upstreamwatchers

package
v0.35.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 5, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ReasonNotFound    = "SecretNotFound"
	ReasonWrongType   = "SecretWrongType"
	ReasonMissingKeys = "SecretMissingKeys"

	LDAPBindAccountSecretType = corev1.SecretTypeBasicAuth

	TypeSearchBaseFound = "SearchBaseFound"

	ReasonUsingConfigurationFromSpec = "UsingConfigurationFromSpec"
	ReasonErrorFetchingSearchBase    = "ErrorFetchingSearchBase"
)

Variables

This section is empty.

Functions

func EvaluateConditions added in v0.11.0

func TestConnection added in v0.11.0

func TestConnection(
	ctx context.Context,
	bindSecretName string,
	config *upstreamldap.ProviderConfig,
	currentSecretVersion string,
) *metav1.Condition

func ValidateSecret added in v0.11.0

func ValidateSecret(secretInformer corev1informers.SecretInformer, secretName string, secretNamespace string, config *upstreamldap.ProviderConfig) (*metav1.Condition, string)

Types

type GradatedConditions added in v0.11.0

type GradatedConditions struct {
	// contains filtered or unexported fields
}

GradatedConditions is a list of conditions, where each condition can additionally be considered fatal or non-fatal.

func ValidateGenericLDAP added in v0.11.0

func ValidateGenericLDAP(
	ctx context.Context,
	upstream UpstreamGenericLDAPIDP,
	secretInformer corev1informers.SecretInformer,
	configMapInformer corev1informers.ConfigMapInformer,
	validatedSettingsCache ValidatedSettingsCacheI,
	config *upstreamldap.ProviderConfig,
) GradatedConditions

func (*GradatedConditions) Append added in v0.11.0

func (g *GradatedConditions) Append(condition *metav1.Condition, isFatal bool)

func (*GradatedConditions) Conditions added in v0.11.0

func (g *GradatedConditions) Conditions() []*metav1.Condition

type UpstreamGenericLDAPGroupSearch added in v0.11.0

type UpstreamGenericLDAPGroupSearch interface {
	Base() string
	Filter() string
	UserAttributeForFilter() string
	GroupNameAttribute() string
}

type UpstreamGenericLDAPIDP added in v0.11.0

type UpstreamGenericLDAPIDP interface {
	Spec() UpstreamGenericLDAPSpec
	Name() string
	Namespace() string
	Generation() int64
}

UpstreamGenericLDAPIDP is a read-only interface for abstracting the differences between LDAP and Active Directory IDP types.

type UpstreamGenericLDAPSpec added in v0.11.0

type UpstreamGenericLDAPSpec interface {
	Host() string
	TLSSpec() *idpv1alpha1.TLSSpec
	BindSecretName() string
	UserSearch() UpstreamGenericLDAPUserSearch
	GroupSearch() UpstreamGenericLDAPGroupSearch
	DetectAndSetSearchBase(ctx context.Context, config *upstreamldap.ProviderConfig) *metav1.Condition
	UnknownSearchBaseCondition() *metav1.Condition
}

type UpstreamGenericLDAPStatus added in v0.11.0

type UpstreamGenericLDAPStatus interface {
	Conditions() []metav1.Condition
}

type UpstreamGenericLDAPUserSearch added in v0.11.0

type UpstreamGenericLDAPUserSearch interface {
	Base() string
	Filter() string
	UsernameAttribute() string
	UIDAttribute() string
}

type ValidatedSettings added in v0.11.0

type ValidatedSettings struct {
	IDPSpecGeneration         int64                      // which IDP spec was used during the validation
	BindSecretResourceVersion string                     // which bind secret was used during the validation
	CABundleHash              tlsconfigutil.CABundleHash // hash of the CA bundle used during the validation

	// Cache the setting for TLS vs StartTLS. This is always auto-discovered by probing the server.
	LDAPConnectionProtocol upstreamldap.LDAPConnectionProtocol

	// Cache the settings for search bases. These could be configured by the IDP spec, or in the
	// case of AD they can also be auto-discovered by probing the server.
	UserSearchBase, GroupSearchBase string

	// Cache copies of the conditions that were computed when the above settings were cached, so we
	// can keep writing them to the status in the future. This matters most when the first attempt
	// to write them to the IDP's status fails. In this case, future Syncs calls will be able to
	// use these cached values to try writing them again.
	ConnectionValidCondition, SearchBaseFoundCondition *metav1.Condition
}

ValidatedSettings is the struct which is cached by the ValidatedSettingsCacheI interface.

type ValidatedSettingsCache added in v0.13.0

type ValidatedSettingsCache struct {
	ValidatedSettingsByName map[string]ValidatedSettings
}

func (*ValidatedSettingsCache) Get added in v0.13.0

func (s *ValidatedSettingsCache) Get(upstreamName, resourceVersion string, idpSpecGeneration int64) (ValidatedSettings, bool)

func (*ValidatedSettingsCache) Set added in v0.13.0

func (s *ValidatedSettingsCache) Set(upstreamName string, settings ValidatedSettings)

type ValidatedSettingsCacheI added in v0.13.0

type ValidatedSettingsCacheI interface {
	// Get the cached settings for a given upstream at a given generation which was previously
	// validated using a given bind secret version. If no settings have been cached for the
	// upstream, or if the settings were cached at a different generation of the upstream or
	// using a different version of the bind secret, then return false to indicate that the
	// desired settings were not cached yet for that combination of spec generation and secret version.
	Get(upstreamName, resourceVersion string, idpSpecGeneration int64) (ValidatedSettings, bool)

	// Set some settings into the cache for a given upstream.
	Set(upstreamName string, settings ValidatedSettings)
}

ValidatedSettingsCacheI is an interface for an in-memory cache with an entry for each upstream provider. It keeps track of settings that were already validated for a given IDP spec and bind secret for that upstream.

func NewValidatedSettingsCache added in v0.13.0

func NewValidatedSettingsCache() ValidatedSettingsCacheI

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL