts to update policy if the policy needs to be modified

func (*ReferenceAdapter) SetProjectReferenceCondition ¶

func (r *ReferenceAdapter) SetProjectReferenceCondition(reason string, err error) error

SetProjectReferenceCondition calls SetCondition() with project reference conditions It returns nil if no conditions defined before and the err is nil It updates the condition with err message, probe, etc... if err does exist It marks the condition as resolved if the err is nil and there is at least one condition defined before

func (*ReferenceAdapter) StatusUpdate ¶

func (r *ReferenceAdapter) StatusUpdate() error

StatusUpdate updates the project reference status

func (*ReferenceAdapter) UpdateProjectID ¶

func (r *ReferenceAdapter) UpdateProjectID() error

UpdateProjectID updates the ProjectReference with a unique ID for the ProjectID

func (*ReferenceAdapter) UpdateServiceAccountName ¶

func (r *ReferenceAdapter) UpdateServiceAccountName() error

type ReferenceReconcileOperation ¶

type ReferenceReconcileOperation func(*ReferenceAdapter) (util.OperationResult, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL