server

package

v1.4.0 Latest Latest Go to latest Published: Sep 5, 2023 License: Apache-2.0 Imports: 66 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubeclipper/kubeclipper

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type APIServer
type GlobalRoleBindingList
- func (receiver *GlobalRoleBindingList) Diff(diffList *iamv1.GlobalRoleBindingList) GlobalRoleBindingList
type GlobalRoleList
- func (receiver *GlobalRoleList) Diff(diffList *iamv1.GlobalRoleList) GlobalRoleList
type UserList
- func GetInternalUser(password string) UserList
- func (receiver *UserList) Diff(diffList *iamv1.UserList) UserList

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	RequestCounter = compbasemetrics.NewCounterVec(
		&compbasemetrics.CounterOpts{
			Name:           "ks_server_request_total",
			Help:           "Counter of ks_server requests broken out for each verb, group, version, resource and HTTP response code.",
			StabilityLevel: compbasemetrics.ALPHA,
		},
		[]string{"verb", "group", "version", "resource", "code"},
	)

	RequestLatencies = compbasemetrics.NewHistogramVec(
		&compbasemetrics.HistogramOpts{
			Name: "ks_server_request_duration_seconds",
			Help: "Response latency distribution in seconds for each verb, group, version, resource",

			Buckets: []float64{0.05, 0.1, 0.15, 0.2, 0.25, 0.3, 0.35, 0.4, 0.45, 0.5, 0.6, 0.7, 0.8, 0.9, 1.0,
				1.25, 1.5, 1.75, 2.0, 2.5, 3.0, 3.5, 4.0, 4.5, 5, 6, 7, 8, 9, 10, 15, 20, 25, 30, 40, 50, 60},
			StabilityLevel: compbasemetrics.ALPHA,
		},
		[]string{"verb", "group", "version", "resource"},
	)
)

View Source

var RoleBindings = GlobalRoleBindingList{
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       "GlobalRoleBinding",
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Name: "anonymous",
			Annotations: map[string]string{
				"kubeclipper.io/internal": "true",
			},
		},
		RoleRef: rbacv1.RoleRef{
			APIGroup: "iam.kubeclipper.io",
			Kind:     "GlobalRole",
			Name:     "anonymous",
		},
		Subjects: []rbacv1.Subject{
			{
				APIGroup: "rbac.authorization.k8s.io",
				Kind:     "Group",
				Name:     "system:unauthenticated",
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       "GlobalRoleBinding",
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Name: "authenticated",
			Annotations: map[string]string{
				"kubeclipper.io/internal": "true",
			},
		},
		RoleRef: rbacv1.RoleRef{
			APIGroup: "iam.kubeclipper.io",
			Kind:     "GlobalRole",
			Name:     "authenticated",
		},
		Subjects: []rbacv1.Subject{
			{
				APIGroup: "rbac.authorization.k8s.io",
				Kind:     "Group",
				Name:     "system:authenticated",
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       "GlobalRoleBinding",
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Name: "platform-admin",
			Annotations: map[string]string{
				"kubeclipper.io/internal": "true",
			},
		},
		RoleRef: rbacv1.RoleRef{
			APIGroup: "iam.kubeclipper.io",
			Kind:     "GlobalRole",
			Name:     "platform-admin",
		},
		Subjects: []rbacv1.Subject{
			{
				APIGroup: "rbac.authorization.k8s.io",
				Kind:     "User",
				Name:     "system:kc-server",
			},
			{
				APIGroup: "rbac.authorization.k8s.io",
				Kind:     "User",
				Name:     "system:kcctl",
			},
			{
				APIGroup: "rbac.authorization.k8s.io",
				Kind:     "User",
				Name:     "admin",
			},
		},
	},
}

View Source

var Roles = GlobalRoleList{
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/module":              "Access Control",
				"kubeclipper.io/role-template-rules": "{\"users\": \"view\"}",
				"kubeclipper.io/alias-name":          "Users View",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-view-users",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"iam.kubeclipper.io"},
				Resources: []string{"users", "users/loginrecords"},
				Verbs:     []string{"get", "list", "watch"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/dependencies":        "[\"role-template-view-users\"]",
				"kubeclipper.io/module":              "Access Control",
				"kubeclipper.io/role-template-rules": "{\"roles\": \"view\"}",
				"kubeclipper.io/alias-name":          "Roles View",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-view-roles",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"iam.kubeclipper.io"},
				Resources: []string{"roles"},
				Verbs:     []string{"get", "list", "watch"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/dependencies":        "[\"role-template-view-roles\"]",
				"kubeclipper.io/module":              "Access Control",
				"kubeclipper.io/role-template-rules": "{\"roles\": \"create\"}",
				"kubeclipper.io/alias-name":          "Roles Create",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-create-roles",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"iam.kubeclipper.io"},
				Resources: []string{"roles"},
				Verbs:     []string{"create"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/dependencies":        "[\"role-template-view-roles\"]",
				"kubeclipper.io/module":              "Access Control",
				"kubeclipper.io/role-template-rules": "{\"roles\": \"edit\"}",
				"kubeclipper.io/alias-name":          "Roles Edit",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-edit-roles",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"iam.kubeclipper.io"},
				Resources: []string{"roles"},
				Verbs:     []string{"update", "patch"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/dependencies":        "[\"role-template-view-roles\"]",
				"kubeclipper.io/module":              "Access Control",
				"kubeclipper.io/role-template-rules": "{\"roles\": \"delete\"}",
				"kubeclipper.io/alias-name":          "Roles Delete",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-delete-roles",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"iam.kubeclipper.io"},
				Resources: []string{"roles"},
				Verbs:     []string{"delete"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/dependencies":        "[\"role-template-view-users\",\"role-template-view-roles\"]",
				"kubeclipper.io/module":              "Access Control",
				"kubeclipper.io/role-template-rules": "{\"users\": \"create\"}",
				"kubeclipper.io/alias-name":          "Users Create",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-create-users",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"iam.kubeclipper.io"},
				Resources: []string{"users"},
				Verbs:     []string{"create"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/dependencies":        "[\"role-template-view-users\",\"role-template-view-roles\"]",
				"kubeclipper.io/module":              "Access Control",
				"kubeclipper.io/role-template-rules": "{\"users\": \"edit\"}",
				"kubeclipper.io/alias-name":          "Users Edit",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-edit-users",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"iam.kubeclipper.io"},
				Resources: []string{"users", "users/password", "users/enable", "users/disable"},
				Verbs:     []string{"update", "patch"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/dependencies":        "[\"role-template-view-users\",\"role-template-view-roles\"]",
				"kubeclipper.io/module":              "Access Control",
				"kubeclipper.io/role-template-rules": "{\"users\": \"delete\"}",
				"kubeclipper.io/alias-name":          "Users Delete",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-delete-users",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"iam.kubeclipper.io"},
				Resources: []string{"users"},
				Verbs:     []string{"delete"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/dependencies":        "[\"role-template-view-clusters\"]",
				"kubeclipper.io/module":              "Cluster Management",
				"kubeclipper.io/role-template-rules": "{\"clusters\": \"access\"}",
				"kubeclipper.io/alias-name":          "Cluster Access",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-access-clusters",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"clusters/terminal"},
				Verbs:     []string{"get"},
			},
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"clusters/proxy"},
				Verbs:     []string{"*"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/module":              "Cluster Management",
				"kubeclipper.io/role-template-rules": "{\"backuppoints\": \"view\"}",
				"kubeclipper.io/alias-name":          "BackupPoint View",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-view-backuppoints",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"backuppoints"},
				Verbs:     []string{"get", "list", "watch"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/dependencies":        "[\"role-template-view-backuppoints\"]",
				"kubeclipper.io/module":              "Cluster Management",
				"kubeclipper.io/role-template-rules": "{\"backuppoints\": \"edit\"}",
				"kubeclipper.io/alias-name":          "BackupPoint Edit",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-edit-backuppoints",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"backuppoints"},
				Verbs:     []string{"create", "delete", "update", "patch"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/module":              "Cluster Management",
				"kubeclipper.io/role-template-rules": "{\"registries\": \"view\"}",
				"kubeclipper.io/alias-name":          "Registry View",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-view-registries",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"registries"},
				Verbs:     []string{"get", "list", "watch"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/dependencies":        "[\"role-template-view-registries\"]",
				"kubeclipper.io/module":              "Cluster Management",
				"kubeclipper.io/role-template-rules": "{\"registries\": \"edit\"}",
				"kubeclipper.io/alias-name":          "Registry Edit",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-edit-registries",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"registries"},
				Verbs:     []string{"create", "update", "patch", "delete"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/module":              "Cluster Management",
				"kubeclipper.io/role-template-rules": "{\"cloudproviders\": \"view\"}",
				"kubeclipper.io/alias-name":          "CloudProvider View",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-view-cloudproviders",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"cloudproviders", "cloudproviders/precheck"},
				Verbs:     []string{"get", "list", "watch"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/dependencies":        "[\"role-template-view-cloudproviders\"]",
				"kubeclipper.io/module":              "Cluster Management",
				"kubeclipper.io/role-template-rules": "{\"cloudproviders\": \"edit\"}",
				"kubeclipper.io/alias-name":          "CloudProvider Edit",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-edit-cloudproviders",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"cloudproviders", "cloudproviders/precheck"},
				Verbs:     []string{"*"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/module":              "Cluster Management",
				"kubeclipper.io/role-template-rules": "{\"clusters\": \"view\"}",
				"kubeclipper.io/alias-name":          "Cluster View",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-view-clusters",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"clusters", "nodes", "regions", "operations", "logs", "clusters/upgrade", "nodes/terminal"},
				Verbs:     []string{"get", "list", "watch"},
			},
			{
				APIGroups: []string{"config.kubeclipper.io"},
				Resources: []string{"terminal.key"},
				Verbs:     []string{"get", "list", "watch"},
			},
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"templates"},
				Verbs:     []string{"get", "list", "watch"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/dependencies":        "[\"role-template-view-clusters\",\"role-template-view-backuppoints\",\"role-template-view-registries\"]",
				"kubeclipper.io/module":              "Cluster Management",
				"kubeclipper.io/role-template-rules": "{\"clusters\": \"create\"}",
				"kubeclipper.io/alias-name":          "Cluster Create",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-create-clusters",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"clusters", "nodes", "regions", "operations/retry", "clusters/upgrade"},
				Verbs:     []string{"create"},
			},
			{
				APIGroups: []string{"config.kubeclipper.io"},
				Resources: []string{"template"},
				Verbs:     []string{"get", "list", "watch"},
			},
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"templates"},
				Verbs:     []string{"get", "list", "watch"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/dependencies":        "[\"role-template-view-clusters\",\"role-template-view-backuppoints\",\"role-template-view-registries\"]",
				"kubeclipper.io/module":              "Cluster Management",
				"kubeclipper.io/role-template-rules": "{\"clusters\": \"edit\"}",
				"kubeclipper.io/alias-name":          "Cluster Edit",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-edit-clusters",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"clusters", "clusters/status", "regions", "nodes/disable", "nodes/enable", "nodes/join"},
				Verbs:     []string{"update", "patch"},
			},
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"clusters/plugins", "clusters/join", "clusters/nodes", "clusters/backups", "clusters/cronbackups", "clusters/certification", "clusters/kubeconfig"},
				Verbs:     []string{"*"},
			},
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"templates"},
				Verbs:     []string{"*"},
			},
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"clusters/proxy"},
				Verbs:     []string{"*"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/dependencies":        "[\"role-template-view-clusters\"]",
				"kubeclipper.io/module":              "Cluster Management",
				"kubeclipper.io/role-template-rules": "{\"clusters\": \"delete\"}",
				"kubeclipper.io/alias-name":          "Cluster Delete",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-delete-clusters",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"clusters", "nodes", "regions", "clusters/plugins", "clusters/nodes"},
				Verbs:     []string{"update", "patch"},
			},
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"clusters/plugins", "clusters/nodes"},
				Verbs:     []string{"*"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/module":              "Platform Setting",
				"kubeclipper.io/role-template-rules": "{\"platform\": \"view\"}",
				"kubeclipper.io/alias-name":          "Platform View",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-view-platform",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"config.kubeclipper.io"},
				Resources: []string{"template"},
				Verbs:     []string{"get", "list", "watch"},
			},
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"templates"},
				Verbs:     []string{"get", "list", "watch"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/dependencies":        "[\"role-template-view-platform\"]",
				"kubeclipper.io/module":              "Platform Setting",
				"kubeclipper.io/role-template-rules": "{\"platform\": \"edit\"}",
				"kubeclipper.io/alias-name":          "Platform Edit",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-edit-platform",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"config.kubeclipper.io"},
				Resources: []string{"template"},
				Verbs:     []string{"update", "patch"},
			},
			{
				APIGroups: []string{"config.kubeclipper.io"},
				Resources: []string{"terminal.key"},
				Verbs:     []string{"create"},
			},
			{
				APIGroups: []string{"config.kubeclipper.io"},
				Resources: []string{"templates"},
				Verbs:     []string{"update", "patch", "create", "delete"},
			},
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"configmaps"},
				Verbs:     []string{"*"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/module":              "Audit",
				"kubeclipper.io/role-template-rules": "{\"audit\": \"view\"}",
				"kubeclipper.io/alias-name":          "Audit View",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-view-audit",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"audit.kubeclipper.io"},
				Resources: []string{"events"},
				Verbs:     []string{"get", "list", "watch"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/module":              "DNS",
				"kubeclipper.io/role-template-rules": "{\"dns\": \"view\"}",
				"kubeclipper.io/alias-name":          "DNS View",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-view-dns",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"domains", "domains/records"},
				Verbs:     []string{"get", "list", "watch"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/dependencies":        "[\"role-template-view-dns\"]",
				"kubeclipper.io/module":              "DNS",
				"kubeclipper.io/role-template-rules": "{\"dns\": \"delete\"}",
				"kubeclipper.io/alias-name":          "DNS Delete",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-delete-dns",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"domains", "domains/records"},
				Verbs:     []string{"delete"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/dependencies":        "[\"role-template-view-dns\"]",
				"kubeclipper.io/module":              "DNS",
				"kubeclipper.io/role-template-rules": "{\"dns\": \"create\"}",
				"kubeclipper.io/alias-name":          "DNS Create",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-create-dns",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"domains", "domains/records"},
				Verbs:     []string{"create"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/dependencies":        "[\"role-template-view-dns\"]",
				"kubeclipper.io/module":              "DNS",
				"kubeclipper.io/role-template-rules": "{\"dns\": \"edit\"}",
				"kubeclipper.io/alias-name":          "DNS Edit",
				"kubeclipper.io/internal":            "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/role-template": "true",
			},
			Name: "role-template-edit-dns",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"domains", "domains/records"},
				Verbs:     []string{"update", "patch"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/aggregation-roles": "[\"role-template-view-cloudproviders\",\"role-template-edit-cloudproviders\",\"role-template-access-clusters\",\"role-template-view-backuppoints\",\"role-template-edit-backuppoints\",\"role-template-view-registries\",\"role-template-edit-registries\",\"role-template-create-clusters\",\"role-template-edit-clusters\",\"role-template-delete-clusters\",\"role-template-view-clusters\",\"role-template-view-roles\",\"role-template-create-roles\",\"role-template-edit-roles\",\"role-template-delete-roles\",\"role-template-create-users\",\"role-template-edit-users\",\"role-template-delete-users\",\"role-template-view-users\",\"role-template-view-platform\",\"role-template-edit-platform\",\"role-template-view-audit\",\"role-template-create-dns\",\"role-template-edit-dns\",\"role-template-delete-dns\",\"role-template-view-dns\"]",
				"kubeclipper.io/internal":          "true",
			},
			Name: "platform-admin",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"*"},
				Resources: []string{"*"},
				Verbs:     []string{"*"},
			},
			{
				NonResourceURLs: []string{"*"},
				Verbs:           []string{"*"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/aggregation-roles": "[\"role-template-view-cloudproviders\",\"role-template-view-backuppoints\",\"role-template-view-registries\",\"role-template-view-clusters\",\"role-template-view-roles\",\"role-template-view-users\",\"role-template-view-platform\",\"role-template-view-audit\",\"role-template-view-dns\"]",
				"kubeclipper.io/internal":          "true",
			},
			Name: "platform-view",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"*"},
				Resources: []string{"*"},
				Verbs:     []string{"get", "list", "watch"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/rego-override": "package authz\ndefault allow = false\nallow = true {\nallowedResources := [\"users\"]\nallowedResources[_] == input.Resource\ninput.User.Name == input.Name\n}",
				"kubeclipper.io/internal":      "true",
			},
			Labels: map[string]string{
				"kubeclipper.io/hidden": "true",
			},
			Name: "authenticated",
		},
		Rules: []rbacv1.PolicyRule{
			{
				NonResourceURLs: []string{"*"},
				Verbs:           []string{"*"},
			},
			{
				APIGroups: []string{"config.kubeclipper.io"},
				Resources: []string{"configz", "components", "componentmeta"},
				Verbs:     []string{"get", "list", "watch"},
			},
			{
				APIGroups: []string{"config.kubeclipper.io"},
				Resources: []string{"oauth"},
				Verbs:     []string{"get", "list", "watch", "update", "patch"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Name: "anonymous",
			Labels: map[string]string{
				"kubeclipper.io/hidden": "true",
			},
			Annotations: map[string]string{
				"kubeclipper.io/internal": "true",
			},
		},
		Rules: []rbacv1.PolicyRule{
			{
				NonResourceURLs: []string{"*"},
				Verbs:           []string{"*"},
			},
			{
				APIGroups: []string{"config.kubeclipper.io"},
				Resources: []string{"oauth"},
				Verbs:     []string{"get", "list", "watch", "update", "patch"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/aggregation-roles": "[\"role-template-view-roles\",\"role-template-create-roles\",\"role-template-edit-roles\",\"role-template-delete-roles\",\"role-template-create-users\",\"role-template-edit-users\",\"role-template-delete-users\",\"role-template-view-users\"]",
				"kubeclipper.io/internal":          "true",
			},
			Name: "iam-manager",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"iam.kubeclipper.io"},
				Resources: []string{"users"},
				Verbs:     []string{"get", "list", "watch"},
			},
			{
				APIGroups: []string{"iam.kubeclipper.io"},
				Resources: []string{"users", "users/password"},
				Verbs:     []string{"*"},
			},
			{
				APIGroups: []string{"iam.kubeclipper.io"},
				Resources: []string{"roles"},
				Verbs:     []string{"get", "list", "watch"},
			},
			{
				APIGroups: []string{"iam.kubeclipper.io"},
				Resources: []string{"roles"},
				Verbs:     []string{"*"},
			},
		},
	},
	{
		TypeMeta: metav1.TypeMeta{
			Kind:       iamv1.KindGlobalRole,
			APIVersion: iamv1.SchemeGroupVersion.String(),
		},
		ObjectMeta: metav1.ObjectMeta{
			Annotations: map[string]string{
				"kubeclipper.io/aggregation-roles": "[\"role-template-view-cloudproviders\",\"role-template-edit-cloudproviders\",\"role-template-access-clusters\",\"role-template-view-backuppoints\",\"role-template-edit-backuppoints\",\"role-template-view-registries\",\"role-template-edit-registries\",\"role-template-create-clusters\",\"role-template-edit-clusters\",\"role-template-delete-clusters\",\"role-template-view-clusters\"]",
				"kubeclipper.io/internal":          "true",
			},
			Name: "cluster-manager",
		},
		Rules: []rbacv1.PolicyRule{
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"clusters", "nodes", "regions", "operations"},
				Verbs:     []string{"get", "list", "watch"},
			},
			{
				APIGroups: []string{"core.kubeclipper.io"},
				Resources: []string{"clusters", "clusters/nodes", "clusters/plugins", "nodes", "regions", "operations"},
				Verbs:     []string{"*"},
			},
		},
	},
}

Functions ¶

This section is empty.

Types ¶

type APIServer ¶

type APIServer struct {
	Server *http.Server

	Config   *config.Config
	Services []service.Interface

	RESTOptionsGetter *etcdRESTOptions.StorageFactoryRestOptionsFactory

	InternalInformerToken string
	// contains filtered or unexported fields
}

func (*APIServer) PrepareRun ¶

func (s *APIServer) PrepareRun(stopCh <-chan struct{}) error

func (*APIServer) Run ¶

func (s *APIServer) Run(stopCh <-chan struct{}) (err error)

func (*APIServer) SetupController ¶ added in v1.3.1

func (s *APIServer) SetupController(mgr manager.Manager, informerFactory informers.SharedInformerFactory, storageFactory registry.SharedStorageFactory) error

type GlobalRoleBindingList ¶ added in v1.4.0

type GlobalRoleBindingList []iamv1.GlobalRoleBinding

func (*GlobalRoleBindingList) Diff ¶ added in v1.4.0

func (receiver *GlobalRoleBindingList) Diff(diffList *iamv1.GlobalRoleBindingList) GlobalRoleBindingList

type GlobalRoleList ¶ added in v1.4.0

type GlobalRoleList []iamv1.GlobalRole

func (*GlobalRoleList) Diff ¶ added in v1.4.0

func (receiver *GlobalRoleList) Diff(diffList *iamv1.GlobalRoleList) GlobalRoleList

type UserList ¶ added in v1.4.0

type UserList []iamv1.User

func GetInternalUser ¶ added in v1.3.1

func GetInternalUser(password string) UserList

func (*UserList) Diff ¶ added in v1.4.0

func (receiver *UserList) Diff(diffList *iamv1.UserList) UserList

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
config
filters
registry
backup
backuppoint
cloudprovider
cluster
configmap
cronbackup
domain
event
globalrole
globalrolebinding
lease
loginrecord
node
operation
platformsetting
recovery
region
template
token
user
request
restplus
runtime

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL