Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// IdentitiesPath is the path to where identities are stored in the
	// key-value store.
	IdentitiesPath = path.Join(kvstore.BaseKeyPrefix, "state", "identities", "v1")
)

Functions

This section is empty.

Types

type CachingIdentityAllocator

type CachingIdentityAllocator struct {
	// IdentityAllocator is an allocator for security identities from the
	// kvstore.
	IdentityAllocator *allocator.Allocator
	// contains filtered or unexported fields
}

    CachingIdentityAllocator manages the allocation of identities for both global and local identities.

    func NewCachingIdentityAllocator

    func NewCachingIdentityAllocator(owner IdentityAllocatorOwner) *CachingIdentityAllocator

      NewCachingIdentityAllocator creates a new instance of an CachingIdentityAllocator.

      func (*CachingIdentityAllocator) AllocateIdentity

      func (m *CachingIdentityAllocator) AllocateIdentity(ctx context.Context, lbls labels.Labels, notifyOwner bool) (id *identity.Identity, allocated bool, err error)

        AllocateIdentity allocates an identity described by the specified labels. If an identity for the specified set of labels already exist, the identity is re-used and reference counting is performed, otherwise a new identity is allocated via the kvstore.

        func (*CachingIdentityAllocator) Close

        func (m *CachingIdentityAllocator) Close()

          Close closes the identity allocator and allows to call InitIdentityAllocator() again.

          func (*CachingIdentityAllocator) GetIdentities

          func (m *CachingIdentityAllocator) GetIdentities() IdentitiesModel

            GetIdentities returns all known identities

            func (*CachingIdentityAllocator) GetIdentityCache

            func (m *CachingIdentityAllocator) GetIdentityCache() IdentityCache

              GetIdentityCache returns a cache of all known identities

              func (*CachingIdentityAllocator) InitIdentityAllocator

              func (m *CachingIdentityAllocator) InitIdentityAllocator(client clientset.Interface, identityStore cache.Store) <-chan struct{}

                InitIdentityAllocator creates the the identity allocator. Only the first invocation of this function will have an effect. The Caller must have initialized well known identities before calling this (by calling identity.InitWellKnownIdentities()). client and identityStore are only used by the CRD identity allocator, currently, and identityStore may be nil. Returns a channel which is closed when initialization of the allocator is completed. TODO: identity backends are initialized directly in this function, pulling in dependencies on kvstore and k8s. It would be better to decouple this, since the backends are an interface.

                func (*CachingIdentityAllocator) LookupIdentity

                func (m *CachingIdentityAllocator) LookupIdentity(ctx context.Context, lbls labels.Labels) *identity.Identity

                  LookupIdentity looks up the identity by its labels but does not create it. This function will first search through the local cache, then the caches for remote kvstores and finally fall back to the main kvstore. May return nil for lookups if the allocator has not yet been synchronized.

                  func (*CachingIdentityAllocator) LookupIdentityByID

                    LookupIdentityByID returns the identity by ID. This function will first search through the local cache, then the caches for remote kvstores and finally fall back to the main kvstore May return nil for lookups if the allocator has not yet been synchronized.

                    func (*CachingIdentityAllocator) Release

                    func (m *CachingIdentityAllocator) Release(ctx context.Context, id *identity.Identity) (released bool, err error)

                      Release is the reverse operation of AllocateIdentity() and releases the identity again. This function may result in kvstore operations. After the last user has released the ID, the returned lastUse value is true.

                      func (*CachingIdentityAllocator) ReleaseSlice

                      func (m *CachingIdentityAllocator) ReleaseSlice(ctx context.Context, owner IdentityAllocatorOwner, identities []*identity.Identity) error

                        ReleaseSlice attempts to release a set of identities. It is a helper function that may be useful for cleaning up multiple identities in paths where several identities may be allocated and another error means that they should all be released.

                        func (*CachingIdentityAllocator) WaitForInitialGlobalIdentities

                        func (m *CachingIdentityAllocator) WaitForInitialGlobalIdentities(ctx context.Context) error

                          WaitForInitialGlobalIdentities waits for the initial set of global security identities to have been received and populated into the allocator cache.

                          func (*CachingIdentityAllocator) WatchRemoteIdentities

                          func (m *CachingIdentityAllocator) WatchRemoteIdentities(backend kvstore.BackendOperations) (*allocator.RemoteCache, error)

                            WatchRemoteIdentities starts watching for identities in another kvstore and syncs all identities to the local identity cache.

                            type GlobalIdentity

                            type GlobalIdentity struct {
                            	labels.LabelArray
                            }

                              GlobalIdentity is the structure used to store an identity

                              func (GlobalIdentity) GetAsMap

                              func (gi GlobalIdentity) GetAsMap() map[string]string

                                GetAsMap encodes a GlobalIdentity a map of keys to values. The keys will include a source delimted by a ':'. This output is pareable by PutKeyFromMap.

                                func (GlobalIdentity) GetKey

                                func (gi GlobalIdentity) GetKey() (str string)

                                  GetKey encodes an Identity as string

                                  func (GlobalIdentity) PutKey

                                    PutKey decodes an Identity from its string representation

                                    func (GlobalIdentity) PutKeyFromMap

                                    func (gi GlobalIdentity) PutKeyFromMap(v map[string]string) allocator.AllocatorKey

                                      PutKeyFromMap decodes an Identity from a map of key to value. Output from GetAsMap can be parsed. Note: NewLabelArrayFromMap will parse the ':' separated label source from the keys because the source parameter is ""

                                      type IdentitiesModel

                                      type IdentitiesModel []*models.Identity

                                        IdentitiesModel is a wrapper so that we can implement the sort.Interface to sort the slice by ID

                                        func (IdentitiesModel) Less

                                        func (s IdentitiesModel) Less(i, j int) bool

                                          Less returns true if the element in index `i` is lower than the element in index `j`

                                          type IdentityAllocator

                                          type IdentityAllocator interface {
                                          	// WaitForInitialGlobalIdentities waits for the initial set of global
                                          	// security identities to have been received.
                                          	WaitForInitialGlobalIdentities(context.Context) error
                                          
                                          	// AllocateIdentity allocates an identity described by the specified labels.
                                          	AllocateIdentity(context.Context, labels.Labels, bool) (*identity.Identity, bool, error)
                                          
                                          	// Release is the reverse operation of AllocateIdentity() and releases the
                                          	// specified identity.
                                          	Release(context.Context, *identity.Identity) (released bool, err error)
                                          
                                          	// LookupIdentityByID returns the identity that corresponds to the given
                                          	// numeric identity.
                                          	LookupIdentityByID(ctx context.Context, id identity.NumericIdentity) *identity.Identity
                                          }

                                            IdentityAllocator is any type which is responsible for allocating security identities based of sets of labels, and caching information about identities locally.

                                            type IdentityAllocatorOwner

                                            type IdentityAllocatorOwner interface {
                                            	// UpdateIdentities will be called when identities have changed
                                            	//
                                            	// The caller is responsible for making sure the same identity
                                            	// is not present in both 'added' and 'deleted', so that they
                                            	// can be processed in either order.
                                            	UpdateIdentities(added, deleted IdentityCache)
                                            
                                            	// GetSuffix must return the node specific suffix to use
                                            	GetNodeSuffix() string
                                            }

                                              IdentityAllocatorOwner is the interface the owner of an identity allocator must implement

                                              type IdentityCache

                                              type IdentityCache map[identity.NumericIdentity]labels.LabelArray

                                                IdentityCache is a cache of identity to labels mapping