Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ReconcileClusterRoleBindingOptions ¶
type ReconcileClusterRoleBindingOptions struct {
// RoleBinding is the expected rolebinding that will be reconciled
RoleBinding *rbac.ClusterRoleBinding
// Confirm indicates writes should be performed. When false, results are returned as a dry-run.
Confirm bool
// RemoveExtraSubjects indicates reconciliation should remove extra subjects from an existing role binding
RemoveExtraSubjects bool
// Client is used to look up existing rolebindings, and create/update the rolebinding when Confirm=true
Client internalversion.ClusterRoleBindingInterface
}
ReconcileClusterRoleBindingOptions holds options for running a role binding reconciliation
func (*ReconcileClusterRoleBindingOptions) Run ¶
func (o *ReconcileClusterRoleBindingOptions) Run() (*ReconcileClusterRoleBindingResult, error)
type ReconcileClusterRoleBindingResult ¶
type ReconcileClusterRoleBindingResult struct {
// RoleBinding is the reconciled rolebinding from the reconciliation operation.
// If the reconcile was performed as a dry-run, or the existing rolebinding was protected, the reconciled rolebinding is not persisted.
RoleBinding *rbac.ClusterRoleBinding
// MissingSubjects contains expected subjects that were missing from the currently persisted rolebinding
MissingSubjects []rbac.Subject
// ExtraSubjects contains extra subjects the currently persisted rolebinding had
ExtraSubjects []rbac.Subject
// Operation is the API operation required to reconcile.
// If no reconciliation was needed, it is set to ReconcileNone.
// If options.Confirm == false, the reconcile was in dry-run mode, so the operation was not performed.
// If result.Protected == true, the rolebinding opted out of reconciliation, so the operation was not performed.
// Otherwise, the operation was performed.
Operation ReconcileOperation
// Protected indicates an existing role prevented reconciliation
Protected bool
}
ReconcileClusterRoleBindingResult holds the result of a reconciliation operation.
type ReconcileClusterRoleOptions ¶
type ReconcileClusterRoleOptions struct {
// Role is the expected role that will be reconciled
Role *rbac.ClusterRole
// Confirm indicates writes should be performed. When false, results are returned as a dry-run.
Confirm bool
// RemoveExtraPermissions indicates reconciliation should remove extra permissions from an existing role
RemoveExtraPermissions bool
// Client is used to look up existing roles, and create/update the role when Confirm=true
Client internalversion.ClusterRoleInterface
}
func (*ReconcileClusterRoleOptions) Run ¶
func (o *ReconcileClusterRoleOptions) Run() (*ReconcileClusterRoleResult, error)
type ReconcileClusterRoleResult ¶
type ReconcileClusterRoleResult struct {
// Role is the reconciled role from the reconciliation operation.
// If the reconcile was performed as a dry-run, or the existing role was protected, the reconciled role is not persisted.
Role *rbac.ClusterRole
// MissingRules contains expected rules that were missing from the currently persisted role
MissingRules []rbac.PolicyRule
// ExtraRules contains extra permissions the currently persisted role had
ExtraRules []rbac.PolicyRule
// Operation is the API operation required to reconcile.
// If no reconciliation was needed, it is set to ReconcileNone.
// If options.Confirm == false, the reconcile was in dry-run mode, so the operation was not performed.
// If result.Protected == true, the role opted out of reconciliation, so the operation was not performed.
// Otherwise, the operation was performed.
Operation ReconcileOperation
// Protected indicates an existing role prevented reconciliation
Protected bool
}
type ReconcileOperation ¶
type ReconcileOperation string
var ( ReconcileCreate ReconcileOperation = "create" ReconcileUpdate ReconcileOperation = "update" ReconcileRecreate ReconcileOperation = "recreate" ReconcileNone ReconcileOperation = "none" )
Source Files
Click to show internal directories.
Click to hide internal directories.