transition

package
v0.0.0-...-1d80bfb Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 25, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source
const (
	Anchors        = "subnamespaceanchors"
	SubnamespaceOf = "hnc.x-k8s.io/subnamespace-of"
)

Constants for the subnamespace anchor resource type and namespace annotation.

Variables

This section is empty.

Functions

func AddUserScopeBindings

func AddUserScopeBindings(user *userv1.User, scopeType, scopeName, role string)

func RefreshUserStatus

func RefreshUserStatus(ctx context.Context, user *userv1.User, cli client.Client)

func RemoveUserScopeBindings

func RemoveUserScopeBindings(user *userv1.User, scopeType, scopeName, role string)

func ScopeBindingUnique

func ScopeBindingUnique(b userv1.ScopeBinding) string

func SubNs2Ns

func SubNs2Ns(subNs *SubnamespaceAnchor) *v1.Namespace

func TransBinding

func TransBinding(labels map[string]string, sub rbacv1.Subject, ref rbacv1.RoleRef) (scopeType string, scopeName string, role string, user string, err error)

func UpdateUserSpec

func UpdateUserSpec(ctx context.Context, cli client.Client, user *userv1.User) error

func UserBelongsToProject

func UserBelongsToProject(user *userv1.User, project string) bool

func UserBelongsToTenant

func UserBelongsToTenant(user *userv1.User, tenant string) bool

Types

type MetaKVP

type MetaKVP struct {
	// Key is the name of the label or annotation. It must conform to the normal rules for Kubernetes
	// label/annotation keys.
	Key string `json:"key"`

	// Value is the value of the label or annotation. It must confirm to the normal rules for
	// Kubernetes label or annoation values, which are far more restrictive for labels than for
	// anntations.
	Value string `json:"value"`
}

MetaKVP represents a label or annotation

type SubnamespaceAnchor

type SubnamespaceAnchor struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   SubnamespaceAnchorSpec   `json:"spec,omitempty"`
	Status SubnamespaceAnchorStatus `json:"status,omitempty"`
}

SubnamespaceAnchor is the Schema for the subnamespace API. See details at http://bit.ly/hnc-self-serve-ux.

type SubnamespaceAnchorList

type SubnamespaceAnchorList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []SubnamespaceAnchor `json:"items"`
}

SubnamespaceAnchorList contains a list of SubnamespaceAnchor.

type SubnamespaceAnchorSpec

type SubnamespaceAnchorSpec struct {
	// Labels is a list of labels and values to apply to the current subnamespace and all of its
	// descendants. All label keys must match a regex specified on the command line by
	// --managed-namespace-label.
	// All label keys must be managed labels (see HNC docs) and must match a regex
	Labels []MetaKVP `json:"labels,omitempty"`

	// Annotations is a list of annotations and values to apply to the current subnamespace and all of
	// its descendants. All annotation keys must match a regex specified on the command line by
	// --managed-namespace-annotation.
	// All annotation keys must be managed annotations (see HNC docs) and must match a regex
	Annotations []MetaKVP `json:"annotations,omitempty"`
}

type SubnamespaceAnchorState

type SubnamespaceAnchorState string

SubnamespaceAnchorState describes the state of the subnamespace. The state could be "Missing", "Ok", "Conflict" or "Forbidden". The definitions will be described below.

type SubnamespaceAnchorStatus

type SubnamespaceAnchorStatus struct {
	// Describes the state of the subnamespace anchor.
	//
	// Currently, the supported values are:
	//
	// - "Missing": the subnamespace has not been created yet. This should be the default state when
	// the anchor is just created.
	//
	// - "Ok": the subnamespace exists. This is the only good state of the anchor.
	//
	// - "Conflict": a namespace of the same name already exists. The admission controller will
	// attempt to prevent this.
	//
	// - "Forbidden": the anchor was created in a namespace that doesn't allow children, such as
	// kube-system or hnc-system. The admission controller will attempt to prevent this.
	State SubnamespaceAnchorState `json:"status,omitempty"`
}

SubnamespaceAnchorStatus defines the observed state of SubnamespaceAnchor.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL