controller

package
v0.0.0-...-9310271 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 25, 2024 License: Apache-2.0 Imports: 36 Imported by: 0

Documentation

Index

Constants

View Source 
const (

	// Blocked label and annotations as described here: https://okd-internal.docs.cern.ch/operations/project-blocking/
	LabelBlockedNamespace string = "okd.cern.ch/project-blocked"
	// Annotation that defines when the project should be deleted
	AnnotationDeleteNamespaceTimestamp  string = "lifecycle.webservices.cern.ch/delete-namespace-after"
	AnnotationBlockedNamespaceReason    string = "okd.cern.ch/blocked-reason"
	AnnotationBlockedNamespaceTimestamp string = "okd.cern.ch/blocked-timestamp"
	AnnotationLifecycleBlockedReason    string = "PendingDeletionAfterLifecycleDeletedApplication"
)

Variables used in function `ensureProjectMetadata`

Variables

View Source 
var (
	// Generic temporary error
	ErrTemporary                = errors.New("TemporaryError")
	ErrApplicationAlreadyExists = errors.New("ApplicationAlreadyExists")
	ErrInvalidSpec              = errors.New("InvalidSpec")
	ErrClientK8s                = errors.New("k8sAPIClientError")
	ErrClientAuthz              = errors.New("AuthzAPIClientError")
	ErrAuthzAPITemp             = errors.New("AuthzAPIError")
	ErrAuthzAPIPermanent        = errors.New("AuthzAPIPermanentError")
	ErrAuthzInvalidResponse     = errors.New("AuthzAPIInvalidResponse")
	ErrAuthzAPIUnauthorized     = errors.New("AuthzAPIUnauthorized")
	ErrApplicationConflict      = errors.New("ApplicationConflict")
	ErrAssociatedAppNotFound    = errors.New("AssociatedApplicationNotFound")
	ErrInvalidOwner             = errors.New("InvalidOwner")
	ErrUnsupportedChangeInAuthz = errors.New("UnsupportedChangeInAuthz")
	ErrGroupDoesntExist         = errors.New("GroupDoesntExistError")
)

ErrorConditions

Functions

func GetExportedRoles 

func GetExportedRoles(ctx context.Context, authzApiClient *authzapiv1.APIClient, appId string) ([]webservicesv1alpha1.ExportedRole, error)

func ModifyOwnerRoleBinding 

func ModifyOwnerRoleBinding(policy webservicesv1alpha1.ProjectLifecyclePolicy, appreg webservicesv1alpha1.ApplicationRegistration, ownerRolebinding *rbacv1.RoleBinding)

Function that sets the desired state of the RoleBinding resource.

func ModifyProjectMetadata 

func ModifyProjectMetadata(policy webservicesv1alpha1.ProjectLifecyclePolicy, appreg webservicesv1alpha1.ApplicationRegistration, namespace *corev1.Namespace)

ModifyProjectMetadata sets the desired value for the namespace annotation and adds custom labels, CurrentOwner, CurrentAdminGroup and ResourceCategory, to the Openshift project

Types

type AppStatusRefreshMode 

type AppStatusRefreshMode string
const (
	// With mode AppStatusRefreshModeSynchronous, each Reconcile talks to the Authz API, compares and
	// updates the ApplicationRegistration state in Kubernetes. Reconcile() is slow in this mode.
	AppStatusRefreshModeSynchronous AppStatusRefreshMode = "RefreshSynchronously"
	// With mode AppStatusRefreshModeAsync, Reconcile() only talks talks to the Authz API if
	// the state in Kubernetes requires performing some change in the API (e.g. register a new application,
	// update OIDC return URIs). If the state in Kubernetes is consistent, then Reconcile won't make any
	// call to the Authz API. Instead, it will request an asynchronous refresh via FullResyncRequests.
	// This allows Reconcile() to return very fast in most cases, while still propagating changes to the Authz API
	// quickly when something has changed in Kubernetes.
	AppStatusRefreshModeAsync AppStatusRefreshMode = "DelegateRefreshToBackgroundReconciler"
)

type ApplicationRegistrationExportReconciler 

type ApplicationRegistrationExportReconciler struct {
	client.Client
	Log            logr.Logger
	Scheme         *runtime.Scheme
	AuthzApiClient *authzapiv1.APIClient

	// ExportAllAppsEvents is used to trigger regular exports of all objects
	ExportAllAppsEvents chan event.GenericEvent
}

ApplicationRegistrationStatusReconciler reconciles *some* fields of the status of an ApplicationRegistration object It sets the following fields: - status.exportedDetails.roles

func (*ApplicationRegistrationExportReconciler) Reconcile 

func (r *ApplicationRegistrationExportReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

func (*ApplicationRegistrationExportReconciler) SetupWithManager 

func (r *ApplicationRegistrationExportReconciler) SetupWithManager(mgr ctrl.Manager) error

type ApplicationRegistrationReconciler 

type ApplicationRegistrationReconciler struct {
	client.Client
	Log           logr.Logger
	Scheme        *runtime.Scheme
	Authz         authzapireq.AuthzClient
	AuthzApiCache apicache.AuthzCache

	// AppStatusRefreshRequests channel is used to request an asynchronous full (slow) reconciliation with authz API.
	// It receives sync requests from the foreground instance of the reconciler (in AppStatusRefreshModeAsync mode),
	// as well as sync requests from the Lifecycle controller (when syncing all apps with Authz API and finding some apps that need update).
	// The background instance of the reconciler uses mode AppStatusRefreshModeSynchronous and performs the full sync
	// on ApplicationRegistration received through this channel.
	AppStatusRefreshRequests chan event.GenericEvent
	// Because we'll run concurrent instances of the reconciler with different modes,
	// we need to synchronize them so they do not work on the same ApplicationRegistration resource
	// at the same time. This synchronization is required because the Reconcile() implementation is not re-entrant
	// when it has to make changes to the Authz API.
	ReconcilerProcessingInProgress map[string]bool
	ReconcilerSyncMutex            *sync.Mutex
	// contains filtered or unexported fields
}

ApplicationRegistrationReconciler reconciles a ApplicationRegistration object

func (*ApplicationRegistrationReconciler) Reconcile 

func (r *ApplicationRegistrationReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

func (*ApplicationRegistrationReconciler) SetupWithManagerForBackground 

func (r *ApplicationRegistrationReconciler) SetupWithManagerForBackground(mgr ctrl.Manager) error

func (*ApplicationRegistrationReconciler) SetupWithManagerForForeground 

func (r *ApplicationRegistrationReconciler) SetupWithManagerForForeground(mgr ctrl.Manager) error

type BootstrapApplicationRoleReconciler 

type BootstrapApplicationRoleReconciler struct {
	client.Client
	Log           logr.Logger
	Scheme        *runtime.Scheme
	Authz         authzapireq.AuthzClient
	AuthzApiCache apicache.AuthzCache
}

BootstrapApplicationRoleReconciler reconciles a BootstrapApplicationRole object

func (*BootstrapApplicationRoleReconciler) Reconcile 

func (r *BootstrapApplicationRoleReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

func (*BootstrapApplicationRoleReconciler) SetupWithManager 

func (r *BootstrapApplicationRoleReconciler) SetupWithManager(mgr ctrl.Manager) error

type LifecycleReconciler 

type LifecycleReconciler struct {
	client.Client
	Log           logr.Logger
	Scheme        *runtime.Scheme
	Authz         authzapireq.AuthzClient
	AuthzApiCache apicache.AuthzCache
	// LifecycleEvents channel is to send reconcile requests to the ApplicationRegistration controller
	LifecycleEvents chan event.GenericEvent
	// SyncAllAppsEvents channel is used to trigger a sync of all applications (from a timer)
	SyncAllAppsEvents chan event.GenericEvent
}

LifecycleReconciler reconciles a Lifecycle object

func (*LifecycleReconciler) Reconcile 

func (r *LifecycleReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

the Reconcile method syncs all apps with AuthZ API

func (*LifecycleReconciler) SetupWithManager 

func (r *LifecycleReconciler) SetupWithManager(mgr ctrl.Manager) error

type ProjectLifecyclePolicyReconciler 

type ProjectLifecyclePolicyReconciler struct {
	client.Client
	Log    logr.Logger
	Scheme *runtime.Scheme
	// Base URL to generate a link to manage an application in the Application Portal.
	// The application ID will be appended to the base URL to generate to full URL.
	ApplicationPortalBaseUrl string
	// The text to show in the NamespaceDashboard ConsoleLink providing the general-purpose link from the OKD console
	// to the application's management page in the Application Portal.
	ApplicationPortalLinkText string
	// The text to show in the NamespaceDashboard ConsoleLink providing info about the current application category
	// in the Application Portal when category is Undefined
	ApplicationCategoryUndefinedLinkText string
	// The text to show in the NamespaceDashboard ConsoleLink providing info about the current application category
	// in the Application Portal when category is Test
	ApplicationCategoryTestLinkText string
	// The text to show in the NamespaceDashboard ConsoleLink providing info about the current application category
	// in the Application Portal when category is Personal
	ApplicationCategoryPersonalLinkText string
	// The text to show in the NamespaceDashboard ConsoleLink providing info about the current application category
	// in the Application Portal when category is Official
	ApplicationCategoryOfficialLinkText string
}

ProjectLifecyclePolicyReconciler reconciles a ProjectLifecyclePolicy object

func (*ProjectLifecyclePolicyReconciler) Reconcile 

func (r *ProjectLifecyclePolicyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

func (*ProjectLifecyclePolicyReconciler) SetupWithManager 

func (r *ProjectLifecyclePolicyReconciler) SetupWithManager(mgr ctrl.Manager) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.