Documentation ¶
Index ¶
- Variables
- func ApplyRoleBindingTaints(ctx context.Context, store RBACStore, rb *corev1.RoleBinding) error
- func GetStoreBuilder[T ~string](name T) func(...any) (any, error)
- func IgnoreErrNotFound(err error) error
- func NewRBACProvider(store SubjectAccessCapableStore) rbac.Provider
- func NewWatchContext[T any](base context.Context, eventC <-chan WatchEvent[T]) context.Context
- func RegisterStoreBuilder[T ~string](name T, builder func(...any) (any, error))
- type AlertFilterOptions
- type AlreadyExistsError
- type Backend
- type ClusterMutator
- type ClusterStore
- type CompositeBackend
- type GrpcTtlCache
- type HttpTtlCache
- type KeyValueStore
- type KeyValueStoreBroker
- type KeyValueStoreLocker
- type KeyValueStoreT
- type KeyringStore
- type KeyringStoreBroker
- type MutatorFunc
- func NewAddCapabilityMutator[O corev1.MetadataAccessor[T], T corev1.Capability[T]](capability T) MutatorFunc[O]
- func NewCompositeMutator[T any](mutators ...MutatorFunc[T]) MutatorFunc[T]
- func NewIncrementUsageCountMutator() MutatorFunc[*corev1.BootstrapToken]
- func NewRemoveCapabilityMutator[O corev1.MetadataAccessor[T], T corev1.Capability[T]](capability T) MutatorFunc[O]
- type NotFoundError
- type RBACStore
- type RoleBindingMutator
- type RoleMutator
- type SelectorPredicate
- type SubjectAccessCapableStore
- type TokenCreateOption
- type TokenCreateOptions
- type TokenMutator
- type TokenStore
- type ValueStoreLocker
- type ValueStoreT
- type WatchEvent
- type WatchEventType
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrEventChannelClosed = errors.New("event channel closed") ErrObjectDeleted = errors.New("object deleted") )
View Source
var ErrAlreadyExists = &AlreadyExistsError{}
View Source
var ErrNotFound = &NotFoundError{}
Functions ¶
func ApplyRoleBindingTaints ¶
func GetStoreBuilder ¶ added in v0.9.2
func IgnoreErrNotFound ¶ added in v0.10.0
func NewRBACProvider ¶
func NewRBACProvider(store SubjectAccessCapableStore) rbac.Provider
func NewWatchContext ¶ added in v0.6.0
Returns a context that listens on a watch event channel and closes its Done channel when the object is deleted. This context should have exclusive read access to the event channel to avoid missing events.
Types ¶
type AlertFilterOptions ¶ added in v0.5.4
type AlreadyExistsError ¶ added in v0.7.0
type AlreadyExistsError struct{}
func (*AlreadyExistsError) Error ¶ added in v0.7.0
func (e *AlreadyExistsError) Error() string
func (*AlreadyExistsError) GRPCStatus ¶ added in v0.7.0
func (e *AlreadyExistsError) GRPCStatus() *status.Status
type Backend ¶
type Backend interface { TokenStore ClusterStore RBACStore KeyringStoreBroker KeyValueStoreBroker }
type ClusterMutator ¶
type ClusterMutator = MutatorFunc[*corev1.Cluster]
type ClusterStore ¶
type ClusterStore interface { CreateCluster(ctx context.Context, cluster *corev1.Cluster) error DeleteCluster(ctx context.Context, ref *corev1.Reference) error GetCluster(ctx context.Context, ref *corev1.Reference) (*corev1.Cluster, error) UpdateCluster(ctx context.Context, ref *corev1.Reference, mutator ClusterMutator) (*corev1.Cluster, error) WatchCluster(ctx context.Context, cluster *corev1.Cluster) (<-chan WatchEvent[*corev1.Cluster], error) WatchClusters(ctx context.Context, known []*corev1.Cluster) (<-chan WatchEvent[*corev1.Cluster], error) ListClusters(ctx context.Context, matchLabels *corev1.LabelSelector, matchOptions corev1.MatchOptions) (*corev1.ClusterList, error) }
type CompositeBackend ¶
type CompositeBackend struct { TokenStore ClusterStore RBACStore KeyringStoreBroker KeyValueStoreBroker }
func (*CompositeBackend) IsValid ¶
func (cb *CompositeBackend) IsValid() bool
func (*CompositeBackend) Use ¶
func (cb *CompositeBackend) Use(store any)
type GrpcTtlCache ¶ added in v0.9.2
type HttpTtlCache ¶ added in v0.8.3
type KeyValueStore ¶
type KeyValueStore KeyValueStoreT[[]byte]
type KeyValueStoreBroker ¶
type KeyValueStoreBroker interface {
KeyValueStore(namespace string) KeyValueStore
}
type KeyValueStoreLocker ¶ added in v0.6.0
type KeyValueStoreLocker[T any] interface { KeyValueStoreT[T] sync.Locker }
func NewKeyValueStoreLocker ¶ added in v0.6.0
func NewKeyValueStoreLocker[T any](s KeyValueStoreT[T]) KeyValueStoreLocker[T]
type KeyValueStoreT ¶ added in v0.6.0
type KeyValueStoreT[T any] interface { Put(ctx context.Context, key string, value T) error Get(ctx context.Context, key string) (T, error) Delete(ctx context.Context, key string) error ListKeys(ctx context.Context, prefix string) ([]string, error) }
func NewKeyValueStoreWithPrefix ¶ added in v0.6.0
func NewKeyValueStoreWithPrefix[T any](base KeyValueStoreT[T], prefix string) KeyValueStoreT[T]
type KeyringStore ¶
type KeyringStoreBroker ¶
type KeyringStoreBroker interface {
KeyringStore(namespace string, ref *corev1.Reference) KeyringStore
}
type MutatorFunc ¶
type MutatorFunc[T any] func(T)
func NewAddCapabilityMutator ¶
func NewAddCapabilityMutator[O corev1.MetadataAccessor[T], T corev1.Capability[T]](capability T) MutatorFunc[O]
func NewCompositeMutator ¶
func NewCompositeMutator[T any](mutators ...MutatorFunc[T]) MutatorFunc[T]
func NewIncrementUsageCountMutator ¶
func NewIncrementUsageCountMutator() MutatorFunc[*corev1.BootstrapToken]
func NewRemoveCapabilityMutator ¶
func NewRemoveCapabilityMutator[O corev1.MetadataAccessor[T], T corev1.Capability[T]](capability T) MutatorFunc[O]
type NotFoundError ¶
type NotFoundError struct{}
func (*NotFoundError) Error ¶
func (e *NotFoundError) Error() string
func (*NotFoundError) GRPCStatus ¶
func (e *NotFoundError) GRPCStatus() *status.Status
type RBACStore ¶
type RBACStore interface { CreateRole(context.Context, *corev1.Role) error UpdateRole(ctx context.Context, ref *corev1.Reference, mutator RoleMutator) (*corev1.Role, error) DeleteRole(context.Context, *corev1.Reference) error GetRole(context.Context, *corev1.Reference) (*corev1.Role, error) CreateRoleBinding(context.Context, *corev1.RoleBinding) error UpdateRoleBinding(ctx context.Context, ref *corev1.Reference, mutator RoleBindingMutator) (*corev1.RoleBinding, error) DeleteRoleBinding(context.Context, *corev1.Reference) error GetRoleBinding(context.Context, *corev1.Reference) (*corev1.RoleBinding, error) ListRoles(context.Context) (*corev1.RoleList, error) ListRoleBindings(context.Context) (*corev1.RoleBindingList, error) }
type RoleBindingMutator ¶ added in v0.11.0
type RoleBindingMutator = MutatorFunc[*corev1.RoleBinding]
type RoleMutator ¶ added in v0.11.0
type RoleMutator = MutatorFunc[*corev1.Role]
type SelectorPredicate ¶
type SelectorPredicate[T corev1.IdLabelReader] func(T) bool
func NewSelectorPredicate ¶ added in v0.6.1
func NewSelectorPredicate[T corev1.IdLabelReader](s *corev1.ClusterSelector) SelectorPredicate[T]
type SubjectAccessCapableStore ¶
type SubjectAccessCapableStore interface { ListClusters(ctx context.Context, matchLabels *corev1.LabelSelector, matchOptions corev1.MatchOptions) (*corev1.ClusterList, error) GetRole(ctx context.Context, ref *corev1.Reference) (*corev1.Role, error) ListRoleBindings(ctx context.Context) (*corev1.RoleBindingList, error) }
A store that can be used to compute subject access rules
type TokenCreateOption ¶
type TokenCreateOption func(*TokenCreateOptions)
func WithCapabilities ¶
func WithCapabilities(capabilities []*corev1.TokenCapability) TokenCreateOption
func WithLabels ¶
func WithLabels(labels map[string]string) TokenCreateOption
func WithMaxUsages ¶ added in v0.10.0
func WithMaxUsages(usages int64) TokenCreateOption
type TokenCreateOptions ¶
type TokenCreateOptions struct { Labels map[string]string Capabilities []*corev1.TokenCapability MaxUsages int64 }
func NewTokenCreateOptions ¶
func NewTokenCreateOptions() TokenCreateOptions
func (*TokenCreateOptions) Apply ¶
func (o *TokenCreateOptions) Apply(opts ...TokenCreateOption)
type TokenMutator ¶
type TokenMutator = MutatorFunc[*corev1.BootstrapToken]
type TokenStore ¶
type TokenStore interface { CreateToken(ctx context.Context, ttl time.Duration, opts ...TokenCreateOption) (*corev1.BootstrapToken, error) DeleteToken(ctx context.Context, ref *corev1.Reference) error GetToken(ctx context.Context, ref *corev1.Reference) (*corev1.BootstrapToken, error) UpdateToken(ctx context.Context, ref *corev1.Reference, mutator TokenMutator) (*corev1.BootstrapToken, error) ListTokens(ctx context.Context) ([]*corev1.BootstrapToken, error) }
type ValueStoreLocker ¶ added in v0.6.0
type ValueStoreLocker[T any] interface { ValueStoreT[T] sync.Locker }
func NewValueStoreLocker ¶ added in v0.6.0
func NewValueStoreLocker[T any](s ValueStoreT[T], mutex ...sync.Locker) ValueStoreLocker[T]
type ValueStoreT ¶ added in v0.6.0
type ValueStoreT[T any] interface { Put(ctx context.Context, value T) error Get(ctx context.Context) (T, error) Delete(ctx context.Context) error }
func NewValueStore ¶ added in v0.6.0
func NewValueStore[T any](base KeyValueStoreT[T], key string) ValueStoreT[T]
type WatchEvent ¶ added in v0.6.0
type WatchEvent[T any] struct { EventType WatchEventType Current T Previous T }
type WatchEventType ¶ added in v0.6.0
type WatchEventType string
const ( WatchEventCreate WatchEventType = "PUT" WatchEventUpdate WatchEventType = "UPDATE" WatchEventDelete WatchEventType = "DELETE" )
Source Files ¶
Click to show internal directories.
Click to hide internal directories.