Documentation ¶
Index ¶
- Constants
- func EvaluateConditions(conditions GradatedConditions, config *upstreamldap.ProviderConfig) (upstreamprovider.UpstreamLDAPIdentityProviderI, bool)
- func TestConnection(ctx context.Context, bindSecretName string, ...) *metav1.Condition
- func ValidateSecret(secretInformer corev1informers.SecretInformer, secretName string, ...) (*metav1.Condition, string)
- type GradatedConditions
- type UpstreamGenericLDAPGroupSearch
- type UpstreamGenericLDAPIDP
- type UpstreamGenericLDAPSpec
- type UpstreamGenericLDAPStatus
- type UpstreamGenericLDAPUserSearch
- type ValidatedSettings
- type ValidatedSettingsCache
- type ValidatedSettingsCacheI
Constants ¶
View Source
const ( ReasonNotFound = "SecretNotFound" ReasonWrongType = "SecretWrongType" ReasonMissingKeys = "SecretMissingKeys" LDAPBindAccountSecretType = corev1.SecretTypeBasicAuth TypeSearchBaseFound = "SearchBaseFound" ReasonUsingConfigurationFromSpec = "UsingConfigurationFromSpec" ReasonErrorFetchingSearchBase = "ErrorFetchingSearchBase" )
Variables ¶
This section is empty.
Functions ¶
func EvaluateConditions ¶ added in v0.11.0
func EvaluateConditions(conditions GradatedConditions, config *upstreamldap.ProviderConfig) (upstreamprovider.UpstreamLDAPIdentityProviderI, bool)
func TestConnection ¶ added in v0.11.0
func TestConnection( ctx context.Context, bindSecretName string, config *upstreamldap.ProviderConfig, currentSecretVersion string, ) *metav1.Condition
func ValidateSecret ¶ added in v0.11.0
func ValidateSecret(secretInformer corev1informers.SecretInformer, secretName string, secretNamespace string, config *upstreamldap.ProviderConfig) (*metav1.Condition, string)
Types ¶
type GradatedConditions ¶ added in v0.11.0
type GradatedConditions struct {
// contains filtered or unexported fields
}
GradatedConditions is a list of conditions, where each condition can additionally be considered fatal or non-fatal.
func ValidateGenericLDAP ¶ added in v0.11.0
func ValidateGenericLDAP( ctx context.Context, upstream UpstreamGenericLDAPIDP, secretInformer corev1informers.SecretInformer, configMapInformer corev1informers.ConfigMapInformer, validatedSettingsCache ValidatedSettingsCacheI, config *upstreamldap.ProviderConfig, ) GradatedConditions
func (*GradatedConditions) Append ¶ added in v0.11.0
func (g *GradatedConditions) Append(condition *metav1.Condition, isFatal bool)
func (*GradatedConditions) Conditions ¶ added in v0.11.0
func (g *GradatedConditions) Conditions() []*metav1.Condition
type UpstreamGenericLDAPGroupSearch ¶ added in v0.11.0
type UpstreamGenericLDAPIDP ¶ added in v0.11.0
type UpstreamGenericLDAPIDP interface { Spec() UpstreamGenericLDAPSpec Name() string Namespace() string Generation() int64 }
UpstreamGenericLDAPIDP is a read-only interface for abstracting the differences between LDAP and Active Directory IDP types.
type UpstreamGenericLDAPSpec ¶ added in v0.11.0
type UpstreamGenericLDAPSpec interface { Host() string TLSSpec() *idpv1alpha1.TLSSpec BindSecretName() string UserSearch() UpstreamGenericLDAPUserSearch GroupSearch() UpstreamGenericLDAPGroupSearch DetectAndSetSearchBase(ctx context.Context, config *upstreamldap.ProviderConfig) *metav1.Condition UnknownSearchBaseCondition() *metav1.Condition }
type UpstreamGenericLDAPStatus ¶ added in v0.11.0
type UpstreamGenericLDAPUserSearch ¶ added in v0.11.0
type ValidatedSettings ¶ added in v0.11.0
type ValidatedSettings struct { IDPSpecGeneration int64 // which IDP spec was used during the validation BindSecretResourceVersion string // which bind secret was used during the validation CABundleHash tlsconfigutil.CABundleHash // hash of the CA bundle used during the validation // Cache the setting for TLS vs StartTLS. This is always auto-discovered by probing the server. LDAPConnectionProtocol upstreamldap.LDAPConnectionProtocol // Cache the settings for search bases. These could be configured by the IDP spec, or in the // case of AD they can also be auto-discovered by probing the server. UserSearchBase, GroupSearchBase string // Cache copies of the conditions that were computed when the above settings were cached, so we // can keep writing them to the status in the future. This matters most when the first attempt // to write them to the IDP's status fails. In this case, future Syncs calls will be able to // use these cached values to try writing them again. ConnectionValidCondition, SearchBaseFoundCondition *metav1.Condition }
ValidatedSettings is the struct which is cached by the ValidatedSettingsCacheI interface.
type ValidatedSettingsCache ¶ added in v0.13.0
type ValidatedSettingsCache struct {
ValidatedSettingsByName map[string]ValidatedSettings
}
func (*ValidatedSettingsCache) Get ¶ added in v0.13.0
func (s *ValidatedSettingsCache) Get(upstreamName, resourceVersion string, idpSpecGeneration int64) (ValidatedSettings, bool)
func (*ValidatedSettingsCache) Set ¶ added in v0.13.0
func (s *ValidatedSettingsCache) Set(upstreamName string, settings ValidatedSettings)
type ValidatedSettingsCacheI ¶ added in v0.13.0
type ValidatedSettingsCacheI interface { // Get the cached settings for a given upstream at a given generation which was previously // validated using a given bind secret version. If no settings have been cached for the // upstream, or if the settings were cached at a different generation of the upstream or // using a different version of the bind secret, then return false to indicate that the // desired settings were not cached yet for that combination of spec generation and secret version. Get(upstreamName, resourceVersion string, idpSpecGeneration int64) (ValidatedSettings, bool) // Set some settings into the cache for a given upstream. Set(upstreamName string, settings ValidatedSettings) }
ValidatedSettingsCacheI is an interface for an in-memory cache with an entry for each upstream provider. It keeps track of settings that were already validated for a given IDP spec and bind secret for that upstream.
func NewValidatedSettingsCache ¶ added in v0.13.0
func NewValidatedSettingsCache() ValidatedSettingsCacheI
Click to show internal directories.
Click to hide internal directories.