azure

package
v0.34.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 24, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source
const (

	// AzureWorkloadIdentityUseKey represents the key of azure workload identity to enable in Pod and SA.
	// https://azure.github.io/azure-workload-identity/docs/topics/service-account-labels-and-annotations.html?highlight=azure.workload.identity#pod
	AzureWorkloadIdentityUseKey = "azure.workload.identity/use"
)
View Source
const (
	// Separator represents the resource name separator.
	Separator = "-"
)

Variables

This section is empty.

Functions

func MakeAzureFileShareVolumeSpec

func MakeAzureFileShareVolumeSpec(volumeName string, persistentVolume *datamodel.PersistentVolume, applicationName string, options renderers.RenderOptions) (corev1.Volume, corev1.VolumeMount, error)

MakeAzureFileShareVolumeSpec creates a Volume and VolumeMount spec for an Azure File Share and returns them along with an error if one occurs. TODO: This is unused code now. We will enable file share later.

func MakeFederatedIdentity

func MakeFederatedIdentity(name string, envOpt *renderers.EnvironmentOptions) (*rpv1.OutputResource, error)

MakeFederatedIdentity creates an OutputResource object with the necessary fields to create a Federated Identity in Azure (aka workload identity), and returns an error if the OIDC Issuer URL or namespace is not specified.

func MakeKeyVaultSecretProviderClass

func MakeKeyVaultSecretProviderClass(appName, name string, res *datamodel.VolumeResource, objSpec string, envOpt *renderers.EnvironmentOptions) (*rpv1.OutputResource, error)

MakeKeyVaultSecretProviderClass creates a SecretProviderClass object for an Azure KeyVault resource and returns an OutputResource with the ServiceAccount as a dependency.

func MakeKeyVaultVolumeSpec

func MakeKeyVaultVolumeSpec(volumeName string, mountPath, spcName string) (corev1.Volume, corev1.VolumeMount, error)

MakeKeyVaultVolumeSpec creates a Volume and VolumeMount spec for a secret store volume using the given volumeName, mountPath and spcName and returns them along with a nil error.

func MakeManagedIdentity

func MakeManagedIdentity(name string, cloudProvider *datamodel.Providers) (*rpv1.OutputResource, error)

MakeManagedIdentity parses the Azure Provider scope and creates an OutputResource with the parsed subscription ID and resource group, and the given name. It returns an error if the scope is invalid or if the environment providers are not specified.

func MakeResourceName

func MakeResourceName(prefix, name, separator string) string

MakeResourceName creates a normalized resource name by combining the prefix, name and separator. For instance, when user uses keyvault persistent volume, RP will auto-provision per-container managed identity in the resource group which is specified by environment resource. In this case, RP uses application name as prefix to avoid the name conflict in the same resource group.

func MakeRoleAssignments

func MakeRoleAssignments(azResourceID string, roleNames []string) ([]rpv1.OutputResource, []string)

MakeRoleAssignments creates OutputResources and Dependencies for each roleName in the roleNames slice, and adds them to the outputResources and deps slices respectively.

func SetWorkloadIdentityServiceAccount

func SetWorkloadIdentityServiceAccount(base *corev1.ServiceAccount) *rpv1.OutputResource

SetWorkloadIdentityServiceAccount creates a ServiceAccount with descriptive labels and placeholder annotations for Azure Workload Identity, and returns an OutputResource with the ServiceAccount and a dependency on the FederatedIdentity.

func TransformFederatedIdentitySA

func TransformFederatedIdentitySA(ctx context.Context, options *handlers.PutOptions) error

TransformFederatedIdentitySA extracts the identity info from the request and adds it to the ServiceAccount annotations.

func TransformSecretProviderClass

func TransformSecretProviderClass(ctx context.Context, options *handlers.PutOptions) error

TransformSecretProviderClass updates the clientID and tenantID for azure workload identity.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL