Documentation
¶
Index ¶
- func IsObjectRBACRelated(obj interface{}) (related bool, object runtime.Object)
- func IsOperatorGroupError(err error) bool
- func IsServiceAccountToken(secret *v1.Secret, sa *v1.ServiceAccount) bool
- func NewOperatorGroupError(s string) error
- type BearerTokenRetriever
- type ClientAttenuator
- type ServiceAccountQuerierFunc
- type UserDefinedServiceAccountQuerier
- type UserDefinedServiceAccountSyncer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsObjectRBACRelated ¶
func IsOperatorGroupError ¶ added in v0.18.0
IsOperatorGroupError checks if an error is an operator group error This lets us classify multiple errors as operatorGroupError without defining and checking all the specific error value types
func IsServiceAccountToken ¶
func IsServiceAccountToken(secret *v1.Secret, sa *v1.ServiceAccount) bool
IsServiceAccountToken returns true if the secret is a valid api token for the service account This has been copied from https://github.com/kubernetes/kubernetes/blob/master/pkg/serviceaccount/util.go
func NewOperatorGroupError ¶ added in v0.18.0
Types ¶
type BearerTokenRetriever ¶
type BearerTokenRetriever struct {
// contains filtered or unexported fields
}
BearerTokenRetriever retrieves bearer token from a service account.
func (*BearerTokenRetriever) Retrieve ¶
func (r *BearerTokenRetriever) Retrieve(reference *corev1.ObjectReference) (token string, err error)
Retrieve returns the bearer token for API access from a given service account reference.
type ClientAttenuator ¶
type ClientAttenuator struct {
// contains filtered or unexported fields
}
ClientAttenuator returns appropriately scoped client(s) to be used for an operator that is being installed.
func NewClientAttenuator ¶
func NewClientAttenuator(logger logrus.FieldLogger, config *rest.Config, kubeclient operatorclient.ClientInterface) *ClientAttenuator
NewClientAttenuator returns a new instance of ClientAttenuator.
func (*ClientAttenuator) AttenuateToServiceAccount ¶ added in v0.18.2
func (a *ClientAttenuator) AttenuateToServiceAccount(querier ServiceAccountQuerierFunc) (clients.ConfigTransformer, error)
type ServiceAccountQuerierFunc ¶
type ServiceAccountQuerierFunc func() (reference *corev1.ObjectReference, err error)
ServiceAccountQuerierFunc returns a reference to the service account from which scope client(s) can be created. This abstraction allows the attenuator to be agnostic of what the source of user specified service accounts are. A user can specify service account(s) for an operator group, subscription and CSV.
func StaticQuerier ¶ added in v0.18.2
func StaticQuerier(ref *corev1.ObjectReference) ServiceAccountQuerierFunc
type UserDefinedServiceAccountQuerier ¶
type UserDefinedServiceAccountQuerier struct {
// contains filtered or unexported fields
}
UserDefinedServiceAccountQuerier retrieves reference to user defined service account(s).
func NewUserDefinedServiceAccountQuerier ¶
func NewUserDefinedServiceAccountQuerier(logger *logrus.Logger, crclient versioned.Interface) *UserDefinedServiceAccountQuerier
NewUserDefinedServiceAccountQuerier returns a new instance of UserDefinedServiceAccountQuerier.
func (*UserDefinedServiceAccountQuerier) NamespaceQuerier ¶
func (f *UserDefinedServiceAccountQuerier) NamespaceQuerier(namespace string) ServiceAccountQuerierFunc
NamespaceQuerier returns an instance of ServiceAccountQuerierFunc that can be used by the caller to get the reference to the service account associated with the namespace.
type UserDefinedServiceAccountSyncer ¶
type UserDefinedServiceAccountSyncer struct {
// contains filtered or unexported fields
}
UserDefinedServiceAccountSyncer syncs an operator group appropriately when a user defined service account is specified.
func NewUserDefinedServiceAccountSyncer ¶
func NewUserDefinedServiceAccountSyncer(logger *logrus.Logger, scheme *runtime.Scheme, client operatorclient.ClientInterface, versioned versioned.Interface) *UserDefinedServiceAccountSyncer
NewUserDefinedServiceAccountSyncer returns a new instance of UserDefinedServiceAccountSyncer.
func (*UserDefinedServiceAccountSyncer) SyncOperatorGroup ¶
func (s *UserDefinedServiceAccountSyncer) SyncOperatorGroup(in *v1.OperatorGroup) (out *v1.OperatorGroup, err error)
SyncOperatorGroup takes appropriate actions when a user specifies a service account.
Source Files