Documentation ¶
Index ¶
- Variables
- func ApplyRoleBindingTaints(ctx context.Context, store RBACStore, rb *corev1.RoleBinding) error
- func NewRBACProvider(store SubjectAccessCapableStore) rbac.Provider
- type AlertFilterOptions
- type AlertingStore
- type Backend
- type ClusterMutator
- type ClusterSelector
- type ClusterStore
- type CompositeBackend
- type KeyValueStore
- type KeyValueStoreBroker
- type KeyringStore
- type KeyringStoreBroker
- type MutatorFunc
- func NewAddCapabilityMutator[O corev1.MetadataAccessor[T], T corev1.Capability[T]](capability T) MutatorFunc[O]
- func NewCompositeMutator[T any](mutators ...MutatorFunc[T]) MutatorFunc[T]
- func NewIncrementUsageCountMutator() MutatorFunc[*corev1.BootstrapToken]
- func NewRemoveCapabilityMutator[O corev1.MetadataAccessor[T], T corev1.Capability[T]](capability T) MutatorFunc[O]
- type NotFoundError
- type RBACStore
- type SelectorPredicate
- type SubjectAccessCapableStore
- type TokenCreateOption
- type TokenCreateOptions
- type TokenMutator
- type TokenStore
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrNotFound = &NotFoundError{}
Functions ¶
func ApplyRoleBindingTaints ¶
func NewRBACProvider ¶
func NewRBACProvider(store SubjectAccessCapableStore) rbac.Provider
Types ¶
type AlertFilterOptions ¶ added in v0.5.4
type AlertingStore ¶ added in v0.5.4
type AlertingStore interface { CreateAlertLog(ctx context.Context, log corev1.AlertLog) error UpdateAlertLog(ctx context.Context, ref *corev1.Reference, newLog corev1.AlertLog) error DeleteAlertLog(ctx context.Context, ref *corev1.Reference) error GetAlertLog(ctx context.Context, ref *corev1.Reference) (*corev1.AlertLog, error) ListAlertLogs(ctx context.Context, opts ...AlertFilterOptions) (*corev1.AlertLogList, error) }
type Backend ¶
type Backend interface { TokenStore ClusterStore RBACStore KeyringStoreBroker KeyValueStoreBroker }
type ClusterMutator ¶
type ClusterMutator = MutatorFunc[*corev1.Cluster]
type ClusterSelector ¶
type ClusterSelector struct { ClusterIDs []string LabelSelector *corev1.LabelSelector MatchOptions corev1.MatchOptions }
func (ClusterSelector) Predicate ¶
func (p ClusterSelector) Predicate() SelectorPredicate
type ClusterStore ¶
type ClusterStore interface { CreateCluster(ctx context.Context, cluster *corev1.Cluster) error DeleteCluster(ctx context.Context, ref *corev1.Reference) error GetCluster(ctx context.Context, ref *corev1.Reference) (*corev1.Cluster, error) UpdateCluster(ctx context.Context, ref *corev1.Reference, mutator ClusterMutator) (*corev1.Cluster, error) ListClusters(ctx context.Context, matchLabels *corev1.LabelSelector, matchOptions corev1.MatchOptions) (*corev1.ClusterList, error) }
type CompositeBackend ¶
type CompositeBackend struct { TokenStore ClusterStore RBACStore KeyringStoreBroker KeyValueStoreBroker }
func (*CompositeBackend) IsValid ¶
func (cb *CompositeBackend) IsValid() bool
func (*CompositeBackend) Use ¶
func (cb *CompositeBackend) Use(store any)
type KeyValueStore ¶
type KeyValueStoreBroker ¶
type KeyValueStoreBroker interface {
KeyValueStore(namespace string) (KeyValueStore, error)
}
type KeyringStore ¶
type KeyringStoreBroker ¶
type KeyringStoreBroker interface {
KeyringStore(namespace string, ref *corev1.Reference) (KeyringStore, error)
}
type MutatorFunc ¶
type MutatorFunc[T any] func(T)
func NewAddCapabilityMutator ¶
func NewAddCapabilityMutator[O corev1.MetadataAccessor[T], T corev1.Capability[T]](capability T) MutatorFunc[O]
func NewCompositeMutator ¶
func NewCompositeMutator[T any](mutators ...MutatorFunc[T]) MutatorFunc[T]
func NewIncrementUsageCountMutator ¶
func NewIncrementUsageCountMutator() MutatorFunc[*corev1.BootstrapToken]
func NewRemoveCapabilityMutator ¶
func NewRemoveCapabilityMutator[O corev1.MetadataAccessor[T], T corev1.Capability[T]](capability T) MutatorFunc[O]
type NotFoundError ¶
type NotFoundError struct{}
func (*NotFoundError) Error ¶
func (e *NotFoundError) Error() string
func (*NotFoundError) GRPCStatus ¶
func (e *NotFoundError) GRPCStatus() *status.Status
type RBACStore ¶
type RBACStore interface { CreateRole(context.Context, *corev1.Role) error DeleteRole(context.Context, *corev1.Reference) error GetRole(context.Context, *corev1.Reference) (*corev1.Role, error) CreateRoleBinding(context.Context, *corev1.RoleBinding) error DeleteRoleBinding(context.Context, *corev1.Reference) error GetRoleBinding(context.Context, *corev1.Reference) (*corev1.RoleBinding, error) ListRoles(context.Context) (*corev1.RoleList, error) ListRoleBindings(context.Context) (*corev1.RoleBindingList, error) }
type SelectorPredicate ¶
type SubjectAccessCapableStore ¶
type SubjectAccessCapableStore interface { ListClusters(ctx context.Context, matchLabels *corev1.LabelSelector, matchOptions corev1.MatchOptions) (*corev1.ClusterList, error) GetRole(ctx context.Context, ref *corev1.Reference) (*corev1.Role, error) ListRoleBindings(ctx context.Context) (*corev1.RoleBindingList, error) }
A store that can be used to compute subject access rules
type TokenCreateOption ¶
type TokenCreateOption func(*TokenCreateOptions)
func WithCapabilities ¶
func WithCapabilities(capabilities []*corev1.TokenCapability) TokenCreateOption
func WithLabels ¶
func WithLabels(labels map[string]string) TokenCreateOption
type TokenCreateOptions ¶
type TokenCreateOptions struct { Labels map[string]string Capabilities []*corev1.TokenCapability }
func NewTokenCreateOptions ¶
func NewTokenCreateOptions() TokenCreateOptions
func (*TokenCreateOptions) Apply ¶
func (o *TokenCreateOptions) Apply(opts ...TokenCreateOption)
type TokenMutator ¶
type TokenMutator = MutatorFunc[*corev1.BootstrapToken]
type TokenStore ¶
type TokenStore interface { CreateToken(ctx context.Context, ttl time.Duration, opts ...TokenCreateOption) (*corev1.BootstrapToken, error) DeleteToken(ctx context.Context, ref *corev1.Reference) error GetToken(ctx context.Context, ref *corev1.Reference) (*corev1.BootstrapToken, error) UpdateToken(ctx context.Context, ref *corev1.Reference, mutator TokenMutator) (*corev1.BootstrapToken, error) ListTokens(ctx context.Context) ([]*corev1.BootstrapToken, error) }
Source Files ¶
Click to show internal directories.
Click to hide internal directories.