tenantwh

package

v0.0.0-...-2e8aeb9 Latest Latest Go to latest Published: Jul 26, 2023 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/netgroup-polito/CrownLabs

Documentation ¶

Overview ¶

Package tenantwh groups the functionalities related to the Tenant webhook.

Index ¶

Constants
func CalculateWorkspacesDiff(a, b *clv1alpha2.Tenant) map[string]bool
func MakeTenantMutator(c client.Client, webhookBypassGroups []string, ...) *webhook.Admission
func MakeTenantValidator(c client.Client, webhookBypassGroups []string) *webhook.Admission
type TenantMutator
type TenantValidator
type TenantWebhook

Constants ¶

View Source

const LastLoginToleration = time.Hour * 24

LastLoginToleration defines the maximum skew with respect to the current time that is accepted by the webhook for the LastLogin field.

Variables ¶

This section is empty.

Functions ¶

func CalculateWorkspacesDiff ¶

func CalculateWorkspacesDiff(a, b *clv1alpha2.Tenant) map[string]bool

CalculateWorkspacesDiff returns the list of workspaces that are different between two tenants.

func MakeTenantMutator ¶

func MakeTenantMutator(c client.Client, webhookBypassGroups []string, opSelectorKey, opSelectorValue string, baseWorkspaces []string) *webhook.Admission

MakeTenantMutator creates a new webhook handler suitable for controller runtime based on TenantMutator.

func MakeTenantValidator ¶

func MakeTenantValidator(c client.Client, webhookBypassGroups []string) *webhook.Admission

MakeTenantValidator creates a new webhook handler suitable for controller runtime based on TenantValidator.

Types ¶

type TenantMutator ¶

type TenantMutator struct {
	TenantWebhook
	// contains filtered or unexported fields
}

TenantMutator labels Tenants.

func (*TenantMutator) CreatePatchResponse ¶

func (tm *TenantMutator) CreatePatchResponse(ctx context.Context, req *admission.Request, tenant *clv1alpha2.Tenant) admission.Response

CreatePatchResponse creates and admission response with the given tenant.

func (*TenantMutator) EnforceTenantBaseWorkspaces ¶

func (tm *TenantMutator) EnforceTenantBaseWorkspaces(ctx context.Context, tenant *clv1alpha2.Tenant)

EnforceTenantBaseWorkspaces ensure base workspaces are present in the given tenant.

func (*TenantMutator) EnforceTenantLabels ¶

func (tm *TenantMutator) EnforceTenantLabels(ctx context.Context, req *admission.Request, oldLabels map[string]string) (labels map[string]string, warnings []string, err error)

EnforceTenantLabels sets operator selector labels.

func (*TenantMutator) Handle ¶

func (tm *TenantMutator) Handle(ctx context.Context, req admission.Request) admission.Response

Handle on TenantMutator adds operator selector labels to new tenants and prevents possible changes - this method is used by controller runtime.

type TenantValidator ¶

type TenantValidator struct{ TenantWebhook }

TenantValidator validates Tenants.

func (*TenantValidator) Handle ¶

func (tv *TenantValidator) Handle(ctx context.Context, req admission.Request) admission.Response

Handle admits a tenant if user is editing its own tenant or a user is adding/removing workspaces they own to/from another user - this method is used by controller runtime.

func (*TenantValidator) HandleSelfEdit ¶

func (tv *TenantValidator) HandleSelfEdit(ctx context.Context, newTenant, oldTenant *clv1alpha2.Tenant) admission.Response

HandleSelfEdit checks every field but public keys for changes through DeepEqual.

func (*TenantValidator) HandleWorkspaceEdit ¶

func (tv *TenantValidator) HandleWorkspaceEdit(ctx context.Context, newTenant, oldTenant, manager *clv1alpha2.Tenant, operation admissionv1.Operation) admission.Response

HandleWorkspaceEdit checks that changes made to the workspaces have been made by a valid manager, then checks other fields not to have been modified through DeepEqual.

type TenantWebhook ¶

type TenantWebhook struct {
	Client client.Client

	BypassGroups []string // current ns SAs group: system:serviceaccounts:NAMESPACE
	// contains filtered or unexported fields
}

TenantWebhook holds data needed by webhooks.

func (*TenantWebhook) CheckWebhookOverride ¶

func (twh *TenantWebhook) CheckWebhookOverride(req *admission.Request) bool

CheckWebhookOverride verifies the subject who triggered the request can override the webhooks behavior.

func (*TenantWebhook) DecodeTenant ¶

func (twh *TenantWebhook) DecodeTenant(obj runtime.RawExtension) (tenant *clv1alpha2.Tenant, err error)

DecodeTenant decodes the tenant from the incoming request.

func (*TenantWebhook) GetClusterTenant ¶

func (twh *TenantWebhook) GetClusterTenant(ctx context.Context, name string) (tenant *clv1alpha2.Tenant, err error)

GetClusterTenant retrieves the tenant from the cluster given the name.

func (*TenantWebhook) InjectDecoder ¶

func (twh *TenantWebhook) InjectDecoder(d *admission.Decoder) error

InjectDecoder injects the decoder - this method is used by controller runtime.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL