fi

package
v0.0.0-...-0147870 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 26, 2019 License: Apache-2.0 Imports: 48 Imported by: 0

Documentation

Index

Constants

View Source
const CertificateId_CA = "ca"
View Source
const (
	// SecretNameSSHPrimary is the Name for the primary SSH key
	SecretNameSSHPrimary = "admin"
)

Variables

View Source
var LifecycleNameMap = map[string]Lifecycle{
	"Sync":                     LifecycleSync,
	"Ignore":                   LifecycleIgnore,
	"WarnIfInsufficientAccess": LifecycleWarnIfInsufficientAccess,
	"ExistsAndValidates":       LifecycleExistsAndValidates,
	"ExistsAndWarnIfChanges":   LifecycleExistsAndWarnIfChanges,
}

LifecycleNameMap is used to validate in the UX. When a user provides a lifecycle name it then can be mapped to the actual lifecycle.

Lifecycles are used for ux validation. When validation fails the lifecycle names are printed out.

Functions

func Bool

func Bool(v bool) *bool

Bool returns a pointer to a bool

func BoolValue

func BoolValue(v *bool) bool

BoolValue returns the value of bool pointer or false

func BuildCAX509Template

func BuildCAX509Template() *x509.Certificate

func BuildChanges

func BuildChanges(a, e, changes interface{}) bool

BuildChanges compares the values of a & e, and populates differences into changes, except that if a value is nil in e, the corresponding value in a is ignored. a, e and changes must all be of the same type a is the actual object found, e is the expected value Note that the ignore-nil-in-e logic therefore implements the idea that nil value in e means "don't care" If a is nil, all the non-nil values in e will be copied over to changes, because every field in e must be applied

func BuildTimestampString

func BuildTimestampString() string

func CannotChangeField

func CannotChangeField(key string) error

func CopyResource

func CopyResource(dest io.Writer, r Resource) (int64, error)

func DebugAsJsonString

func DebugAsJsonString(v interface{}) string

func DebugAsJsonStringIndent

func DebugAsJsonStringIndent(v interface{}) string

func DebugPrint

func DebugPrint(o interface{}) string

func DefaultDeltaRunMethod

func DefaultDeltaRunMethod(e Task, c *Context) error

DefaultDeltaRunMethod implements the standard change-based run procedure: find the existing item; compare properties; call render with (actual, expected, changes)

func DeleteKeysetItem

func DeleteKeysetItem(client kopsinternalversion.KeysetInterface, name string, keysetType kops.KeysetType, id string) error

DeleteKeysetItem deletes the specified key from the registry; deleting the whole keyset if it was the last one

func DownloadURL

func DownloadURL(url string, dest string, hash *hashing.Hash) (*hashing.Hash, error)

func EnsureFileMode

func EnsureFileMode(destPath string, fileMode os.FileMode) (bool, error)

func EnsureFileOwner

func EnsureFileOwner(destPath string, owner string, groupName string) (bool, error)

func FieldIsImmutable

func FieldIsImmutable(newVal, oldVal interface{}, fldPath *field.Path) *field.Error

func FileModeToString

func FileModeToString(mode os.FileMode) string

func FindPrimary

func FindPrimary(keyset *kops.Keyset) *kops.KeysetItem

FindPrimary returns the primary KeysetItem in the Keyset

func FindTaskDependencies

func FindTaskDependencies(tasks map[string]Task) map[string][]string

FindTaskDependencies returns a map from each task's key to the discovered list of dependencies

func Float32

func Float32(v float32) *float32

Float32 returns a point to a float32

func Float32Value

func Float32Value(v *float32) float32

Float32Value returns the value of the float

func Float64

func Float64(v float64) *float64

Float64 returns a point to a float64

func Float64Value

func Float64Value(v *float64) float64

Float64Value returns the value of the float

func GuessCloudForZone

func GuessCloudForZone(zone string) (kops.CloudProviderID, bool)

GuessCloudForZone tries to infer the cloudprovider from the zone name Ali has the same zoneNames as AWS in the regions outside China, so if use AliCloud to install k8s in the regions outside China, the users need to provide parameter "--cloud". But the regions inside China can be easily identified.

