k8sauthz

package
v0.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 9, 2024 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultTimeout        = 60 * time.Second
	DefaultInterval       = 10 * time.Minute
	DefaultUsernamePrefix = "oidc:"
)

Variables

View Source 
var (
	ErrRepositoryIsRequired = errors.New("repository is required")
)

Functions

This section is empty.

Types

type ClusterRoleMapping 

type ClusterRoleMapping struct {
	Scope       string `yaml:"scope"`
	Role        string `yaml:"role"`
	ClusterRole string `yaml:"clusterRole"`
}

type Config 

type Config struct {

	// Internal is a required field that specifies the interval at which the Git repository must be fetched.
	Interval *time.Duration `yaml:"interval"`
	// Repository is the git config to use
	Repository *git.GitConfig `yaml:"repository"`
	// Mappings define which k8s role in m8 leads to which cluster role within clusters
	Mappings []*ClusterRoleMapping `yaml:"mappings"`
	// UsernamePrefix is prepended to usernames to prevent clashes with existing names (such as system: users). For example, the value oidc: will create usernames like oidc:jane.doe. Defaults to oidc:.
	UsernamePrefix string `yaml:"usernamePrefix"`
	// AllClusters is an optional field to specify if the RBAC for all clusters should be managed. Defaults to false.
	AllClusters bool `yaml:"allClusters"`
	// Clusters is an optional field to specify a list of clusters for which the RBAC should be managed.
	Clusters []string `yaml:"clusters"`
	// SubDir is the relative path within the repo where to reconcile yamls
	SubDir string `yaml:"subdir"`
	// contains filtered or unexported fields
}

Config is the configuration for the GitRepoReconciler.

func NewConfigFromFile 

func NewConfigFromFile(data []byte) (*Config, error)

NewConfigFromFile creates a new GitRepoReconcilerConfig from a given yaml file

func NewConfigFromFilePath 

func NewConfigFromFilePath(name string) (*Config, error)

NewConfigFromFile creates a new GitRepoReconcilerConfig from a given yaml file path

type GitRepoReconciler 

type GitRepoReconciler struct {
	// contains filtered or unexported fields
}

GitRepoReconciler reconciles the resources within the target repo to match the expected state.

func NewGitRepoReconciler 

func NewGitRepoReconciler(
	config *Config,
	userRepo repositories.UserRepository,
	clusterAccessRepo repositories.ClusterAccessRepository,
	gitClient *git.GitClient,
) *GitRepoReconciler

NewGitRepoReconciler creates a new GitRepoReconciler configured via the given config.

func (*GitRepoReconciler) Reconcile 

func (r *GitRepoReconciler) Reconcile(ctx context.Context) error

func (*GitRepoReconciler) ReconcileUser 

func (r *GitRepoReconciler) ReconcileUser(ctx context.Context, user *projections.User) error

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

func NewManager 

func NewManager(userRepository repositories.UserRepository, clusterAccessRepository repositories.ClusterAccessRepository) *Manager

func (*Manager) Close 

func (m *Manager) Close() error

func (*Manager) Notify 

func (m *Manager) Notify(ctx context.Context, u *projections.User)

func (*Manager) Run 

func (m *Manager) Run(ctx context.Context, conf *Config) error

type TestEnv 

type TestEnv struct {
	// contains filtered or unexported fields
}

func NewTestEnv 

func NewTestEnv() (*TestEnv, error)

func (*TestEnv) Shutdown 

func (env *TestEnv) Shutdown() error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.