cluster

package
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 24, 2020 License: AGPL-3.0 Imports: 78 Imported by: 0

Documentation

Overview

This file is part of MinIO Kubernetes Cloud Copyright (c) 2019 MinIO, Inc.

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.

Index

Constants

View Source 
const (
	Version = `0.1.0`

	KmsCACertConfigMap     = "KMS_CA_CERT_CONFIG_MAP"
	KmsCACertFileName      = "KMS_CA_CERT_FILE_NAME"
	CACertDefaultMountPath = "CA_CERT_DEFAULT_MOUNT_PATH"

	// constants
	TokenSignupEmail             = "signup-email"
	TokenResetPasswordEmail      = "reset-password-email"
	TokenForgotPasswordEmail     = "forgot-password-email"
	AdminTokenSetPassword        = "admin-set-password"
	NginxConfiguration           = "nginx-configuration"
	AdminIDKey               key = iota
	UserIDKey                key = iota
	TenantIDKey              key = iota
	TenantShortNameKey       key = iota
	SessionIDKey             key = iota
	WhoAmIKey                key = iota
)
View Source 
const (
	Write     ActionType = "write"
	Read                 = "read"
	Readwrite            = "readwrite"
	Invalid              = "invalid"
)

Allowed actions

View Source 
const (
	NewTaskStatus             TaskStatus = "new"
	ScheduledTaskStatus                  = "scheduled"
	CompleteTaskStatus                   = "complete"
	ErrorSchedulingTaskStatus            = "error_scheduling"
	FailedTaskStatus                     = "failed"
	StalledTaskStatus                    = "stalled"
	UnknownTaskStatus                    = "unknown"
)
View Source 
const (
	TaskProvisionTenant   = "provision-tenant"
	TaskDeprovisionTenant = "deprovision-tenant"
	TaskSendEmailToUser   = "send-email-to-user"
	TaskSendAdminInvite   = "send-admin-invite"
)
View Source 
const (
	TenantDisabled  = false
	TenantAvailable = true
)

Variables

View Source 
var ErrDuplicatedPermission = errors.New("Another permission for those actions, effect and resources already exists")
View Source 
var ErrInvalidEtcdKey = errors.New("invalid etcd key")

Functions

func AddM3Admin 

func AddM3Admin(name, email string) error

Add an m3 admin account with the given name and email

func AddServiceAccount 

func AddServiceAccount(ctx *Context, tenantShortName string, name string, description *string) (serviceAccount *ServiceAccount, credentials *ServiceAccountCredentials, err error)

AddServiceAccount adds a new service accounts to the tenant's database. It generates the credentials and store them kon k8s, the returns a complete struct with secret and access key. This is the only time the secret is returned.

func AddStorageGroup 

func AddStorageGroup(ctx *Context, storageClusterID *uuid.UUID, sgName string) chan StorageGroupResult

Creates a storage group in the DB

func AddUser 

func AddUser(ctx *Context, newUser *User) error

AddUser adds a new user to the tenant's database

func AppendPermissionActionObj 

func AppendPermissionActionObj(perm *Permission, actions []string) error

func AppendPermissionResourcesObj 

func AppendPermissionResourcesObj(perm *Permission, resources []string) error

func AssignMultiplePermissionsToSA 

func AssignMultiplePermissionsToSA(ctx *Context, serviceAccount *uuid.UUID, permissions []*uuid.UUID) error

AssignMultiplePermissionsToSA takes a list of permissions and assigns them to a single service account

func AssignMultiplePermissionsToSADB 

func AssignMultiplePermissionsToSADB(ctx *Context, serviceAccountID *uuid.UUID, permissionsIDs []*uuid.UUID) error

AssignMultiplePermissionsToSADB inserts on table service_accounts_permissions, multiple permissions to a single service account

func AssignNodeToStorageCluster 

func AssignNodeToStorageCluster(ctx *Context, nodeID *uuid.UUID, storageClusterID *uuid.UUID) error

Creates a storage cluster in the DB

func AssignPermissionAction 

func AssignPermissionAction(ctx *Context, permission *uuid.UUID, serviceAccountIDs []*uuid.UUID) error

AssignPermissionAction assigns a single permission to multiple service accounts

func CalculateTenantsMetrics 

func CalculateTenantsMetrics() error

func ChangeBucketAccess 

func ChangeBucketAccess(tenantShortname, bucketName string, accessType BucketAccess) error

ChangeBucketAccess changes access type assigned to the given bucket

func ClaimTenant 

func ClaimTenant(ctx *Context, tenant *Tenant, name, domain string) error

ClaimTenant claims a tenant to a new account, marks it as not available and enables it for the router

func CompleteSignup 

func CompleteSignup(ctx *Context, urlToken *URLToken, password string) error

CompleteSignup takes a urlToken and a password and changes the user's password, invalids all current active user's sessions and then marks the urlToken as used

func CreateDeploymentWithTenants 

func CreateDeploymentWithTenants(tenants []*StorageGroupTenant, sg *StorageGroup, sgNode *StorageGroupNode) error

Creates a service that will resolve to any of the hosts within the storage group this tenant lives in This will create a deployment for the provided `StorageGroup` using the provided list of `StorageGroupTenant`

func CreateNginxResolverDeployment 

func CreateNginxResolverDeployment(clientset *kubernetes.Clientset, deploymentName string) <-chan struct{}

func CreateProvisioningSchema 

func CreateProvisioningSchema() error

CreateProvisioningSchema creates a db schema for provisioning

func CreateSGHostService 

func CreateSGHostService(sg *StorageGroup, sgNode *StorageGroupNode) error

Creates a headless service that will point to a specific node inside a storage group

func CreateTenantFolderInDiskAndWait 

func CreateTenantFolderInDiskAndWait(tenant *Tenant, sg *StorageGroup, sgNode *StorageGroupNode) chan error

func CreateTenantSchema 

func CreateTenantSchema(tenantShortName string) error

CreateTenantSchema creates a db schema for the tenant

func CreateTenantSecrets 

func CreateTenantSecrets(tenant *Tenant, tenantConfig *TenantConfiguration) error

CreateTenantSecrets creates the "secrets" of a tenant.

func CreateTenantServiceInStorageGroup 

func CreateTenantServiceInStorageGroup(sgt *StorageGroupTenant)

Creates a service that will resolve to any of the hosts within the storage group this tenant lives in

func CreateTenantsSharedDatabase 

func CreateTenantsSharedDatabase() error

CreateTenantSchema creates a db schema for the tenant

func DeleteBucket 

func DeleteBucket(ctx *Context, bucket string) error

DeleteBucket Deletes a bucket in the given tenant's MinIO

func DeleteBulkPermissionActionDB 

func DeleteBulkPermissionActionDB(ctx *Context, actionsID []uuid.UUID) error

DeleteBulkPermissionActionDB deletes a bulk of permission actions rows from the database

func DeleteBulkPermissionResourceDB 

func DeleteBulkPermissionResourceDB(ctx *Context, resourcesID []uuid.UUID) error

DeleteBulkPermissionResourceDB deletes a permission resource row from the database

func DeleteMultiplePermissionsOnSADB 

func DeleteMultiplePermissionsOnSADB(ctx *Context, serviceAccountID *uuid.UUID, permissionsIDs []*uuid.UUID) error

DeleteMultiplePermissionsOnSADB removes on table service_accounts_permissions, multiple permissions on a single service account

func DeleteNginxLBDeployments 

func DeleteNginxLBDeployments(clientset *kubernetes.Clientset, deploymentName string) <-chan struct{}

DeleteNginxLBDeployments deletes the nginx-resolver old deployments and indicates the completion of the deletion via the returned receiver channel

func DeletePermissionDB 

func DeletePermissionDB(ctx *Context, permission *Permission) error

func DeleteServiceAccountDB 

func DeleteServiceAccountDB(ctx *Context, serviceAccount *ServiceAccount) error

DeleteServiceAccountDB deletes a service account from the database and cascades it's dependencies

func DeleteTenantDB 

func DeleteTenantDB(ctx *Context, tenantName string) chan error

DeleteTenantDB returns a channel that will close once the schema is deleted

func DeleteTenantNamespace 

func DeleteTenantNamespace(tenantShortName string) chan error

DeleteTenantNamespace deletes a tenant namespace on k8s

func DeleteTenantRecord 

func DeleteTenantRecord(ctx *Context, tenantShortName string) chan error

DeleteTenantRecord unregisters a tenant from the main DB tenants table, rendering the tenant invisible to the cluster

func DeleteTenantSecrets 

func DeleteTenantSecrets(tenantShortName string) chan error

DeleteTenantSecrets removes the tenant main secret. It's operator key will be lost.

func DeleteTenantServiceInStorageGroup 

func DeleteTenantServiceInStorageGroup(sgt *StorageGroupTenant) chan error

DeleteTenantServiceInStorageGroup will remove a tenant service from a specified Storage Group

func DeleteUser 

func DeleteUser(ctx *Context, userID uuid.UUID) error

DeleteUser removes a user from the tenant's database with the user's secrets and it's MinIO related user

func DeployNginxResolver 

func DeployNginxResolver() chan error

DeployNginxResolver creates a new nginx-resolver deployment with the updated rules.

N B If an nginx-resolver is already running we delete the deployment and create a new one that reads the updated rules.

func DeprovisionTenantOnStorageGroup 

func DeprovisionTenantOnStorageGroup(ctx *Context, sgt *StorageGroupTenantResult) chan error

DeprovisionTenantOnStorageGroup deletes the tenant from the storage group and deletes all tenant's data from disks

func DeprovisionTenantTask 

func DeprovisionTenantTask(task *Task) error

DeprovisionTenantTask runs all the logic to remove a tenant from the cluster. 

creates a task for being run inside a kubernetes job which will first move the mount folder to a
provisional folder, then the provisional folder gets deleted and recreated. Once the folders are
recreated the database schema gets deleted and recreated empty. Then we make the service available
for other new tenants and restart MinIO servers so that they initialize in the new empty mount path.

func DestroyTenantSchema 

func DestroyTenantSchema(ctx *Context, name string) error

DestroyTenantSchema will drop the tenant schema from the DB.

func DifferenceArrays 

func DifferenceArrays(a, b []string) []string

DifferenceArrays returns the elements in `a` that aren't in `b`.

func GetAllServiceAccountsForPermission 

func GetAllServiceAccountsForPermission(ctx *Context, permissionID *uuid.UUID) ([]*uuid.UUID, error)

GetAllServiceAccountsForPermission returns a list of all service accounts using a permission

func GetAllTenantRoutes 

func GetAllTenantRoutes(ctx *Context) chan []*TenantRoute

GetAllTenantRoutes returns a list of all enabled tenants that currently exists on the cluster their subdomain, service name and port.

func GetBucketUsageMetrics 

func GetBucketUsageMetrics(ctx *Context, tenantShortName string) (*madmin.DataUsageInfo, error)

GetBucketUsageMetrics Gets latest DataUsage info from Tenant's MinIO servers

func GetLatestBucketsSizes 

func GetLatestBucketsSizes(ctx *Context) (bucketsSizes map[string]uint64, err error)

GetLatestBucketsSizes return latest buckets sizes map

func GetLatestTotalBuckets 

func GetLatestTotalBuckets(ctx *Context, date time.Time) (totalBuckets uint64, err error)

GetLatestTotalBuckets get the latest total number of buckets during a month period

func GetListOfTenantsForStorageGroup 

func GetListOfTenantsForStorageGroup(ctx *Context, sg *StorageGroup) chan []*StorageGroupTenant

Returns a list of tenants that are allocated to the provided `StorageGroup`

func GetRandString 

func GetRandString(size int, method string) (string, error)

GetRandString generates a random string with the defined size length

func GetStreamOfTenants 

func GetStreamOfTenants(ctx *Context, maxChanSize int) chan TenantResult

func GetTemplate 

func GetTemplate(templateName string, data interface{}) (*string, error)

GetTemplate gets a template from the templates folder and applies the template date

func GetTenantStorageGroupByShortName 

func GetTenantStorageGroupByShortName(ctx *Context, tenantShortName string) chan *StorageGroupTenantResult

Returns a list of tenants that are allocated to the provided `StorageGroup`

func GetTenantUsageCostMultiplier 

func GetTenantUsageCostMultiplier(ctx *Context) (cost float32, err error)

GetTenantUsageCostMultiplier gets tenant's cost multiplier used for charging

func GetTotalMonthBucketUsageFromDB 

func GetTotalMonthBucketUsageFromDB(ctx *Context, date time.Time) (monthUsage uint64, err error)

GetTotalMonthBucketUsageFromDB get max total bucket usage of the month

func GetTotalNumberOfServiceAccounts 

func GetTotalNumberOfServiceAccounts(ctx *Context) (int, error)

GetTotalNumberOfServiceAccounts returns the total number of service accounts for a tenant

func GetTotalNumberOfUsers 

func GetTotalNumberOfUsers(ctx *Context) (int, error)

GetTotalNumberOfUsers

func HashPassword 

func HashPassword(password string) (string, error)

HashPassword hashes the password one way

func InsertAction 

func InsertAction(ctx *Context, permission *Permission, action *Action) error

InsertAction inserts to the permissions_actions table a new record, generates an ID for the action

func InsertAdmin 

func InsertAdmin(ctx *Context, admin *Admin) error

InsertAdmin inserts an admin record into the `admins` table

func InsertPermission 

func InsertPermission(ctx *Context, permission *Permission) error

InsertPermission inserts to the permissions table a new record, generates an ID for the passes permission

func InsertResource 

func InsertResource(ctx *Context, permission *Permission, resource *Resource) error

InsertResource inserts to the permissions_resources table a new record, generates an ID for the resources

func InsertTenant 

func InsertTenant(ctx *Context, tenantName string, tenantShortName string) chan AddTenantResult

Creates a tenant in the DB if tenant short name is unique

func IsMinioReadyRetry 

func IsMinioReadyRetry(ctx *Context) bool

IsMinioReadyRetry tries maxReadinessTries times and returns if is ready after retries

func IsSetupComplete 

func IsSetupComplete() (bool, error)

getSetupDoneSecret gets m3 setup secret from kubernetes secrets

func MakeBucket 

func MakeBucket(ctx *Context, tenantShortname, bucketName string, accessType BucketAccess) error

MakeBucket will get the credentials for a given tenant and use the operator keys to create a bucket using minio-go TODO: allow to spcify the user performing the action (like in the API/gRPC case)

func MapPermissionsToIDs 

func MapPermissionsToIDs(ctx *Context, permissions []string) (map[string]*uuid.UUID, error)

MapPermissionsToIDs returns an error if at least one of the ids provided is not on the database

func MapServiceAccountsIDsToSlugs 

func MapServiceAccountsIDsToSlugs(ctx *Context, serviceAccountIDs []*uuid.UUID) (map[uuid.UUID]string, error)

MapServiceAccountsIDsToSlugs returns an error if at least one of the ids provided is not on the database

func MapServiceAccountsToIDs 

func MapServiceAccountsToIDs(ctx *Context, serviceAccounts []string) (map[string]*uuid.UUID, error)

MapServiceAccountsToIDs returns an error if at least one of the ids provided is not on the database

func MarkAdminTokenConsumed 

func MarkAdminTokenConsumed(ctx *Context, AdminTokenID *uuid.UUID) error

MarkAdminTokenConsumed updates the record for the AdminToken as is it has been used

func MarkInvitationAccepted 

func MarkInvitationAccepted(ctx *Context, userID *uuid.UUID) error

MarkInvitationAccepted sets the invitation accepted for a users a true

func MarkTokenConsumed 

func MarkTokenConsumed(ctx *Context, urlTokenID *uuid.UUID) error

MarkTokenConsumed updates the record for the urlToken as is it has been used

func MigrateTenantDB 

func MigrateTenantDB(tenantName string) chan error

MigrateTenantDB executes the migrations for a given tenant, this may take time.

func NewAdminClient 

func NewAdminClient(url string, accessKey string, secretKey string) (*madmin.AdminClient, *probe.Error)

NewAdminClient gives a new client interface

func NewAdminToken 

func NewAdminToken(ctx *Context, AdminID *uuid.UUID, usedFor string, validity *time.Time) (*uuid.UUID, error)

NewAdminToken generates and stores a new AdminToken for the provided user, with the specified validity

func NewURLToken 

func NewURLToken(ctx *Context, userID *uuid.UUID, usedFor string, validity *time.Time) (*uuid.UUID, error)

NewURLToken generates and stores a new urlToken for the provided user, with the specified validity

func ProgressStruct 

func ProgressStruct(progressInt int32, message string) *pb.TenantResponse

func ProvisionServicesForStorageGroup 

func ProvisionServicesForStorageGroup(ctx *Context, storageGroup *StorageGroup) chan error

provisions the storage group supporting services that point to each node in the storage group

func ProvisionTenantDB 

func ProvisionTenantDB(tenantShortName string) chan error

ProvisionTenantDB runs the tenant migrations for the provided tenant

func ProvisionTenantOnStorageGroup 

func ProvisionTenantOnStorageGroup(ctx *Context, tenant *Tenant, sg *StorageGroup) chan *StorageGroupTenantResult

spins up the tenant on the target storage group, waits for it to start, then shuts it down

func ProvisionTenantTask 

func ProvisionTenantTask(task *Task) error

ProvisionTenantTask takes a task for provisioning of a tenant and executes it

func ProvisionTenants 

func ProvisionTenants(ctx *Context, tenants []string, sg *StorageGroup) error

func RandomCharString 

func RandomCharString(n int) string

func ReDeployNginxResolver 

func ReDeployNginxResolver(ctx *Context) chan error

ReDeployNginxResolver destroy current nginx deployment and replace it with a new one that will take latest configMap configuration

func ReDeployStorageGroup 

func ReDeployStorageGroup(ctx *Context, sg *StorageGroup) <-chan error

Based on the current list of tenants for the `StorageGroup` it re-deploys it.

func RecreateTenantFolderInDisk 

func RecreateTenantFolderInDisk(tenant *Tenant, sg *StorageGroup, sgNode *StorageGroupNode) chan error

RecreateTenantFolderInDisk deletes the tenant folder in disk and recreates it

func RecurrentTenantMetricsCalculation 

func RecurrentTenantMetricsCalculation() chan error

RecurrentTenantMetricsCalculation loop that calculates bucket usage metrics for all tenants and saves them on the db

func RemoveMinioUser added in v0.0.2 

func RemoveMinioUser(ctx *Context, serviceAccount *ServiceAccount) error

RemoveMinioUser deletes a Minio User assigned to a particular service account

func RemoveServiceAccount added in v0.0.2 

func RemoveServiceAccount(ctx *Context, serviceAccount *ServiceAccount) error

RemoveServiceAccount deletes a serviceAccount related to a particular tenant

func RestartTenantServers 

func RestartTenantServers(sgt *StorageGroupTenantResult) error

RestartTenantServers restarts MinIO servers for a particular tenant

func RunMigrations 

func RunMigrations() error

This runs all the migrations on the cluster/migrations folder, if some migrations were already applied it then will apply the missing migrations.

func RunTask 

func RunTask(id int64) error

RunTask runs a task by id and records the result of if on the task record. attempts to recover from a panic in case there's one within the task and also marks it on the db.

func ScheduleDeprovisionTenantTask 

func ScheduleDeprovisionTenantTask(ctx *Context, tenant *Tenant) chan TenantDeleteActionResult

ScheduleDeprovisionTenantTask creates a task to be consumed by a kubernetes job

func SchedulePreProvisionTenantInStorageGroup 

func SchedulePreProvisionTenantInStorageGroup(ctx *Context, sg *StorageGroup) error

func ScheduleTask 

func ScheduleTask(ctx *Context, name string, data interface{}) error

func SelectSGWithSpace 

func SelectSGWithSpace(ctx *Context) chan *StorageGroupResult

Selects from all the available storage groups for one with space available.

func SendAdminInvite 

func SendAdminInvite(ctx *Context, admin *Admin, adminToken *uuid.UUID) error

func SendAdminInviteTask 

func SendAdminInviteTask(task *Task) error

func SendEmailToUser added in v0.0.2 

func SendEmailToUser(ctx *Context, usedFor string, user *User) error

SendEmailToUser schedules a task to send an email to a user with the defined data

func SendEmailToUserTask added in v0.0.2 

func SendEmailToUserTask(task *Task) error

SendEmailToUserTask creates a task to send an email to a user

func SendMail 

func SendMail(toName, toEmail, subject, body string) error

SendMail sends an email to `toName <toEmail>` with the provided subject and body. This function depends on `MAIL_ACCOUNT`, `MAIL_SERVER` and `MAIL_PASSWORD` environment variables being set.

func SetAdminPasswordAction 

func SetAdminPasswordAction(ctx *Context, tokenID *uuid.UUID, password string) error

CompleteSignup takes a urlToken and a password and changes the user password and then marks the token as used

func SetBucketAccess 

func SetBucketAccess(minioClient *minio.Client, bucketName string, accessType BucketAccess) (err error)

func SetConfig 

func SetConfig(ctx *Context, key, val, valType string) error

func SetConfigWithLock 

func SetConfigWithLock(ctx *Context, key, val, valType string, locked bool) error

func SetEmailTemplate 

func SetEmailTemplate(ctx *Context, templateName, templateBody string) error

SetEmailTemplate upserts a template into the database. If the id is not present the record will be inserted, if it's present it will be updated

func SetMinioServiceAccountStatus 

func SetMinioServiceAccountStatus(ctx *Context, serviceAccount *ServiceAccount, enabled bool) error

SetMinioServiceAccountStatus Updates service Account enabled status and Minio user related status

func SetUserEnabledOnDB 

func SetUserEnabledOnDB(ctx *Context, userID uuid.UUID, status bool) error

SetUserEnabled updates user's `enabled` column to the desired status 

True = Enabled
False = Disabled

func SetUserPassword 

func SetUserPassword(ctx *Context, userID *uuid.UUID, password string) error

SetUserPassword sets the password for the provided user by hashing it

func SetupDBAction 

func SetupDBAction() error

SetupDBAction runs all the operations to setup the DB or migrate it

func SetupEtcCluster 

func SetupEtcCluster() chan error

SetupEtcCluster performs the setup of the m3 main etcd cluster.

This will setup `etcd-operator` by parts, the cluster roles, cluster role bindings, the controller and finally the deployment of the customer resourced named `m3-etc-cluster`.

https://github.com/coreos/etcd-operator/

func SetupJwtSecrets 

func SetupJwtSecrets(clientset *kubernetes.Clientset) <-chan struct{}

SetupM3Secrets creates a kubernetes secrets

func SetupM3 

func SetupM3() error

Setups m3 on the kubernetes deployment that we are installed to

func SetupMigrateAction 

func SetupMigrateAction() error

SetupDBAction runs all the operations to setup the DB or migrate it

func SetupNginxConfigMap 

func SetupNginxConfigMap(clientset *kubernetes.Clientset) <-chan struct{}

func SetupNginxLoadBalancer 

func SetupNginxLoadBalancer(clientset *kubernetes.Clientset) <-chan struct{}

SetupNginxLoadBalancer setups the loadbalancer/reverse proxy used to resolve the tenants subdomains

func SetupPrometheusCluster 

func SetupPrometheusCluster() chan error

SetupPrometheusCluster performs the setup of the m3 main Prometheus cluster.

This will setup `prometheus` by parts, the cluster roles, cluster role bindings and finally prometheus deployment.

func StartNewKes 

func StartNewKes(shortName string) chan error

func StartScheduler 

func StartScheduler()

starts a loop that monitors the tasks table for pending task to schedule inside the cluster

func StopTenantServers 

func StopTenantServers(sgt *StorageGroupTenantResult) error

StopTenantServers stops MinIO servers for a particular tenant

func TenantAddAction 

func TenantAddAction(ctx *Context, name, domain, userName, userEmail string) chan TenantAddActionResult

TenantAddAction adds a tenant to the cluster, if an admin name and email are provided, the user is created and invited via email.

func TenantShortNameAvailable 

func TenantShortNameAvailable(ctx *Context, tenantShortName string) (bool, error)

func UUIDsFromStringArr 

func UUIDsFromStringArr(arr []string) (uuids []*uuid.UUID, err error)

UUIDsFromStringArr gets an array of strings and returns them as an array of UUIDs

func UnClaimTenant 

func UnClaimTenant(ctx *Context, tenant *Tenant) error

UnClaimTenant unclaims a tenant on the database, marks it as available and disables it for the router

func UpdateAdminSessionStatus 

func UpdateAdminSessionStatus(ctx *Context, sessionID string, status string) error

func UpdateBulkSessionStatusOnDB 

func UpdateBulkSessionStatusOnDB(ctx *Context, sessions []*Session, status SessionStatus) error

UpdateBulkSessionStatusOnDB update multiple session status on the DB

func UpdateMinioPolicyForServiceAccount 

func UpdateMinioPolicyForServiceAccount(ctx *Context, sgt *StorageGroupTenant, serviceAccountID *uuid.UUID) chan error

UpdateMinioPolicyForServiceAccount will retrieve all the permissions associated with the provided service account, build an IAM policy and submit it to the tenant's MinIO instance

func UpdateMinioServiceAccountPoliciesAndStatus 

func UpdateMinioServiceAccountPoliciesAndStatus(ctx *Context, serviceAccount *ServiceAccount, updateStatus bool) error

UpdateMinioServiceAccountPoliciesAndStatus Update Minio side User's Policies and Status

func UpdateNginxConfiguration 

func UpdateNginxConfiguration(ctx *Context) chan error

UpdateNginxConfiguration Update the nginx.conf ConfigMap used by the nginx-resolver service

func UpdatePermissionDB 

func UpdatePermissionDB(ctx *Context, permission *Permission) error

UpdatePermissionDB updates Name, Description and Effect fields from the DB doing the query by ID

func UpdatePoliciesForMultipleServiceAccount 

func UpdatePoliciesForMultipleServiceAccount(ctx *Context, serviceAccountIDs []*uuid.UUID) error

func UpdateServiceAccountDB 

func UpdateServiceAccountDB(ctx *Context, serviceAccount *ServiceAccount) error

UpdateServiceAccountDB updates Name from the DB doing the query by ID

func UpdateServiceAccountFields 

func UpdateServiceAccountFields(ctx *Context, serviceAccount *ServiceAccount, name string, enabled bool, permisionsIDs []string) error

UpdateServiceAccountFields update a service account by single fields (name, enabled) and all it's corresponding permissions assigned to it.

func UpdateSessionStatus 

func UpdateSessionStatus(ctx *Context, sessionID string, status SessionStatus) error

func UpdateTenantCost 

func UpdateTenantCost(ctx *Context, tenantID *uuid.UUID, costMultiplier float32) error

func UpdateTenantEnabledStatus 

func UpdateTenantEnabledStatus(ctx *Context, tenantID *uuid.UUID, enabled bool) error

UpdateTenantEnabledStatus changes the tenant's enabled column on the db

func ValidPermission 

func ValidPermission(ctx *Context, permission *string) (bool, error)

Validates a permission by it's id-name (slug)

func ValidServiceAccount 

func ValidServiceAccount(ctx *Context, serviceAccount *string) (bool, error)

Validates a service-account by it's id-name (slug)

func ValidatePermissionUniqueness added in v0.0.2 

func ValidatePermissionUniqueness(ctx *Context, effect Effect, resources, actions []string, ignoreID *uuid.UUID) error

func ValidateURLToken 

func ValidateURLToken(urlToken *URLToken) (err error)

ValidateURLToken ensures Token expiration time and that it hasn't been consumed.

func WatcEtcdBucketCreation 

func WatcEtcdBucketCreation()

WatcEtcdBucketCreation watches a key prefix on etcd for new buckets being created

Types

type AccessKeyToTenantShortName 

type AccessKeyToTenantShortName struct {
	AccessKey       string
	TenantShortName string
}

type AccessKeyToTenantShortNameResult 

type AccessKeyToTenantShortNameResult struct {
	AccessKeyToTenantShortName *AccessKeyToTenantShortName
	Error                      error
}

type Action 

type Action struct {
	ID         uuid.UUID
	ActionType ActionType
}

type ActionType 

type ActionType string

func ActionTypeFromString 

func ActionTypeFromString(actionTypeStr string) ActionType

func (ActionType) IsValid 

func (at ActionType) IsValid() error

func (*ActionType) Scan 

func (at *ActionType) Scan(value interface{}) error

func (ActionType) Value 

func (at ActionType) Value() (driver.Value, error)

type AddTenantResult 

type AddTenantResult struct {
	*Tenant
	Error error
}

type Admin 

type Admin struct {
	ID       uuid.UUID
	Name     string
	Email    string
	Password string
}

func AddAdminAction 

func AddAdminAction(ctx *Context, name string, adminEmail string) (*Admin, error)

AddAdminAction adds a new admin to the cluster database and creates a key pair for it.

func GetAdminByEmail 

func GetAdminByEmail(ctx *Context, email string) (*Admin, error)

GetAdminByEmail retrieves an admin by it's email

type AdminSession 

type AdminSession struct {
	ID               string
	AdminID          uuid.UUID
	RefreshToken     string
	OcurredAt        time.Time
	ExpiresAt        time.Time
	RefreshExpiresAt time.Time
	Status           string
	WhoAmI           string
}

func CreateAdminSession 

func CreateAdminSession(ctx *Context, adminID *uuid.UUID) (*AdminSession, error)

func GetAdminSessionDetails 

func GetAdminSessionDetails(ctx *Context, sessionID *string) (*AdminSession, error)

GetAdminTokenDetails get the details for the provided AdminToken

type AdminToken 

type AdminToken struct {
	ID         uuid.UUID
	AdminID    uuid.UUID
	Expiration time.Time
	UsedFor    string
	Consumed   bool
}

func GetAdminTokenDetails 

func GetAdminTokenDetails(ctx *Context, adminToken *uuid.UUID) (*AdminToken, error)

GetAdminTokenDetails get the details for the provided AdminToken

type BucketAccess 

type BucketAccess int32
const (
	BucketPrivate BucketAccess = iota
	BucketPublic
	BucketCustom
)

func GetBucketAccess 

func GetBucketAccess(minioClient *minio.Client, bucketName string) (BucketAccess, error)

GetBucketAccess returns the access type for the given bucket name

type BucketMetric 

type BucketMetric struct {
	Date         time.Time
	AverageUsage float64
}

func GetDailyAvgBucketUsageFromDB 

func GetDailyAvgBucketUsageFromDB(ctx *Context, date time.Time) ([]*BucketMetric, error)

GetDailyAvgBucketUsageFromDB get total average bucket usage metrics per day on one month

type BucketToService 

type BucketToService struct {
	Bucket      string
	Service     string
	ServicePort int32
}

type BucketToServiceResult 

type BucketToServiceResult struct {
	BucketToService *BucketToService
	Error           error
}

type Config 

type Config struct {
	AccessKey   string
	SecretKey   string
	Signature   string
	HostURL     string
	AppName     string
	AppVersion  string
	AppComments []string
	Debug       bool
	Insecure    bool
	Lookup      minio.BucketLookupType
}

Config - see http://docs.amazonwebservices.com/AmazonS3/latest/dev/index.html?RESTAuthentication.html

type Configuration 

type Configuration struct {
	Key       string
	Value     interface{}
	ValueType string
	// contains filtered or unexported fields
}

func GetConfig 

func GetConfig(ctx *Context, key string, fallback interface{}) (*Configuration, error)

func (*Configuration) ValBool 

func (c *Configuration) ValBool() bool

func (*Configuration) ValString 

func (c *Configuration) ValString() *string

type Context 

type Context struct {
	// tenant in question
	Tenant *Tenant

	ControlCtx context.Context
	// a user identifier of who is starting the context
	WhoAmI string
	// contains filtered or unexported fields
}

An application wide context that holds the a transaction, in case anything goes wrong during the business logic execution, database objects can be rolled back.

func NewCtxWithTenant 

func NewCtxWithTenant(tenant *Tenant) *Context

func NewEmptyContext 

func NewEmptyContext() (*Context, error)

Creates a new `Context` with no tenant tenant that holds transaction and `context.Context` to control timeouts and cancellations.

func NewEmptyContextWithGrpcContext 

func NewEmptyContextWithGrpcContext(ctx context.Context) (*Context, error)

Creates a new `Context` with no tenant tenant that holds transaction and `context.Context` to control timeouts and cancellations starting from a grpc context which should contain wether the user is authenticated or not

func NewTenantContextWithGrpcContext 

func NewTenantContextWithGrpcContext(ctx context.Context) (*Context, error)

Creates a new `Context` with no tenant tenant that holds transaction and `context.Context` to control timeouts and cancellations starting from a grpc context which should contain wether the user is authenticated or not

func (*Context) Commit 

func (c *Context) Commit() error

Commit commits the any transaction that was started on this context

func (*Context) MainTx 

func (c *Context) MainTx() (*sql.Tx, error)

MainTx returns a transaction against the Main DB, if none has been started, it starts one

func (*Context) Rollback 

func (c *Context) Rollback() error

func (*Context) TenantDB 

func (c *Context) TenantDB() *sql.DB

TenantDB returns a configured DB connection for the Tenant DB

func (*Context) TenantTx 

func (c *Context) TenantTx() (*sql.Tx, error)

TenantTx returns a transaction against the Tenant DB, if none has been started, it starts one

type DeprovisionTenantTaskData 

type DeprovisionTenantTaskData struct {
	TenantID *uuid.UUID
}

type Effect 

type Effect int
const (
	Allow Effect = iota
	Deny
	InvalidEffect
)

Allowed effefcts

func EffectFromString 

func EffectFromString(effectStr string) Effect

func (Effect) IsValid 

func (e Effect) IsValid() error

func (Effect) String 

func (e Effect) String() string

type EmailUserTaskData added in v0.0.2 

type EmailUserTaskData struct {
	TenantID string
	UsedFor  string
	UserID   string
}

type EventBucketTenant 

type EventBucketTenant struct {
	TenantServiceName string
	BucketName        string
}

EventBucketTenant stores structure parsed from etc event key.

type KeyPair 

type KeyPair struct {
	// contains filtered or unexported fields
}

type Node 

type Node struct {
	ID       uuid.UUID
	Name     string
	K8sLabel string
	Volumes  []*NodeVolume
}

func GetNodeByName 

func GetNodeByName(ctx *Context, name string) (*Node, error)

func NewNode 

func NewNode(name, k8sLabel string) (*Node, error)

func NodeAdd 

func NodeAdd(ctx *Context, name, k8sLabel string) (*Node, error)

NodeAdd adds a new node for the cluster to administer

type NodeVolume 

type NodeVolume struct {
	ID        uuid.UUID
	NodeID    *uuid.UUID
	MountPath string
	Num       int32
}

func NewVolume 

func NewVolume(nodeID *uuid.UUID, mountPath string) (*NodeVolume, error)

func VolumeAdd 

func VolumeAdd(ctx *Context, nodeID *uuid.UUID, mountPoint string) (*NodeVolume, error)

VolumeAdd adds a new volume to a node

type Permission 

type Permission struct {
	ID          uuid.UUID
	Name        string
	Slug        string
	Description *string
	Effect      Effect
	Resources   []Resource
	Actions     []Action
}

func AddPermissionToDB 

func AddPermissionToDB(ctx *Context, name, description string, effect Effect, resources, actions []string) (*Permission, error)

AddPermissionToDB insers a effect-resources-actions combination to the DB after validating that it's not duplicated. It also makes sure a valid slug gets assigned to the permission.

func GetAllThePermissionForServiceAccount 

func GetAllThePermissionForServiceAccount(ctx *Context, serviceAccountID *uuid.UUID) ([]*Permission, error)

GetAllThePermissionForServiceAccount returns a list of permissions that are assigned to a service account

func GetAllThePermissionForServiceAccountWithQueryWrapper added in v0.0.2 

func GetAllThePermissionForServiceAccountWithQueryWrapper(ctx *Context, serviceAccountID *uuid.UUID, queryWrapper QueryWrapper) ([]*Permission, error)

GetAllThePermissionForServiceAccountWithQueryWrapper returns a list of permissions that are assigned to a service account

func GetPermissionByID 

func GetPermissionByID(ctx *Context, id string) (*Permission, error)

GetPermissionByID retrieves a permission by it's id

func GetPermissionBySlug 

func GetPermissionBySlug(ctx *Context, slug string) (*Permission, error)

GetPermissionBySlug retrieves a permission by it's id-name

func ListPermissions 

func ListPermissions(ctx *Context, offset int64, limit int32) ([]*Permission, error)

ListPermissions returns a page of Permissions for the provided tenant

func NewPermissionObj 

func NewPermissionObj(name string, description string, effect Effect, resources []string, actions []string) (*Permission, error)

NewPermissionObj creates a new Permission from a list of raw resources (bucket/pattern/*) and actions

type ProvisionTenantTaskData 

type ProvisionTenantTaskData struct {
	Tenants        []string
	StorageGroupID uuid.UUID
}

type QueryWrapper added in v0.0.2 

type QueryWrapper int8

A query wrapper is a type to mark whether a query should be run inside a transaction or using only the DB.

When working with concurrent operations, a transaction will fail with the error `pq: unexpected Parse response 'D'` this is due to the fact that transactions are not concurrent safe, therefore if a piece of code needs concurrency, it should query it's tables in `PureDB` mode, expose/use this flag to control access to the DB. InTx is preferred due to it's rollback capabilities. 

const (
	InTx QueryWrapper = iota
	PureDB
)

type Resource 

type Resource struct {
	ID         uuid.UUID
	BucketName string
	Pattern    string
}

func (Resource) String 

func (r Resource) String() string

type SendAdminTaskData 

type SendAdminTaskData struct {
	AdminEmail string
	AdminToken string
}

type ServiceAccount 

type ServiceAccount struct {
	ID          uuid.UUID
	Name        string
	Slug        string
	Description *string
	AccessKey   string
	Enabled     bool
}

func GetServiceAccountByID 

func GetServiceAccountByID(ctx *Context, id *uuid.UUID) (*ServiceAccount, error)

GetServiceAccountByID retrieves a permission by it's id

func GetServiceAccountBySlug 

func GetServiceAccountBySlug(ctx *Context, slug string) (*ServiceAccount, error)

GetServiceAccountBySlug retrieves a permission by it's id-name

func GetServiceAccountList 

func GetServiceAccountList(ctx *Context, offset int, limit int) ([]*ServiceAccount, error)

GetServiceAccountList returns a page of services accounts for the provided tenant

type ServiceAccountCredentials 

type ServiceAccountCredentials struct {
	AccessKey string
	SecretKey string
}

func GetCredentialsForServiceAccount 

func GetCredentialsForServiceAccount(ctx *Context, serviceAccountID *uuid.UUID) (*ServiceAccountCredentials, error)

GetCredentialsForServiceAccount gets the access_key assigned to the provided service account. As stated in other places the secret is not stored and cannot be retrieved.

type Session 

type Session struct {
	ID        string
	UserID    uuid.UUID
	TenantID  uuid.UUID
	OcurredAt time.Time
	LastEvent time.Time
	ExpiresAt time.Time
	Status    SessionStatus
}

func CreateSession 

func CreateSession(ctx *Context, user *User, tenant *Tenant) (*Session, error)

func GetUserSessionsFromDB 

func GetUserSessionsFromDB(ctx *Context, user *User, status SessionStatus) (sessions []*Session, err error)

GetUserSessionsFromDB get all sessions for a particular user

func GetValidSession 

func GetValidSession(sessionID string) (*Session, error)

GetValidSession validates the sessionID available in the grpc metadata headers and returns the session row id and tenant's id

type SessionStatus 

type SessionStatus string

SessionStatus - account status. 

const (
	SessionValid   SessionStatus = "valid"
	SessionInvalid SessionStatus = "invalid"
)

Session status per mkube User.

func GetSessionStatusFromString 

func GetSessionStatusFromString(status string) (sessionStatus SessionStatus, err error)

GetSessionStatusFromString converts string type to SessionStatus and throws error if string not is not a valid type

type StorageCluster 

type StorageCluster struct {
	ID   uuid.UUID
	Name string
}

Represents a group of machines with attached storage in which multiple storage groups reside

func AddStorageCluster 

func AddStorageCluster(ctx *Context, scName string) (*StorageCluster, error)

Creates a storage cluster in the DB

func GetStorageClusterByName 

func GetStorageClusterByName(ctx *Context, name string) (*StorageCluster, error)

GetStorageClusterByName returns a storage cluster by name

type StorageGroup 

type StorageGroup struct {
	ID               uuid.UUID
	StorageClusterID *uuid.UUID
	Num              int32
	Name             string
	TotalNodes       int32
	TotalVolumes     int32
	TotalTenants     int32
}

Represents a logical entity in which multiple tenants resides inside a set of machines (Storage Cluster) and spawns across multiple nodes.

func GetStorageGroupByID 

func GetStorageGroupByID(ctx *Context, id *uuid.UUID) (*StorageGroup, error)

GetStorageGroupByID returns a storage group by name

type StorageGroupNode 

type StorageGroupNode struct {
	StorageGroupID *uuid.UUID
	Num            int32
	Node           *Node
}

func GetNodesForStorageGroup 

func GetNodesForStorageGroup(ctx *Context, storageGroupID *uuid.UUID) ([]*StorageGroupNode, error)

Returns a list of nodes for a storage group

type StorageGroupResult 

type StorageGroupResult struct {
	*StorageGroup
	Error error
}

Struct returned by goroutines via channels that bundles a possible error.

type StorageGroupTenant 

type StorageGroupTenant struct {
	*Tenant
	*StorageGroup
	Port        int32
	ServiceName string
}

Represents the allocation of a tenant to a specific `StorageGroup`

func (*StorageGroupTenant) Address 

func (sgt *StorageGroupTenant) Address() string

Address returns the address where the tenant is located on the storage group

func (*StorageGroupTenant) HTTPAddress 

func (sgt *StorageGroupTenant) HTTPAddress(ssl bool) string

Address returns the address where the tenant is located on the storage group with the http protocol in the url

type StorageGroupTenantResult 

type StorageGroupTenantResult struct {
	*StorageGroupTenant
	Error error
}

Struct returned by goroutines via channels that bundles a possible error.

type Task 

type Task struct {
	ID     int64
	Name   string
	Status TaskStatus
	// json representation of the data
	Data []byte
}

type TaskStatus 

type TaskStatus string

type Tenant 

type Tenant struct {
	ID        uuid.UUID
	Name      string
	ShortName string
	Domain    string
	Enabled   bool
}

func GetTenantByDomain 

func GetTenantByDomain(tenantDomain string) (tenant Tenant, err error)

func GetTenantByDomainWithCtx 

func GetTenantByDomainWithCtx(ctx *Context, tenantDomain string) (tenant Tenant, err error)

GetTenantByDomainWithCtx gets the Tenant if it exists on the m3.provisining.tenants table search is done by tenant name

func GetTenantByID 

func GetTenantByID(tenantID *uuid.UUID) (tenant Tenant, err error)

GetTenantByID returns a tenant by id

func GetTenantWithCtxByID 

func GetTenantWithCtxByID(ctx *Context, tenantID *uuid.UUID) (tenant Tenant, err error)

GetTenantWithCtxByID gets the Tenant if it exists on the m3.provisining.tenants table search is done by tenant id

func GetTenantWithCtxByServiceName 

func GetTenantWithCtxByServiceName(ctx *Context, serviceName string) (tenant Tenant, err error)

GetTenantWithCtxByServiceName gets the Tenant if it exists on the m3.provisining.tenants table search is done by tenant service name

func GrabAvailableTenant 

func GrabAvailableTenant(ctx *Context) (*Tenant, error)

GrabAvailableTenant will select an available tenant and mark it for update so it cannot be grabbed by a different process.

type TenantAddActionResult 

type TenantAddActionResult struct {
	TenantResponse *pb.TenantResponse
	Error          error
}

type TenantBucketInfo 

type TenantBucketInfo struct {
	Name   string
	Access BucketAccess
}

func ListBuckets 

func ListBuckets(tenantShortname string) ([]TenantBucketInfo, error)

ListBuckets for the given tenant's short name

type TenantConfiguration 

type TenantConfiguration struct {
	AccessKey string
	SecretKey string
	TLS       bool // TODO: add TLS support
}

TenantConfiguration - holds the configuration for a Tenant

func GetTenantConfig 

func GetTenantConfig(tenant *Tenant) (*TenantConfiguration, error)

GetTenantConfig returns the access/secret keys for a given tenant

type TenantDeleteActionResult 

type TenantDeleteActionResult struct {
	TenantResponse *pb.TenantResponse
	Error          error
}

type TenantResult 

type TenantResult struct {
	Tenant *Tenant
	Error  error
}

Wraps a Tenant result with a possible error

type TenantRoute 

type TenantRoute struct {
	ShortName   string
	Domain      string
	Port        int32
	ServiceName string
}

type TenantServiceResult 

type TenantServiceResult struct {
	Tenant  *Tenant
	Service string
	Port    int32
	Error   error
}

Wraps a Tenant result with a possible error

type URLJwtToken 

type URLJwtToken struct {
	Token    uuid.UUID `json:"t"`
	TenantID uuid.UUID `json:"e"`
	jwt.StandardClaims
}

func ParseAndValidateJwtToken 

func ParseAndValidateJwtToken(tokenString string) (*URLJwtToken, error)

ParseAndValidateJwtToken parses and validates the jwt token

type URLToken 

type URLToken struct {
	ID         uuid.UUID
	TenantID   uuid.UUID
	UserID     uuid.UUID
	Expiration time.Time
	UsedFor    string
	Consumed   bool
}

func GetTenantTokenDetails 

func GetTenantTokenDetails(ctx *Context, urlToken *uuid.UUID) (*URLToken, error)

GetTenantTokenDetails get the details for the provided urlToken

type User 

type User struct {
	Name     string
	Email    string
	Password string
	ID       uuid.UUID
	Enabled  bool
}

func GetUserByEmail 

func GetUserByEmail(ctx *Context, email string) (user User, err error)

GetUserByEmail searches for the user by Email in the defined tenant's database and returns the User if it was found

func GetUserByID 

func GetUserByID(ctx *Context, id uuid.UUID) (user User, err error)

GetUserByID searches for the user by ID in the defined tenant's database and returns the User if it was found

func GetUsersForTenant 

func GetUsersForTenant(ctx *Context, offset int32, limit int32) ([]*User, error)

GetUsersForTenant returns a page of users for the provided tenant

type UserUICredentials 

type UserUICredentials struct {
	AccessKey string
	SecretKey string
}

func GetUserUICredentials 

func GetUserUICredentials(tenantShortName string, userID *uuid.UUID) (*UserUICredentials, error)

GetUserUICredentials returns the UI access/secret key pair for a given user for a given tenant

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.