Documentation
¶
Overview ¶
Package utils provides a set of utility functions that make implementing the IBuilder interface easier.
Index ¶
- func CreateAccessCommand(cmdString string, resource metav1.ObjectMeta) (string, error)
- func CreatePod(ctx context.Context, client client.Client, req v1alpha1.IRequestResource, ...) (*corev1.Pod, error)
- func CreateRole(ctx context.Context, client client.Client, req v1alpha1.IRequestResource, ...) (*rbacv1.Role, error)
- func CreateRoleBinding(ctx context.Context, client client.Client, req v1alpha1.IRequestResource, ...) (*rbacv1.RoleBinding, error)
- func GenerateResourceName(req client.Object) string
- func GetAccessDuration(req v1alpha1.IRequestResource, tmpl v1alpha1.ITemplateResource) (accessDuration time.Duration, decision string, err error)
- func GetPodTemplateFromController(ctx context.Context, client client.Client, tmpl v1alpha1.ITemplateResource) (corev1.PodTemplateSpec, error)
- func GetSelectorLabels(ctx context.Context, client client.Client, tmpl v1alpha1.ITemplateResource) (labels.Selector, error)
- func GetTargetRefResource(ctx context.Context, client client.Client, tmpl v1alpha1.ITemplateResource) (client.Object, error)
- func ObjectToJSON(obj client.Object) string
- func SetOwnerReference(ctx context.Context, client client.Client, owner client.Object, ...) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateAccessCommand ¶
func CreateAccessCommand(cmdString string, resource metav1.ObjectMeta) (string, error)
CreateAccessCommand templates an access command string, evaluates data from a pod.ObjectMeta
func CreatePod ¶
func CreatePod( ctx context.Context, client client.Client, req v1alpha1.IRequestResource, podTemplateSpec corev1.PodTemplateSpec, ) (*corev1.Pod, error)
CreatePod creates a new Pod based on the supplied PodTemplateSpec, ensuring that the OwnerReference is set appropriately before the creation to guarantee proper cleanup.
func CreateRole ¶
func CreateRole( ctx context.Context, client client.Client, req v1alpha1.IRequestResource, rules []rbacv1.PolicyRule, ) (*rbacv1.Role, error)
CreateRole will create a Kubernetes Role for a specific Access Request with the supplied permissions. The OwnerReference is set to ensure proper cleanup.
func CreateRoleBinding ¶
func CreateRoleBinding( ctx context.Context, client client.Client, req v1alpha1.IRequestResource, tmpl v1alpha1.ITemplateResource, role *rbacv1.Role, ) (*rbacv1.RoleBinding, error)
CreateRoleBinding will create a RoleBinding to a Role for a set of Groups defined in an Access Template.
func GenerateResourceName ¶
GenerateResourceName takes in an API.IRequestResource conforming object and returns a unique resource name string that can be used to safely create other resources (roles, bindings, etc).
Returns:
string: A resource name string
func GetAccessDuration ¶
func GetAccessDuration( req v1alpha1.IRequestResource, tmpl v1alpha1.ITemplateResource, ) (accessDuration time.Duration, decision string, err error)
GetAccessDuration is a generic function for getting the proper Access Duration for a particular Access Request. This common logic can be shared across our IBuilders.
func GetPodTemplateFromController ¶
func GetPodTemplateFromController( ctx context.Context, client client.Client, tmpl v1alpha1.ITemplateResource, ) (corev1.PodTemplateSpec, error)
GetPodTemplateFromController will return a PodTemplate resource from an understood controller type (Deployment, DaemonSet, Rollout, or StatefulSet).
revive:disable:cyclomatic
func GetSelectorLabels ¶
func GetSelectorLabels( ctx context.Context, client client.Client, tmpl v1alpha1.ITemplateResource, ) (labels.Selector, error)
GetSelectorLabels understands how to return a labels.Selector struct from a supplied controller object - as long as it is one of the following:
- Deployment
- DaemonSet
- StatefulSet
- Rollout
https://medium.com/coding-kubernetes/using-k8s-label-selectors-in-go-the-right-way-733cde7e8630
Returns:
- labels.Selector: A populated labels.Selector which can be used when searching for Pods
- error
revive:disable:cyclomatic
func GetTargetRefResource ¶
func GetTargetRefResource( ctx context.Context, client client.Client, tmpl v1alpha1.ITemplateResource, ) (client.Object, error)
GetTargetRefResource returns a generic client.Object resource from the Kubernetes API that points to the Access Template Spec.targetRef configured resource. This generic function allows us (in the future) to have AccessTemplates understand how to point to all kinds of different Pods via different controllers.
Returns:
client.Object: An unstructured.Unstructured{} object pointing to the target controller.
func ObjectToJSON ¶
ObjectToJSON is a quick helper function for pretty-printing an entire K8S object in JSON form. Used in certain debug log statements primarily.
func SetOwnerReference ¶
func SetOwnerReference( ctx context.Context, client client.Client, owner client.Object, controlled client.Object, ) error
SetOwnerReference provides a generic wrapper for setting the OwnerReference on a resource and updating the pointer to that resource. This function is used by the individual builders to implement the IBuilder interface.
Types ¶
This section is empty.
Source Files
¶
- access_command.go
- create_pod.go
- create_role.go
- create_role_binding.go
- doc.go
- generate_resource_name.go
- get_access_duration.go
- get_daemonset.go
- get_deployment.go
- get_pod_template_from_controller.go
- get_rollout.go
- get_selector_labels.go
- get_short_uid.go
- get_statefulset.go
- get_target_ref_resource.go
- object_to_json.go
- set_owner_reference.go