func Int

func Int(v int) *int

func Int32

func Int32(v int32) *int32

func Int32Value

func Int32Value(v *int32) int32

func Int64

func Int64(v int64) *int64

Int64 is a helper that builds a *int64 from an int64 value This is similar to aws.Int64, except that we use it for non-AWS values

func Int64Value

func Int64Value(v *int64) int64

func IntValue

func IntValue(v *int) int

func IsNilOrEmpty

func IsNilOrEmpty(s *string) bool

func ParseFileMode

func ParseFileMode(s string, defaultMode os.FileMode) (os.FileMode, error)

func PrintCompareWithID

func PrintCompareWithID(o interface{}) (string, bool)

func PrintResource

func PrintResource(o interface{}) (string, bool)

func PrintResourceHolder

func PrintResourceHolder(o interface{}) (string, bool)

func RequiredField

func RequiredField(key string) error

func ResourceAsBytes

func ResourceAsBytes(r Resource) ([]byte, error)

func ResourceAsString

func ResourceAsString(r Resource) (string, error)

func ResourcesMatch

func ResourcesMatch(a, b Resource) (bool, error)

func SafeClose

func SafeClose(r io.Reader)

func SerializeKeyset

func SerializeKeyset(o *kops.Keyset) ([]byte, error)

func String

func String(s string) *string

String is a helper that builds a *string from a string value This is similar to aws.String, except that we use it for non-AWS values

func StringValue

func StringValue(s *string) string

func TaskAsString

func TaskAsString(t Task) string

TaskAsString renders the task for debug output TODO: Use reflection to make this cleaner: don't recurse into tasks - print their names instead also print resources in a cleaner way (use the resource source information?)

func TypeNameForTask

func TypeNameForTask(task interface{}) string

func Uint64Value

func Uint64Value(v *uint64) uint64

func WriteFile

func WriteFile(destPath string, contents Resource, fileMode os.FileMode, dirMode os.FileMode) error

Types

type AssetStore

type AssetStore struct {
	// contains filtered or unexported fields
}

func NewAssetStore

func NewAssetStore(cacheDir string) *AssetStore

func (*AssetStore) Add

func (a *AssetStore) Add(id string) error

Add an asset into the store, in one of the recognized formats (see Assets in types package)

func (*AssetStore) Find

func (a *AssetStore) Find(key string, assetPath string) (Resource, error)

type ByTaskKey

type ByTaskKey []*render

ByTaskKey sorts []*render by TaskKey (type/name)

func (ByTaskKey) Len

func (a ByTaskKey) Len() int

func (ByTaskKey) Less

func (a ByTaskKey) Less(i, j int) bool

func (ByTaskKey) Swap

func (a ByTaskKey) Swap(i, j int)

type BytesResource

type BytesResource struct {
	// contains filtered or unexported fields
}

func NewBytesResource

func NewBytesResource(data []byte) *BytesResource

func (*BytesResource) MarshalJSON

func (b *BytesResource) MarshalJSON() ([]byte, error)

MarshalJSON is a custom marshaller so this will be printed as a string (instead of nothing) This is used in tests to verify the expected output.

func (*BytesResource) Open

func (r *BytesResource) Open() (io.Reader, error)

type CAStore

type CAStore interface {
	Keystore

	// CertificatePool returns all active certificates with the specified id
	// Deprecated: prefer FindCertificatePool
	CertificatePool(name string, createIfMissing bool) (*CertificatePool, error)

	// FindCertificatePool returns the named CertificatePool, or (nil,nil) if not found
	FindCertificatePool(name string) (*CertificatePool, error)

	// FindCertificateKeyset will return the keyset for a certificate
	FindCertificateKeyset(name string) (*kops.Keyset, error)

	// FindPrivateKey returns the named private key, or (nil,nil) if not found
	FindPrivateKey(name string) (*pki.PrivateKey, error)

	// FindPrivateKeyset will return the keyset for a private key
	FindPrivateKeyset(name string) (*kops.Keyset, error)

