core

package

v0.0.0-...-4fbd946 Latest Latest Go to latest Published: Oct 21, 2019 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ash2k/iam4kube

Links

Open Source Insights

Documentation ¶

Index ¶

type CacheEntry
type CredentialsPrefetcher
- func NewCredentialsPrefetcher(logger *zap.Logger, kloud Kloud, registry prometheus.Registerer, ...) (*CredentialsPrefetcher, error)
type IamRoleKey
- func (k *IamRoleKey) String() string
type Kernel
- func (k *Kernel) CredentialsForIp(ctx context.Context, ip iam4kube.IP, role string) (*core_v1.Pod, *iam4kube.Credentials, error)
- func (k *Kernel) RoleForIp(ctx context.Context, ip iam4kube.IP) (*core_v1.Pod, *iam4kube.IamRole, error)
type Kloud
type Kroler
type Limiter
type Metrics
type Prefetcher
type PrefetcherNotifier

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CacheEntry ¶

type CacheEntry struct {
	Role               iam4kube.IamRole
	Creds              iam4kube.Credentials
	TimesAddedCounter  int // holds the number of times Add() was called for the corresponding role
	Awaiting           map[chan<- credResponse]struct{}
	HasCreds           bool // initially false, set to true when creds are retrieved for the first time
	EnqueuedForRefresh bool // true if creds are scheduled to be refreshed
}

type CredentialsPrefetcher ¶

type CredentialsPrefetcher struct {
	// contains filtered or unexported fields
}

func NewCredentialsPrefetcher ¶

func NewCredentialsPrefetcher(logger *zap.Logger, kloud Kloud, registry prometheus.Registerer,
	limiter Limiter, workers int) (*CredentialsPrefetcher, error)

func (*CredentialsPrefetcher) Add ¶

func (k *CredentialsPrefetcher) Add(role *iam4kube.IamRole)

func (*CredentialsPrefetcher) CredentialsForRole ¶

func (k *CredentialsPrefetcher) CredentialsForRole(ctx context.Context, role *iam4kube.IamRole) (*iam4kube.Credentials, error)

CredentialsForRole fetches credentials from the cache. It blocks until credentials are available or the context signals done.

func (*CredentialsPrefetcher) Inspect ¶

func (k *CredentialsPrefetcher) Inspect(f func(map[IamRoleKey]CacheEntry))

Inspect asynchronously executes f in the goroutine that owns the cache. f must not mutate cache to avoid interfering with internal invariants.

func (*CredentialsPrefetcher) Metrics ¶

func (k *CredentialsPrefetcher) Metrics() Metrics

func (*CredentialsPrefetcher) Remove ¶

func (k *CredentialsPrefetcher) Remove(role *iam4kube.IamRole)

func (*CredentialsPrefetcher) Run ¶

func (k *CredentialsPrefetcher) Run(ctx context.Context)

type IamRoleKey ¶

type IamRoleKey struct {
	// contains filtered or unexported fields
}

func (*IamRoleKey) String ¶

func (k *IamRoleKey) String() string

type Kernel ¶

type Kernel struct {
	Kloud  Kloud
	Kroler Kroler
}

func (*Kernel) CredentialsForIp ¶

func (k *Kernel) CredentialsForIp(ctx context.Context, ip iam4kube.IP, role string) (*core_v1.Pod, *iam4kube.Credentials, error)

CredentialsForIp fetches credentials for the IAM role that is assigned to a Pod with the provided IP. Returns nil if no IAM role is assigned. May return non-nil pod even on error.

func (*Kernel) RoleForIp ¶

func (k *Kernel) RoleForIp(ctx context.Context, ip iam4kube.IP) (*core_v1.Pod, *iam4kube.IamRole, error)

RoleForIp fetches the IAM role that is supposed to be used by a Pod with the provided IP. Returns nil if no IAM role is assigned. May return non-nil pod even on error.

type Kloud ¶

type Kloud interface {
	CredentialsForRole(context.Context, *iam4kube.IamRole) (*iam4kube.Credentials, error)
}

type Kroler ¶

type Kroler interface {
	// RoleForIp fetches the IAM role that is supposed to be used by a Pod with the provided IP.
	// Returns nil if no IAM role is assigned. May return non-nil pod even on error.
	RoleForIp(context.Context, iam4kube.IP) (*core_v1.Pod, *iam4kube.IamRole, error)
}

type Limiter ¶

type Limiter interface {
	// Wait blocks until limiter permits an event to happen.
	// It returns an error if the Context is
	// canceled, or the expected wait time exceeds the Context's Deadline.
	Wait(context.Context) error
}

type Metrics ¶

type Metrics struct {
	BusyWorkersNumber  int32
	ToRefreshBufLength int32
}

type Prefetcher ¶

type Prefetcher interface {
	Add(*iam4kube.IamRole)
	Remove(*iam4kube.IamRole)
}

type PrefetcherNotifier ¶

type PrefetcherNotifier struct {
	Logger     *zap.Logger
	Prefetcher Prefetcher
}

func (*PrefetcherNotifier) OnAdd ¶

func (p *PrefetcherNotifier) OnAdd(obj interface{})

func (*PrefetcherNotifier) OnDelete ¶

func (p *PrefetcherNotifier) OnDelete(obj interface{})

func (*PrefetcherNotifier) OnUpdate ¶

func (p *PrefetcherNotifier) OnUpdate(oldObj, newObj interface{})

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL