View Source
const (
	All                            action = "s3:*"
	AbortMultipartUpload           action = "s3:AbortMultipartUpload"
	CreateBucket                   action = "s3:CreateBucket"
	DeleteBucketPolicy             action = "s3:DeleteBucketPolicy"
	DeleteBucket                   action = "s3:DeleteBucket"
	DeleteBucketWebsite            action = "s3:DeleteBucketWebsite"
	DeleteObject                   action = "s3:DeleteObject"
	DeleteObjectVersion            action = "s3:DeleteObjectVersion"
	DeleteReplicationConfiguration action = "s3:DeleteReplicationConfiguration"
	GetAccelerateConfiguration     action = "s3:GetAccelerateConfiguration"
	GetBucketAcl                   action = "s3:GetBucketAcl"
	GetBucketCORS                  action = "s3:GetBucketCORS"
	GetBucketLocation              action = "s3:GetBucketLocation"
	GetBucketLogging               action = "s3:GetBucketLogging"
	GetBucketNotification          action = "s3:GetBucketNotification"
	GetBucketPolicy                action = "s3:GetBucketPolicy"
	GetBucketRequestPayment        action = "s3:GetBucketRequestPayment"
	GetBucketTagging               action = "s3:GetBucketTagging"
	GetBucketVersioning            action = "s3:GetBucketVersioning"
	GetBucketWebsite               action = "s3:GetBucketWebsite"
	GetLifecycleConfiguration      action = "s3:GetLifecycleConfiguration"
	GetObjectAcl                   action = "s3:GetObjectAcl"
	GetObject                      action = "s3:GetObject"
	GetObjectTorrent               action = "s3:GetObjectTorrent"
	GetObjectVersionAcl            action = "s3:GetObjectVersionAcl"
	GetObjectVersion               action = "s3:GetObjectVersion"
	GetObjectVersionTorrent        action = "s3:GetObjectVersionTorrent"
	GetReplicationConfiguration    action = "s3:GetReplicationConfiguration"
	ListAllMyBuckets               action = "s3:ListAllMyBuckets"
	ListBucketMultiPartUploads     action = "s3:ListBucketMultiPartUploads"
	ListBucket                     action = "s3:ListBucket"
	ListBucketVersions             action = "s3:ListBucketVersions"
	ListMultipartUploadParts       action = "s3:ListMultipartUploadParts"
	PutAccelerateConfiguration     action = "s3:PutAccelerateConfiguration"
	PutBucketAcl                   action = "s3:PutBucketAcl"
	PutBucketCORS                  action = "s3:PutBucketCORS"
	PutBucketLogging               action = "s3:PutBucketLogging"
	PutBucketNotification          action = "s3:PutBucketNotification"
	PutBucketPolicy                action = "s3:PutBucketPolicy"
	PutBucketRequestPayment        action = "s3:PutBucketRequestPayment"
	PutBucketTagging               action = "s3:PutBucketTagging"
	PutBucketVersioning            action = "s3:PutBucketVersioning"
	PutBucketWebsite               action = "s3:PutBucketWebsite"
	PutLifecycleConfiguration      action = "s3:PutLifecycleConfiguration"
	PutObjectAcl                   action = "s3:PutObjectAcl"
	PutObject                      action = "s3:PutObject"
	PutObjectVersionAcl            action = "s3:PutObjectVersionAcl"
	PutReplicationConfiguration    action = "s3:PutReplicationConfiguration"
	RestoreObject                  action = "s3:RestoreObject"


    AllowedActions is a lenient default list of actions


    func NewBucketController

    func NewBucketController(cfg *rest.Config, p *Provisioner) (*provisioner.Provisioner, error)


    type BucketPolicy

    type BucketPolicy struct {
    	// Id (optional) identifies the bucket policy
    	Id string `json:"Id"`
    	// Version is the version of the BucketPolicy data structure
    	// should always be '2012-10-17'
    	Version   string            `json:"Version"`
    	Statement []PolicyStatement `json:"Statement"`

      BucketPolicy represents set of policy statements for a single bucket.

      func NewBucketPolicy

      func NewBucketPolicy(ps ...PolicyStatement) *BucketPolicy

        NewBucketPolicy obviously returns a new BucketPolicy. PolicyStatements may be passed in at creation or added after the fact. BucketPolicies should be passed to PutBucketPolicy().

        func (*BucketPolicy) DropPolicyStatements

        func (bp *BucketPolicy) DropPolicyStatements(sid ...string) *BucketPolicy

        func (*BucketPolicy) EjectPrincipals

        func (bp *BucketPolicy) EjectPrincipals(users ...string) *BucketPolicy

        func (*BucketPolicy) ModifyBucketPolicy

        func (bp *BucketPolicy) ModifyBucketPolicy(ps ...PolicyStatement) *BucketPolicy

          ModifyBucketPolicy new and old statement SIDs and overwrites on a match. This allows users to Get, modify, and Replace existing statements as well as add new ones.

          type PolicyStatement

          type PolicyStatement struct {
          	// Sid (optional) is the PolicyStatement's unique  identifier
          	Sid string `json:"Sid"`
          	// Effect determins whether the Action(s) are 'Allow'ed or 'Deny'ed.
          	Effect effect `json:"Effect"`
          	// Principle is/are the Ceph user names affected by this PolicyStatement
          	// Must be in the format of 'arn:aws:iam:::user/<ceph-user>'
          	Principal map[string][]string `json:"Principal"`
          	// Action is a list of s3:* actions
          	Action []action `json:"Action"`
          	// Resource is the ARN identifier for the S3 resource (bucket)
          	// Must be in the format of 'arn:aws:s3:::<bucket>'
          	Resource []string `json:"Resource"`

            PolicyStatment is the Go representation of a PolicyStatement json struct it defines what Actions that a Principle can or cannot perform on a Resource

            func NewPolicyStatement

            func NewPolicyStatement() *PolicyStatement

              NewPolicyStatement generates a new PolicyStatement. PolicyStatment methods are designed to be chain called with dot notation to allow for easy configuration at creation. This is preferable to a long parameter list.

              func (*PolicyStatement) Actions

              func (ps *PolicyStatement) Actions(actions ...action) *PolicyStatement

                Actions is the set of "s3:*" actions for the PolicyStatement is concerned

                func (*PolicyStatement) Allows

                func (ps *PolicyStatement) Allows() *PolicyStatement

                  Allows sets the effect of the PolicyStatement to allow PolicyStatement's Actions

                  func (*PolicyStatement) Denies

                  func (ps *PolicyStatement) Denies() *PolicyStatement

                    Denies sets the effect of the PolicyStatement to deny the PolicyStatement's Actions

                    func (*PolicyStatement) EjectPrincipals

                    func (ps *PolicyStatement) EjectPrincipals(users ...string)

                    func (*PolicyStatement) ForPrincipals

                    func (ps *PolicyStatement) ForPrincipals(users ...string) *PolicyStatement

                      ForPrincipals adds users to the PolicyStatement

                      func (*PolicyStatement) ForResources

                      func (ps *PolicyStatement) ForResources(resources ...string) *PolicyStatement

                        ForResources adds resources (buckets) to the PolicyStatement with the appropriate ARN prefix

                        func (*PolicyStatement) ForSubResources

                        func (ps *PolicyStatement) ForSubResources(resources ...string) *PolicyStatement

                          ForSubResources add contents inside the bucket to the PolicyStatement with the appropriate ARN prefix

                          func (*PolicyStatement) WithSID

                          func (ps *PolicyStatement) WithSID(sid string) *PolicyStatement

                          type Provisioner

                          type Provisioner struct {
                          	// contains filtered or unexported fields

                          func NewProvisioner

                          func NewProvisioner(context *clusterd.Context, namespace string) *Provisioner

                          func (Provisioner) Delete

                          func (p Provisioner) Delete(ob *bktv1alpha1.ObjectBucket) error

                            Delete is called when the ObjectBucketClaim (OBC) is deleted and the associated storage class' reclaimPolicy is "Delete". Or, if a Provision() error occurs and the bucket controller needs to clean up before retrying.

                            func (Provisioner) Grant

                              Grant attaches to an existing rgw bucket and returns a connection info representing the bucket's endpoint and user access credentials.

                              func (Provisioner) Provision

                              func (p Provisioner) Provision(options *apibkt.BucketOptions) (*bktv1alpha1.ObjectBucket, error)

                                Provision creates an s3 bucket and returns a connection info representing the bucket's endpoint and user access credentials.

                                func (Provisioner) Revoke

                                func (p Provisioner) Revoke(ob *bktv1alpha1.ObjectBucket) error

                                  Revoke removes a user and creds from an existing bucket. Note: cleanup order below matters.

                                  type S3Agent

                                  type S3Agent struct {
                                  	// contains filtered or unexported fields

                                    S3Agent wraps the s3.S3 structure to allow for wrapper methods

                                    func NewS3Agent

                                    func NewS3Agent(accessKey, secretKey, endpoint string) (*S3Agent, error)

                                    func (S3Agent) CreateBucket

                                    func (s S3Agent) CreateBucket(name string) error

                                      CreateBucket creates a bucket with the given name

                                      func (S3Agent) GetBucketPolicy

                                      func (s S3Agent) GetBucketPolicy(bucket string) (*BucketPolicy, error)

                                      func (S3Agent) PutBucketPolicy

                                      func (s S3Agent) PutBucketPolicy(bucket string, policy BucketPolicy) (*s3.PutBucketPolicyOutput, error)

                                        PutBucketPolicy applies the policy to the bucket