Documentation ¶
Index ¶
- Constants
- Variables
- func Authn(perm string, w http.ResponseWriter, r *http.Request) (string, error)
- func BasicAuthCheck(username, password string) bool
- func BasicAuthzCheck(username, perm string) bool
- func ConnectToKube()
- func CreateRMDataTask(clusterName, replicaName, taskName string, ...) error
- func GetBackrestStorageTypes() []string
- func GetContainerResourcesJSON(resources *crv1.PgContainerResources) string
- func GetNamespace(clientset *kubernetes.Clientset, username, requestedNS string) (string, error)
- func GetPVCName(pod *v1.Pod) map[string]string
- func GetSecrets(cluster *crv1.Pgcluster, ns string) ([]msgs.ShowUserSecret, error)
- func HasPerm(role string, perm string) bool
- func Initialize()
- func InitializePerms()
- func IsStringOneOf(testVal string, acceptedVals ...string) bool
- func IsValidBackrestStorageType(storageType string) bool
- func IsValidContainerResource(name string) bool
- func IsValidContainerResourceValues() bool
- func IsValidNodeLabel(key, value string) (bool, bool, error)
- func IsValidPVC(pvcName, ns string) bool
- func IsValidStorageName(name string) bool
- func NewCertEnforcer(reqRoutes []string) (*certEnforcer, error)
- func UserIsPermittedInNamespace(username, requestedNS string) (bool, bool)
- func ValidateBackrestStorageTypeOnBackupRestore(requestBackRestStorageType, clusterBackRestStorageType string, restore bool) error
- func ValidateNodeLabel(nodeLabel string) error
- func WriteTLSCert(certPath, keyPath string) error
- type CredentialDetail
- type ReplicaPodStatus
Constants ¶
const APPLY_POLICY_PERM = "ApplyPolicy"
const CAT_PERM = "Cat"
MISC
const CLONE_PERM = "Clone"
const CREATE_BACKUP_PERM = "CreateBackup"
CREATE
const CREATE_BENCHMARK_PERM = "CreateBenchmark"
const CREATE_CLUSTER_PERM = "CreateCluster"
const CREATE_DUMP_PERM = "CreateDump"
const CREATE_FAILOVER_PERM = "CreateFailover"
const CREATE_INGEST_PERM = "CreateIngest"
const CREATE_NAMESPACE_PERM = "CreateNamespace"
const CREATE_PGBOUNCER_PERM = "CreatePgbouncer"
const CREATE_PGOROLE_PERM = "CreatePgorole"
const CREATE_PGOUSER_PERM = "CreatePgouser"
const CREATE_POLICY_PERM = "CreatePolicy"
const CREATE_SCHEDULE_PERM = "CreateSchedule"
const CREATE_UPGRADE_PERM = "CreateUpgrade"
const CREATE_USER_PERM = "CreateUser"
const DELETE_BACKUP_PERM = "DeleteBackup"
DELETE
const DELETE_BENCHMARK_PERM = "DeleteBenchmark"
const DELETE_CLUSTER_PERM = "DeleteCluster"
const DELETE_INGEST_PERM = "DeleteIngest"
const DELETE_NAMESPACE_PERM = "DeleteNamespace"
const DELETE_PGBOUNCER_PERM = "DeletePgbouncer"
const DELETE_PGOROLE_PERM = "DeletePgorole"
const DELETE_PGOUSER_PERM = "DeletePgouser"
const DELETE_POLICY_PERM = "DeletePolicy"
const DELETE_SCHEDULE_PERM = "DeleteSchedule"
const DELETE_USER_PERM = "DeleteUser"
const DF_CLUSTER_PERM = "DfCluster"
const LABEL_PERM = "Label"
const LOAD_PERM = "Load"
const LS_PERM = "Ls"
const PGOSecretName = "pgo.tls"
const RELOAD_PERM = "Reload"
const RESTORE_DUMP_PERM = "RestoreDump"
RESTORE
const RESTORE_PERM = "Restore"
const RESTORE_PGBASEBACKUP_PERM = "RestorePgbasebackup"
const SCALE_CLUSTER_PERM = "ScaleCluster"
SCALE
const SHOW_BACKUP_PERM = "ShowBackup"
SHOW
const SHOW_BENCHMARK_PERM = "ShowBenchmark"
const SHOW_CLUSTER_PERM = "ShowCluster"
const SHOW_CONFIG_PERM = "ShowConfig"
const SHOW_INGEST_PERM = "ShowIngest"
const SHOW_NAMESPACE_PERM = "ShowNamespace"
const SHOW_PGOROLE_PERM = "ShowPgorole"
const SHOW_PGOUSER_PERM = "ShowPgouser"
const SHOW_POLICY_PERM = "ShowPolicy"
const SHOW_PVC_PERM = "ShowPVC"
const SHOW_SCHEDULE_PERM = "ShowSchedule"
const SHOW_SECRETS_PERM = "ShowSecrets"
const SHOW_USER_PERM = "ShowUser"
const SHOW_WORKFLOW_PERM = "ShowWorkflow"
const STATUS_PERM = "Status"
const TEST_CLUSTER_PERM = "TestCluster"
const TreeBranch = "├── "
TreeBranch is for debugging only in this context
const TreeTrunk = "└── "
TreeTrunk is for debugging only in this context
const UPDATE_CLUSTER_PERM = "UpdateCluster"
UPDATE
const UPDATE_NAMESPACE_PERM = "UpdateNamespace"
const UPDATE_PGOROLE_PERM = "UpdatePgorole"
const UPDATE_PGOUSER_PERM = "UpdatePgouser"
const UPDATE_USER_PERM = "UpdateUser"
const VERSION_MISMATCH_ERROR = "pgo client and server version mismatch"
const VERSION_PERM = "Version"
Variables ¶
var AuditFlag bool
AuditFlag if set to true will cause auditing to occur in the logs
var BasicAuth bool
BasicAuth comes from the apiserver config
var CRUNCHY_DEBUG bool
var Clientset *kubernetes.Clientset
Clientset ...
var DebugFlag bool
DebugFlag is the debug flag value
var ( // ErrDBContainerNotFound is an error that indicates that a "database" container // could not be found in a specific pod ErrDBContainerNotFound = errors.New("\"database\" container not found in pod") )
var InstallationName string
var MetricsFlag, BadgerFlag bool
MetricsFlag if set to true will cause crunchy-collect to be added into new clusters
var PermMap map[string]string
var Pgo config.PgoConfig
var PgoNamespace string
Namespace comes from the apiserver config in this version
var RESTClient *rest.RESTClient
RESTClient ...
var RESTConfig *rest.Config
var RoleMap map[string]map[string]string
Functions ¶
func Authn ¶
Authn performs HTTP Basic Authentication against a user if "BasicAuth" is set to "true" (which it is by default).
...it also performs Authorization (Authz) against the user that is attempting to authenticate, and as such, to truly "authenticate/authorize," one needs at least a valid Operator User account.
func BasicAuthCheck ¶
func BasicAuthzCheck ¶
func CreateRMDataTask ¶
func GetBackrestStorageTypes ¶
func GetBackrestStorageTypes() []string
func GetContainerResourcesJSON ¶
func GetContainerResourcesJSON(resources *crv1.PgContainerResources) string
GetContainerResources ...
func GetNamespace ¶
func GetNamespace(clientset *kubernetes.Clientset, username, requestedNS string) (string, error)
GetNamespace determines if a user has permission for a namespace they are requesting a valid requested namespace is required
func GetSecrets ¶
func Initialize ¶
func Initialize()
func InitializePerms ¶
func InitializePerms()
func IsStringOneOf ¶
IsStringOneOf tests to see string testVal is included in the list of strings provided using acceptedVals
func IsValidBackrestStorageType ¶
IsValidBackrestStorageType determines if the storageType string contains valid pgBackRest storage type values
func IsValidContainerResourceValues ¶
func IsValidContainerResourceValues() bool
func IsValidNodeLabel ¶
IsValidNodeLabel returns bool for key validity returns bool for value validity returns error
func IsValidPVC ¶
IsValidPVC determines if a PVC with the name provided exits
func IsValidStorageName ¶
func NewCertEnforcer ¶
NewCertEnforcer ensures a certEnforcer is created with skipped routes and validates that the configured routes are allowed
func UserIsPermittedInNamespace ¶
returns installation access and user access installation access means a namespace belongs to this Operator installation user access means this user has access to a namespace
func ValidateBackrestStorageTypeOnBackupRestore ¶
func ValidateBackrestStorageTypeOnBackupRestore(requestBackRestStorageType, clusterBackRestStorageType string, restore bool) error
ValidateBackrestStorageTypeOnBackupRestore checks to see if the pgbackrest storage type provided when performing either pgbackrest backup or restore is valid. This includes ensuring the value provided is a valid storage type (e.g. "s3" and/or "local"). This also includes ensuring the storage type specified (e.g. "s3" or "local") is enabled in the current cluster. And finally, validation is ocurring for a restore, the ensure only one storage type is selected.
func ValidateNodeLabel ¶
ValidateNodeLabel returns error if node label is invalid
func WriteTLSCert ¶
WriteTLSCert writes the server certificate and key to files from the PGOSecretName secret or generates a new key (writing to both the secret and the expected files
Types ¶
type CredentialDetail ¶
type ReplicaPodStatus ¶
ReplicaPodStatus stores the name of the node a replica pod is assigned to, as well as whether or not the pod is considered "Ready" in the Kubernetes cluster
func GetReplicaPodStatus ¶
func GetReplicaPodStatus(clusterName, ns string) (*ReplicaPodStatus, error)
GetReplicaPodStatus gets the status of all replica pods in the cluster. Specifically, using the provided cluster name and namespace, it looks up all replica pod in the cluster, and then provides a status for each pod ("Ready" or "Not Ready")