	// FindCert returns the specified certificate, if it exists, or nil if not found
	FindCert(name string) (*pki.Certificate, error)

	// ListKeysets will return all the KeySets
	// The key material is not guaranteed to be populated - metadata like the name will be.
	ListKeysets() ([]*kops.Keyset, error)

	// AddCert adds an alternative certificate to the pool (primarily useful for CAs)
	AddCert(name string, cert *pki.Certificate) error

	// DeleteKeysetItem will delete the specified item from the Keyset
	DeleteKeysetItem(item *kops.Keyset, id string) error
}

func NewClientsetCAStore

func NewClientsetCAStore(cluster *kops.Cluster, clientset kopsinternalversion.KopsInterface, namespace string) CAStore

NewClientsetCAStore is the constructor for ClientsetCAStore

type CertificatePool

type CertificatePool struct {
	Secondary []*pki.Certificate
	Primary   *pki.Certificate
}

func (*CertificatePool) All

func (c *CertificatePool) All() []*pki.Certificate

func (*CertificatePool) AsString

func (c *CertificatePool) AsString() (string, error)

type ClientsetCAStore

type ClientsetCAStore struct {
	// contains filtered or unexported fields
}

ClientsetCAStore is a CAStore implementation that stores keypairs in Keyset on a API server

func (*ClientsetCAStore) AddCert

func (c *ClientsetCAStore) AddCert(name string, cert *pki.Certificate) error

AddCert implements CAStore::AddCert

func (*ClientsetCAStore) AddSSHPublicKey

func (c *ClientsetCAStore) AddSSHPublicKey(name string, pubkey []byte) error

AddSSHPublicKey implements CAStore::AddSSHPublicKey

func (*ClientsetCAStore) CertificatePool

func (c *ClientsetCAStore) CertificatePool(id string, createIfMissing bool) (*CertificatePool, error)

CertificatePool implements CAStore::CertificatePool

func (*ClientsetCAStore) CreateKeypair

func (c *ClientsetCAStore) CreateKeypair(signer string, id string, template *x509.Certificate, privateKey *pki.PrivateKey) (*pki.Certificate, error)

CreateKeypair implements CAStore::CreateKeypair

func (*ClientsetCAStore) DeleteKeysetItem

func (c *ClientsetCAStore) DeleteKeysetItem(item *kops.Keyset, id string) error

DeleteKeysetItem implements CAStore::DeleteKeysetItem

func (*ClientsetCAStore) DeleteSSHCredential

func (c *ClientsetCAStore) DeleteSSHCredential(item *kops.SSHCredential) error

DeleteSSHCredential implements SSHCredentialStore::DeleteSSHCredential

func (*ClientsetCAStore) FindCert

func (c *ClientsetCAStore) FindCert(name string) (*pki.Certificate, error)

FindCert implements CAStore::FindCert

func (*ClientsetCAStore) FindCertificateKeyset

func (c *ClientsetCAStore) FindCertificateKeyset(name string) (*kops.Keyset, error)

FindCertificateKeyset implements CAStore::FindCertificateKeyset

func (*ClientsetCAStore) FindCertificatePool

func (c *ClientsetCAStore) FindCertificatePool(name string) (*CertificatePool, error)

FindCertificatePool implements CAStore::FindCertificatePool

func (*ClientsetCAStore) FindKeypair

func (c *ClientsetCAStore) FindKeypair(name string) (*pki.Certificate, *pki.PrivateKey, KeysetFormat, error)

FindKeypair implements CAStore::FindKeypair

func (*ClientsetCAStore) FindPrivateKey

func (c *ClientsetCAStore) FindPrivateKey(name string) (*pki.PrivateKey, error)

FindPrivateKey implements CAStore::FindPrivateKey

func (*ClientsetCAStore) FindPrivateKeyset

func (c *ClientsetCAStore) FindPrivateKeyset(name string) (*kops.Keyset, error)

FindPrivateKeyset implements CAStore::FindPrivateKeyset

func (*ClientsetCAStore) FindSSHPublicKeys

func (c *ClientsetCAStore) FindSSHPublicKeys(name string) ([]*kops.SSHCredential, error)

FindSSHPublicKeys implements CAStore::FindSSHPublicKeys

func (*ClientsetCAStore) IssueCert

func (c *ClientsetCAStore) IssueCert(signer string, name string, serial *big.Int, privateKey *pki.PrivateKey, template *x509.Certificate) (*pki.Certificate, error)

IssueCert implements CAStore::IssueCert

func (*ClientsetCAStore) ListKeysets

func (c *ClientsetCAStore) ListKeysets() ([]*kops.Keyset, error)

ListKeysets implements CAStore::ListKeysets

func (*ClientsetCAStore) ListSSHCredentials

func (c *ClientsetCAStore) ListSSHCredentials() ([]*kops.SSHCredential, error)

ListSSHCredentials implements SSHCredentialStore::ListSSHCredentials

func (*ClientsetCAStore) MirrorTo

func (c *ClientsetCAStore) MirrorTo(basedir vfs.Path) error

func (*ClientsetCAStore) StoreKeypair

func (c *ClientsetCAStore) StoreKeypair(name string, cert *pki.Certificate, privateKey *pki.PrivateKey) error

StoreKeypair implements CAStore::StoreKeypair

type Cloud

type Cloud interface {
	ProviderID() kops.CloudProviderID

	DNS() (dnsprovider.Interface, error)

	// FindVPCInfo looks up the specified VPC by id, returning info if found, otherwise (nil, nil)
	FindVPCInfo(id string) (*VPCInfo, error)

	// DeleteInstance deletes a cloud instance
	DeleteInstance(instance *cloudinstances.CloudInstanceGroupMember) error

	// DeleteGroup deletes the cloud resources that make up a CloudInstanceGroup, including the instances
	DeleteGroup(group *cloudinstances.CloudInstanceGroup) error

	// GetCloudGroups returns a map of cloud instances that back a kops cluster
	GetCloudGroups(cluster *kops.Cluster, instancegroups []*kops.InstanceGroup, warnUnmatched bool, nodes []v1.Node) (map[string]*cloudinstances.CloudInstanceGroup, error)
}

type CompareWithID

type CompareWithID interface {
	CompareWithID() *string
}

CompareWithID indicates that the value should be compared by the returned ID value (instead of a deep comparison) Most Tasks implement this, because typically when a Task references another task, it only is concerned with being linked to that task, not the values of the task. For example, when an instance is linked to a disk, it cares that the disk is attached to that instance, not the size or speed of the disk.

type Context

type Context struct {
	Tmpdir string

	Target            Target
	DNS               dnsprovider.Interface
	Cloud             Cloud
	Cluster           *kops.Cluster
	Keystore          Keystore
	SecretStore       SecretStore
	ClusterConfigBase vfs.Path

	CheckExisting bool
	// contains filtered or unexported fields
}

func NewContext

func NewContext(target Target, cluster *kops.Cluster, cloud Cloud, keystore Keystore, secretStore SecretStore, clusterConfigBase vfs.Path, checkExisting bool, tasks map[string]Task) (*Context, error)

func (*Context) AddWarning

func (c *Context) AddWarning(task Task, message string)

AddWarning records a warning encountered during validation / creation. Typically this will be an error that we choose to ignore because of Lifecycle.

func (*Context) AllTasks

func (c *Context) AllTasks() map[string]Task

func (*Context) Close

func (c *Context) Close()

func (*Context) NewTempDir

func (c *Context) NewTempDir(prefix string) (string, error)

func (*Context) Render

func (c *Context) Render(a, e, changes Task) error

Render dispatches the creation of an object to the appropriate handler defined on the Task, it is typically called after we have checked the existing state of the Task and determined that is different from the desired state.

func (*Context) RunTasks

func (c *Context) RunTasks(options RunTasksOptions) error

type Deletion

type Deletion interface {
	Delete(target Target) error

	TaskName() string
	Item() string
}

type DeletionByTaskName

type DeletionByTaskName []Deletion

DeletionByTaskName sorts []Deletion by TaskName

func (DeletionByTaskName) Len

func (a DeletionByTaskName) Len() int

func (DeletionByTaskName) Less

func (a DeletionByTaskName) Less(i, j int) bool

func (DeletionByTaskName) Swap

func (a DeletionByTaskName) Swap(i, j int)

type DryRunTarget

type DryRunTarget struct {
	// contains filtered or unexported fields
}

DryRunTarget is a special Target that does not execute anything, but instead tracks all changes. By running against a DryRunTarget, a list of changes that would be made can be easily collected, without any special support from the Tasks.

func NewDryRunTarget

func NewDryRunTarget(assetBuilder *assets.AssetBuilder, out io.Writer) *DryRunTarget

func (*DryRunTarget) Changes

func (t *DryRunTarget) Changes() (map[string]Task, map[string]Task)

Changes returns tasks which is going to be created or updated

func (*DryRunTarget) Delete

func (t *DryRunTarget) Delete(deletion Deletion) error

func (*DryRunTarget) Deletions

func (t *DryRunTarget) Deletions() []string

Deletions returns all task names which is going to be deleted

func (*DryRunTarget) Finish

func (t *DryRunTarget) Finish(taskMap map[string]Task) error

Finish is called at the end of a run, and prints a list of changes to the configured Writer

func (*DryRunTarget) HasChanges

func (t *DryRunTarget) HasChanges() bool

HasChanges returns true iff any changes would have been made

func (*DryRunTarget) PrintReport

func (t *DryRunTarget) PrintReport(taskMap map[string]Task, out io.Writer) error

func (*DryRunTarget) ProcessDeletions

func (t *DryRunTarget) ProcessDeletions() bool

func (*DryRunTarget) Render

func (t *DryRunTarget) Render(a, e, changes Task) error

type ExistsAndWarnIfChangesError

type ExistsAndWarnIfChangesError struct {
	// contains filtered or unexported fields
}

ExistsAndWarnIfChangesError is the custom error return for fi.LifecycleExistsAndWarnIfChanges. This error is used when an object needs to fail validation, but let the user proceed with a warning.

func NewExistsAndWarnIfChangesError

func NewExistsAndWarnIfChangesError(message string) *ExistsAndWarnIfChangesError

NewWarnIfInsufficientAccessError is a builder for ExistsAndWarnIfChangesError.

func (*ExistsAndWarnIfChangesError) Error

ExistsAndWarnIfChangesError implementation of the error interface.

type FileResource

type FileResource struct {
	Path string
}

func NewFileResource

func NewFileResource(path string) *FileResource

func (*FileResource) Open

func (r *FileResource) Open() (io.Reader, error)

type Group

type Group struct {
	Name string
	Gid  int
}

func LookupGroup

func LookupGroup(name string) (*Group, error)

func LookupGroupById

func LookupGroupById(gid int) (*Group, error)

type HasAddress

type HasAddress interface {
	// FindIPAddress returns the address associated with the implementor.  If there is no address, returns (nil, nil)
	FindIPAddress(context *Context) (*string, error)
}

HasAddress is implemented by elastic/floating IP addresses, to expose the address For example, this is used so that the master SSL certificate can be configured with the dynamically allocated IP

type HasCheckExisting

type HasCheckExisting interface {
	CheckExisting(c *Context) bool
}

type HasDependencies

type HasDependencies interface {
	GetDependencies(tasks map[string]Task) []Task
}

type HasLifecycle

type HasLifecycle interface {
	GetLifecycle() *Lifecycle
	// SetLifecycle is used to override a tasks lifecycle. If a lifecycle override exists for a specific task name, then the
	// lifecycle is modified.
	SetLifecycle(lifecycle Lifecycle)
}

HasLifecycle indicates that the task has a Lifecycle

type HasName

type HasName interface {
	GetName() *string
	SetName(name string)
}

HasName indicates that the task has a Name

type HasSource

type HasSource interface {
	GetSource() *Source
}

type HasVFSPath

type HasVFSPath interface {
	VFSPath() vfs.Path
}

HasVFSPath is implemented by keystore & other stores that use a VFS path as their backing store

type KeysetFormat

type KeysetFormat string
const (
	KeysetFormatLegacy   KeysetFormat = "legacy"
	KeysetFormatV1Alpha2 KeysetFormat = "v1alpha2"
)

type Keystore

type Keystore interface {
	// FindKeypair finds a cert & private key, returning nil where either is not found
	// (if the certificate is found but not keypair, that is not an error: only the cert will be returned).
	// This func returns a cert, private key and a string.  The string value is the Format of the keystore which is either
	// an empty string, which denotes a Legacy Keypair, or a value of "Keypair".  This string is used by a keypair
	// task convert a Legacy Keypair to the new Keypair API format.
	FindKeypair(name string) (*pki.Certificate, *pki.PrivateKey, KeysetFormat, error)

	CreateKeypair(signer string, name string, template *x509.Certificate, privateKey *pki.PrivateKey) (*pki.Certificate, error)

	// StoreKeypair writes the keypair to the store
	StoreKeypair(id string, cert *pki.Certificate, privateKey *pki.PrivateKey) error

	// MirrorTo will copy secrets to a vfs.Path, which is often easier for a machine to read
	MirrorTo(basedir vfs.Path) error
}

Keystore contains just the functions we need to issue keypairs, not to list / manage them

type KeystoreItem

type KeystoreItem struct {
	Type kops.KeysetType
	Name string
	Id   string
	Data []byte
}

type Lifecycle

type Lifecycle string
const (
	// LifecycleSync should do the normal synchronization
	LifecycleSync Lifecycle = "Sync"

	// LifecycleIgnore will skip the task
	LifecycleIgnore Lifecycle = "Ignore"

	// LifecycleWarnIfInsufficientAccess will warn but ignore the task if there is an error during the find
	LifecycleWarnIfInsufficientAccess Lifecycle = "WarnIfInsufficientAccess"

	// LifecycleExistsAndValidates will check that the task exists and is the same
	LifecycleExistsAndValidates Lifecycle = "ExistsAndValidates"

	// LifecycleExistsAndWarnIfChanges will check that the task exists and will warn on changes, but then ignore them
	LifecycleExistsAndWarnIfChanges Lifecycle = "ExistsAndWarnIfChanges"
)

type ModelBuilder

type ModelBuilder interface {
	Build(context *ModelBuilderContext) error
}

ModelBuilder allows for plugins that configure an aspect of the model, based on the configuration

type ModelBuilderContext

type ModelBuilderContext struct {
	Tasks              map[string]Task
	LifecycleOverrides map[string]Lifecycle
}

ModelBuilderContext is a context object that holds state we want to pass to ModelBuilder

func (*ModelBuilderContext) AddTask

func (c *ModelBuilderContext) AddTask(task Task)

func (*ModelBuilderContext) EnsureTask

func (c *ModelBuilderContext) EnsureTask(task Task) error

EnsureTask ensures that the specified task is configured. It adds the task if it does not already exist. If it does exist, it verifies that the existing task reflect.DeepEqual the new task, if they are different an error is returned.

type ProducesDeletions

type ProducesDeletions interface {
	FindDeletions(*Context) ([]Deletion, error)
}

type Resource

type Resource interface {
	Open() (io.Reader, error)
}

type ResourceHolder

type ResourceHolder struct {
	Name     string
	Resource Resource
}

ResourceHolder is used in JSON/YAML models; it holds a resource but renders to/from a string After unmarshaling, the resource should be found by Name, and set on Resource

func WrapResource

func WrapResource(r Resource) *ResourceHolder

WrapResource creates a ResourceHolder for the specified resource

func (*ResourceHolder) AsBytes

func (o *ResourceHolder) AsBytes() ([]byte, error)

AsString returns the value of the resource as a byte-slice

func (*ResourceHolder) AsString

func (o *ResourceHolder) AsString() (string, error)

AsString returns the value of the resource as a string

func (*ResourceHolder) Open

func (o *ResourceHolder) Open() (io.Reader, error)

Open implements the Open method of the Resource interface

func (*ResourceHolder) UnmarshalJSON

func (o *ResourceHolder) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the special JSON marshaling for the resource, rendering the name

func (*ResourceHolder) Unwrap

func (o *ResourceHolder) Unwrap() Resource

Unwrap returns the underlying resource

type RunTasksOptions

type RunTasksOptions struct {
	MaxTaskDuration         time.Duration
	WaitAfterAllTasksFailed time.Duration
}

func (*RunTasksOptions) InitDefaults

func (o *RunTasksOptions) InitDefaults()

type SSHCredentialStore

type SSHCredentialStore interface {
	// DeleteSSHCredential deletes the specified SSH credential
	DeleteSSHCredential(item *kops.SSHCredential) error

	// ListSSHCredentials will list all the SSH credentials
	ListSSHCredentials() ([]*kops.SSHCredential, error)

	// AddSSHPublicKey adds an SSH public key
	AddSSHPublicKey(name string, data []byte) error

	// FindSSHPublicKeys retrieves the SSH public keys with the specific name
	FindSSHPublicKeys(name string) ([]*kops.SSHCredential, error)
}

SSHCredentialStore holds SSHCredential objects

func NewClientsetSSHCredentialStore

func NewClientsetSSHCredentialStore(cluster *kops.Cluster, clientset kopsinternalversion.KopsInterface, namespace string) SSHCredentialStore

NewClientsetSSHCredentialStore creates an SSHCredentialStore backed by an API client

func NewVFSSSHCredentialStore

func NewVFSSSHCredentialStore(cluster *kops.Cluster, basedir vfs.Path) SSHCredentialStore

NewVFSSSHCredentialStore creates a SSHCredentialStore backed by VFS

type Secret

type Secret struct {
	Data []byte
}

func CreateSecret

func CreateSecret() (*Secret, error)

func (*Secret) AsString

func (s *Secret) AsString() (string, error)

type SecretStore

type SecretStore interface {
	// Secret returns a secret.  Returns an error if not found
	Secret(id string) (*Secret, error)
	// DeleteSecret deletes the specified secret
	DeleteSecret(id string) error
	// FindSecret finds a secret, if exists.  Returns nil,nil if not found
	FindSecret(id string) (*Secret, error)
	// GetOrCreateSecret creates a secret
	GetOrCreateSecret(id string, secret *Secret) (current *Secret, created bool, err error)
	// ReplaceSecret will forcefully update an existing secret if it exists
	ReplaceSecret(id string, secret *Secret) (current *Secret, err error)
	// ListSecrets lists the ids of all known secrets
	ListSecrets() ([]string, error)

	// MirrorTo will copy secrets to a vfs.Path, which is often easier for a machine to read
	MirrorTo(basedir vfs.Path) error
}

type Source

type Source struct {
	Parent             *Source
	URL                string
	Hash               *hashing.Hash
	ExtractFromArchive string
}

func (*Source) Key

func (s *Source) Key() string

Builds a unique key for this source

func (*Source) String

func (s *Source) String() string

type StringResource

type StringResource struct {
	// contains filtered or unexported fields
}

func NewStringResource

func NewStringResource(s string) *StringResource

func (*StringResource) MarshalJSON

func (r *StringResource) MarshalJSON() ([]byte, error)

func (*StringResource) Open

func (s *StringResource) Open() (io.Reader, error)

type SubnetInfo

type SubnetInfo struct {
	ID   string
	Zone string
	CIDR string
}

type Target

type Target interface {
	// Lifecycle methods, called by the driver
	Finish(taskMap map[string]Task) error

	// ProcessDeletions returns true if we should delete resources
	// Some providers (e.g. Terraform) actively keep state, and will delete resources automatically
	ProcessDeletions() bool
}

type Task

type Task interface {
	Run(*Context) error
}

type TemplateResource

type TemplateResource interface {
	Resource
	Curry(args []string) TemplateResource
}

type User

type User struct {
	Name    string
	Uid     int
	Gid     int
	Comment string
	Home    string
	Shell   string
}

func LookupUser

func LookupUser(name string) (*User, error)

func LookupUserById

func LookupUserById(uid int) (*User, error)

type VFSCAStore

type VFSCAStore struct {

	// SerialGenerator is the function for generating certificate serial numbers
	// It can be replaced for testing purposes.
	SerialGenerator func() *big.Int
	// contains filtered or unexported fields
}

func NewVFSCAStore

func NewVFSCAStore(cluster *kops.Cluster, basedir vfs.Path, allowList bool) *VFSCAStore

func (*VFSCAStore) AddCert

func (c *VFSCAStore) AddCert(name string, cert *pki.Certificate) error

func (*VFSCAStore) AddSSHPublicKey

func (c *VFSCAStore) AddSSHPublicKey(name string, pubkey []byte) error

AddSSHPublicKey stores an SSH public key

func (*VFSCAStore) CertificatePool

func (c *VFSCAStore) CertificatePool(id string, createIfMissing bool) (*CertificatePool, error)

func (*VFSCAStore) CreateKeypair

func (c *VFSCAStore) CreateKeypair(signer string, id string, template *x509.Certificate, privateKey *pki.PrivateKey) (*pki.Certificate, error)

func (*VFSCAStore) DeleteKeysetItem

func (c *VFSCAStore) DeleteKeysetItem(item *kops.Keyset, id string) error

DeleteKeysetItem implements CAStore::DeleteKeysetItem

func (*VFSCAStore) DeleteSSHCredential

func (c *VFSCAStore) DeleteSSHCredential(item *kops.SSHCredential) error

func (*VFSCAStore) FindCert

func (c *VFSCAStore) FindCert(name string) (*pki.Certificate, error)

func (*VFSCAStore) FindCertificateKeyset

func (c *VFSCAStore) FindCertificateKeyset(name string) (*kops.Keyset, error)

func (*VFSCAStore) FindCertificatePool

func (c *VFSCAStore) FindCertificatePool(name string) (*CertificatePool, error)

func (*VFSCAStore) FindKeypair

func (c *VFSCAStore) FindKeypair(id string) (*pki.Certificate, *pki.PrivateKey, KeysetFormat, error)

func (*VFSCAStore) FindPrivateKey

func (c *VFSCAStore) FindPrivateKey(id string) (*pki.PrivateKey, error)

func (*VFSCAStore) FindPrivateKeyset

func (c *VFSCAStore) FindPrivateKeyset(name string) (*kops.Keyset, error)

func (*VFSCAStore) FindSSHPublicKeys

func (c *VFSCAStore) FindSSHPublicKeys(name string) ([]*kops.SSHCredential, error)

func (*VFSCAStore) IssueCert

func (c *VFSCAStore) IssueCert(signer string, id string, serial *big.Int, privateKey *pki.PrivateKey, template *x509.Certificate) (*pki.Certificate, error)

func (*VFSCAStore) ListKeysets

func (c *VFSCAStore) ListKeysets() ([]*kops.Keyset, error)

ListKeysets implements CAStore::ListKeysets

func (*VFSCAStore) ListSSHCredentials

func (c *VFSCAStore) ListSSHCredentials() ([]*kops.SSHCredential, error)

ListSSHCredentials implements SSHCredentialStore::ListSSHCredentials

func (*VFSCAStore) MirrorTo

func (c *VFSCAStore) MirrorTo(basedir vfs.Path) error

MirrorTo will copy keys to a vfs.Path, which is often easier for a machine to read

func (*VFSCAStore) StoreKeypair

func (c *VFSCAStore) StoreKeypair(name string, cert *pki.Certificate, privateKey *pki.PrivateKey) error

func (*VFSCAStore) VFSPath

func (s *VFSCAStore) VFSPath() vfs.Path

type VFSResource

type VFSResource struct {
	Path vfs.Path
}

func NewVFSResource

func NewVFSResource(path vfs.Path) *VFSResource

func (*VFSResource) Open

func (r *VFSResource) Open() (io.Reader, error)

type VPCInfo

type VPCInfo struct {
	// CIDR is the IP address range for the VPC
	CIDR string

	// Subnets is a list of subnets that are part of the VPC
	Subnets []*SubnetInfo
}

type Warning

type Warning struct {
	Task    Task
	Message string
}

Warning holds the details of a warning encountered during validation/creation

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL