provider

package
v2.16.12 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 16, 2021 License: Apache-2.0 Imports: 25 Imported by: 2

Documentation

Overview

Package provider contains abstract cloud provider types and interfaces.

Index

Constants

View Source
const (
	FakeCloudProvider         = "fake"
	DigitaloceanCloudProvider = "digitalocean"
	BringYourOwnCloudProvider = "bringyourown"
	AWSCloudProvider          = "aws"
	AzureCloudProvider        = "azure"
	OpenstackCloudProvider    = "openstack"
	PacketCloudProvider       = "packet"
	HetznerCloudProvider      = "hetzner"
	VSphereCloudProvider      = "vsphere"
	GCPCloudProvider          = "gcp"
	KubevirtCloudProvider     = "kubevirt"
	AlibabaCloudProvider      = "alibaba"
	AnexiaCloudProvider       = "anexia"

	DefaultSSHPort     = 22
	DefaultKubeletPort = 10250

	DefaultKubeconfigFieldPath = "kubeconfig"
)

Constants defining known cloud providers.

View Source
const (
	// DefaultSeedName is the name of the Seed resource that is used
	// in the Community Edition, which is limited to a single seed.
	DefaultSeedName = "kubermatic"
)

Variables

View Source
var (
	// ErrNotFound tells that the requests resource was not found
	ErrNotFound = errors.New("the given resource was not found")
	// ErrAlreadyExists tells that the given resource already exists
	ErrAlreadyExists = errors.New("the given resource already exists")
)

Functions

func ClusterCloudProviderName

func ClusterCloudProviderName(spec kubermaticv1.CloudSpec) (string, error)

ClusterCloudProviderName returns the provider name for the given CloudSpec.

func DatacenterCloudProviderName

func DatacenterCloudProviderName(spec *kubermaticv1.DatacenterSpec) (string, error)

DatacenterCloudProviderName returns the provider name for the given Datacenter.

func DatacenterFromSeedMap

func DatacenterFromSeedMap(userInfo *UserInfo, seedsGetter SeedsGetter, datacenterName string) (*kubermaticv1.Seed, *kubermaticv1.Datacenter, error)

Needed because the cloud providers are initialized once during startup and get all DCs. We need to change the cloud providers to by dynamically initialized when needed instead once we support datacenters as CRDs. TODO: Find a way to lift the current requirement of unique nodeDatacenter names. It is needed only because we put the nodeDatacenter name on the cluster but not the seed

Types

type AddonConfigProvider

type AddonConfigProvider interface {
	Get(addonName string) (*kubermaticv1.AddonConfig, error)
	List() (*kubermaticv1.AddonConfigList, error)
}

type AddonProvider

type AddonProvider interface {
	// New creates a new addon in the given cluster
	New(userInfo *UserInfo, cluster *kubermaticv1.Cluster, addonName string, variables *runtime.RawExtension, labels map[string]string) (*kubermaticv1.Addon, error)

	// List gets all addons that belong to the given cluster
	// If you want to filter the result please take a look at ClusterListOptions
	List(userInfo *UserInfo, cluster *kubermaticv1.Cluster) ([]*kubermaticv1.Addon, error)

	// Get returns the given addon
	Get(userInfo *UserInfo, cluster *kubermaticv1.Cluster, addonName string) (*kubermaticv1.Addon, error)

	// Update updates an addon
	Update(userInfo *UserInfo, cluster *kubermaticv1.Cluster, newAddon *kubermaticv1.Addon) (*kubermaticv1.Addon, error)

	// Delete deletes the given addon
	Delete(userInfo *UserInfo, cluster *kubermaticv1.Cluster, addonName string) error
}

AddonProvider declares the set of methods for interacting with addons

type AddonProviderGetter

type AddonProviderGetter = func(seed *kubermaticv1.Seed) (AddonProvider, error)

AddonProviderGetterr is used to get an AddonProvider

type AdminProvider

type AdminProvider interface {
	SetAdmin(userInfo *UserInfo, email string, isAdmin bool) (*kubermaticv1.User, error)
	GetAdmins(userInfo *UserInfo) ([]kubermaticv1.User, error)
}

AdminProvider declares the set of methods for interacting with admin

type AdmissionPluginsProvider

type AdmissionPluginsProvider interface {
	List(userInfo *UserInfo) ([]kubermaticv1.AdmissionPlugin, error)
	Get(userInfo *UserInfo, name string) (*kubermaticv1.AdmissionPlugin, error)
	Delete(userInfo *UserInfo, name string) error
	Update(userInfo *UserInfo, admissionPlugin *kubermaticv1.AdmissionPlugin) (*kubermaticv1.AdmissionPlugin, error)
	ListPluginNamesFromVersion(fromVersion string) ([]string, error)
}

AdmissionPluginsProvider declares the set of methods for interacting with admission plugins

type CloudProvider

type CloudProvider interface {
	InitializeCloudProvider(*kubermaticv1.Cluster, ClusterUpdater) (*kubermaticv1.Cluster, error)
	CleanUpCloudProvider(*kubermaticv1.Cluster, ClusterUpdater) (*kubermaticv1.Cluster, error)
	DefaultCloudSpec(spec *kubermaticv1.CloudSpec) error
	ValidateCloudSpec(spec kubermaticv1.CloudSpec) error
	ValidateCloudSpecUpdate(oldSpec kubermaticv1.CloudSpec, newSpec kubermaticv1.CloudSpec) error
}

CloudProvider declares a set of methods for interacting with a cloud provider

func ClusterCloudProvider

func ClusterCloudProvider(cps map[string]CloudProvider, c *kubermaticv1.Cluster) (string, CloudProvider, error)

ClusterCloudProvider returns the provider for the given cluster where one of Cluster.Spec.Cloud.* is set.

type ClusterGetOptions

type ClusterGetOptions struct {
	// CheckInitStatus if set to true will check if cluster is initialized. The call will return error if
	// not all cluster components are running
	CheckInitStatus bool
}

ClusterGetOptions allows to check the status of the cluster

type ClusterListOptions

type ClusterListOptions struct {
	// ClusterSpecName gets the clusters with the given name in the spec
	ClusterSpecName string
}

ClusterListOptions allows to set filters that will be applied to filter the result.

type ClusterProvider

type ClusterProvider interface {
	// New creates a brand new cluster that is bound to the given project
	New(project *kubermaticv1.Project, userInfo *UserInfo, cluster *kubermaticv1.Cluster) (*kubermaticv1.Cluster, error)

	// List gets all clusters that belong to the given project
	// If you want to filter the result please take a look at ClusterListOptions
	//
	// Note:
	// After we get the list of clusters we could try to get each cluster individually using unprivileged account to see if the user have read access,
	// We don't do this because we assume that if the user was able to get the project (argument) it has to have at least read access.
	List(project *kubermaticv1.Project, options *ClusterListOptions) (*kubermaticv1.ClusterList, error)

	// ListAll gets all clusters for the seed
	ListAll() (*kubermaticv1.ClusterList, error)

	// Get returns the given cluster, it uses the projectInternalName to determine the group the user belongs to
	Get(userInfo *UserInfo, clusterName string, options *ClusterGetOptions) (*kubermaticv1.Cluster, error)

	// Update updates a cluster
	Update(project *kubermaticv1.Project, userInfo *UserInfo, newCluster *kubermaticv1.Cluster) (*kubermaticv1.Cluster, error)

	// Delete deletes the given cluster
	Delete(userInfo *UserInfo, clusterName string) error

	// GetAdminKubeconfigForCustomerCluster returns the admin kubeconfig for the given cluster
	GetAdminKubeconfigForCustomerCluster(cluster *kubermaticv1.Cluster) (*clientcmdapi.Config, error)

	// GetViewerKubeconfigForCustomerCluster returns the viewer kubeconfig for the given cluster
	GetViewerKubeconfigForCustomerCluster(cluster *kubermaticv1.Cluster) (*clientcmdapi.Config, error)

	// RevokeViewerKubeconfig revokes viewer token and kubeconfig
	RevokeViewerKubeconfig(c *kubermaticv1.Cluster) error

	// RevokeAdminKubeconfig revokes the viewer token and kubeconfig
	RevokeAdminKubeconfig(c *kubermaticv1.Cluster) error

	// GetAdminClientForCustomerCluster returns a client to interact with all resources in the given cluster
	//
	// Note that the client you will get has admin privileges
	GetAdminClientForCustomerCluster(context.Context, *kubermaticv1.Cluster) (ctrlruntimeclient.Client, error)

	// GetClientForCustomerCluster returns a client to interact with all resources in the given cluster
	//
	// Note that the client doesn't use admin account instead it authn/authz as userInfo(email, group)
	GetClientForCustomerCluster(context.Context, *UserInfo, *kubermaticv1.Cluster) (ctrlruntimeclient.Client, error)

	// GetTokenForCustomerCluster returns a token for the given cluster with permissions granted to group that
	// user belongs to.
	GetTokenForCustomerCluster(context.Context, *UserInfo, *kubermaticv1.Cluster) (string, error)

	// IsCluster checks if cluster exist with the given name
	IsCluster(clusterName string) bool
}

ClusterProvider declares the set of methods for interacting with clusters This provider is Project and RBAC compliant

type ClusterProviderGetter

type ClusterProviderGetter = func(seed *kubermaticv1.Seed) (ClusterProvider, error)

ClusterProviderGetter is used to get a clusterProvider

type ClusterUpdater

type ClusterUpdater func(string, func(*kubermaticv1.Cluster)) (*kubermaticv1.Cluster, error)

ClusterUpdater defines a function to persist an update to a cluster

type ConstraintProvider added in v2.16.3

type ConstraintProvider interface {
	// List gets a list of constraints
	//
	// Note that the list is taken from the cache
	List(cluster *kubermaticv1.Cluster) (*kubermaticv1.ConstraintList, error)

	// Get gets the given constraints
	Get(cluster *kubermaticv1.Cluster, name string) (*kubermaticv1.Constraint, error)

	// Create creates the given constraint
	Create(userInfo *UserInfo, constraint *kubermaticv1.Constraint) (*kubermaticv1.Constraint, error)

	// Delete deletes the given constraint
	Delete(cluster *kubermaticv1.Cluster, userInfo *UserInfo, name string) error

	// Update updates the given constraint
	Update(userInfo *UserInfo, constraint *kubermaticv1.Constraint) (*kubermaticv1.Constraint, error)
}

ConstraintProvider declares the set of method for interacting with constraints

type ConstraintTemplateProvider added in v2.16.3

type ConstraintTemplateProvider interface {
	// List gets a list of constraint templates, by default it returns all resources.
	//
	// Note that the list is taken from the cache
	List() (*kubermaticv1.ConstraintTemplateList, error)

	// Get gets the given constraint template
	Get(name string) (*kubermaticv1.ConstraintTemplate, error)

	// Create a Constraint Template
	Create(ct *kubermaticv1.ConstraintTemplate) (*kubermaticv1.ConstraintTemplate, error)

	// Update a Constraint Template
	Update(ct *kubermaticv1.ConstraintTemplate) (*kubermaticv1.ConstraintTemplate, error)

	// Delete a Constraint Template
	Delete(ct *kubermaticv1.ConstraintTemplate) error
}

ConstraintTemplateProvider declares the set of method for interacting with gatekeeper's constraint templates

type EventRecorderProvider

type EventRecorderProvider interface {
	// ClusterRecorderFor returns a event recorder that will be able to record event for objects in the cluster
	// referred by provided cluster config.
	ClusterRecorderFor(client kubernetes.Interface) record.EventRecorder
}

EventRecorderProvider allows to record events for objects that can be read using K8S API.

type ExternalClusterProvider

type ExternalClusterProvider interface {
	New(userInfo *UserInfo, project *kubermaticv1.Project, cluster *kubermaticv1.ExternalCluster) (*kubermaticv1.ExternalCluster, error)

	Get(userInfo *UserInfo, clusterName string) (*kubermaticv1.ExternalCluster, error)

	Delete(userInfo *UserInfo, cluster *kubermaticv1.ExternalCluster) error

	Update(userInfo *UserInfo, cluster *kubermaticv1.ExternalCluster) (*kubermaticv1.ExternalCluster, error)

	List(project *kubermaticv1.Project) (*kubermaticv1.ExternalClusterList, error)

	GenerateClient(cfg *clientcmdapi.Config) (ctrlruntimeclient.Client, error)

	GetClient(cluster *kubermaticv1.ExternalCluster) (ctrlruntimeclient.Client, error)

	CreateOrUpdateKubeconfigSecretForCluster(ctx context.Context, cluster *kubermaticv1.ExternalCluster, kubeconfig string) error

	GetVersion(cluster *kubermaticv1.ExternalCluster) (*ksemver.Semver, error)

	ListNodes(cluster *kubermaticv1.ExternalCluster) (*corev1.NodeList, error)

	GetNode(cluster *kubermaticv1.ExternalCluster, nodeName string) (*corev1.Node, error)

	IsMetricServerAvailable(cluster *kubermaticv1.ExternalCluster) (bool, error)
}

ExternalClusterProvider declares the set of methods for interacting with external cluster

type PresetProvider

type PresetProvider interface {
	CreatePreset(preset *kubermaticv1.Preset) (*kubermaticv1.Preset, error)
	UpdatePreset(preset *kubermaticv1.Preset) (*kubermaticv1.Preset, error)
	GetPresets(userInfo *UserInfo) ([]kubermaticv1.Preset, error)
	GetPreset(userInfo *UserInfo, name string) (*kubermaticv1.Preset, error)
	SetCloudCredentials(userInfo *UserInfo, presetName string, cloud kubermaticv1.CloudSpec, dc *kubermaticv1.Datacenter) (*kubermaticv1.CloudSpec, error)
}

PresetProvider declares the set of methods for interacting with presets

type PrivilegedAddonProvider

type PrivilegedAddonProvider interface {
	// ListUnsecured gets all addons that belong to the given cluster
	// If you want to filter the result please take a look at ClusterListOptions
	//
	// Note that this function:
	// is unsafe in a sense that it uses privileged account to get the resources
	ListUnsecured(cluster *kubermaticv1.Cluster) ([]*kubermaticv1.Addon, error)

	// NewUnsecured creates a new addon in the given cluster
	//
	// Note that this function:
	// is unsafe in a sense that it uses privileged account to create the resource
	NewUnsecured(cluster *kubermaticv1.Cluster, addonName string, variables *runtime.RawExtension, labels map[string]string) (*kubermaticv1.Addon, error)

	// GetUnsecured returns the given addon
	//
	// Note that this function:
	// is unsafe in a sense that it uses privileged account to get the resource
	GetUnsecured(cluster *kubermaticv1.Cluster, addonName string) (*kubermaticv1.Addon, error)

	// UpdateUnsecured updates an addon
	//
	// Note that this function:
	// is unsafe in a sense that it uses privileged account to update the resource
	UpdateUnsecured(cluster *kubermaticv1.Cluster, newAddon *kubermaticv1.Addon) (*kubermaticv1.Addon, error)

	// DeleteUnsecured deletes the given addon
	//
	// Note that this function:
	// is unsafe in a sense that it uses privileged account to delete the resource
	DeleteUnsecured(cluster *kubermaticv1.Cluster, addonName string) error
}

type PrivilegedClusterProvider

type PrivilegedClusterProvider interface {
	// GetSeedClusterAdminRuntimeClient returns a runtime client to interact with all resources in the seed cluster
	//
	// Note that the client you will get has admin privileges in the seed cluster
	GetSeedClusterAdminRuntimeClient() ctrlruntimeclient.Client

	// GetSeedClusterAdminClient returns a kubernetes client to interact with all resources in the seed cluster
	//
	// Note that the client you will get has admin privileges in the seed cluster
	GetSeedClusterAdminClient() kubernetes.Interface

	// GetUnsecured returns a cluster for the project and given name.
	//
	// Note that the admin privileges are used to get cluster
	GetUnsecured(project *kubermaticv1.Project, clusterName string, options *ClusterGetOptions) (*kubermaticv1.Cluster, error)

	// UpdateUnsecured updates a cluster.
	//
	// Note that the admin privileges are used to update cluster
	UpdateUnsecured(project *kubermaticv1.Project, cluster *kubermaticv1.Cluster) (*kubermaticv1.Cluster, error)

	// DeleteUnsecured deletes a cluster.
	//
	// Note that the admin privileges are used to delete cluster
	DeleteUnsecured(cluster *kubermaticv1.Cluster) error

	// NewUnsecured creates a brand new cluster that is bound to the given project.
	//
	// Note that the admin privileges are used to create cluster
	NewUnsecured(project *kubermaticv1.Project, cluster *kubermaticv1.Cluster, userEmail string) (*kubermaticv1.Cluster, error)
}

PrivilegedClusterProvider declares the set of methods for interacting with the seed clusters as an admin.

type PrivilegedConstraintProvider added in v2.16.3

type PrivilegedConstraintProvider interface {
	// CreateUnsecured creates the given constraint using a privileged client
	//
	// Note that this function:
	// is unsafe in a sense that it uses privileged account to create the resource
	CreateUnsecured(constraint *kubermaticv1.Constraint) (*kubermaticv1.Constraint, error)

	// DeleteUnsecured deletes a constraint using a privileged client
	//
	// Note that this function:
	// is unsafe in a sense that it uses privileged account to delete the resource
	DeleteUnsecured(cluster *kubermaticv1.Cluster, name string) error

	// UpdateUnsecured updates the given constraint using a privileged client
	//
	// Note that this function:
	// is unsafe in a sense that it uses privileged account to update the resource
	UpdateUnsecured(constraint *kubermaticv1.Constraint) (*kubermaticv1.Constraint, error)
}

PrivilegedConstraintProvider declares a set of methods for interacting with constraints using a privileged client

type PrivilegedExternalClusterProvider

type PrivilegedExternalClusterProvider interface {
	// NewUnsecured creates an external cluster
	//
	// Note that this function:
	// is unsafe in a sense that it uses privileged account to create the resources
	NewUnsecured(project *kubermaticv1.Project, cluster *kubermaticv1.ExternalCluster) (*kubermaticv1.ExternalCluster, error)

	// DeleteUnsecured deletes an external cluster
	//
	// Note that this function:
	// is unsafe in a sense that it uses privileged account to delete the resources
	DeleteUnsecured(cluster *kubermaticv1.ExternalCluster) error

	// GetUnsecured gets an external cluster
	//
	// Note that this function:
	// is unsafe in a sense that it uses privileged account to get the resources
	GetUnsecured(clusterName string) (*kubermaticv1.ExternalCluster, error)

	// UpdateUnsecured updates an external cluster
	//
	// Note that this function:
	// is unsafe in a sense that it uses privileged account to update the resources
	UpdateUnsecured(cluster *kubermaticv1.ExternalCluster) (*kubermaticv1.ExternalCluster, error)
}

ExternalClusterProvider declares the set of methods for interacting with external cluster

type PrivilegedProjectMemberProvider

type PrivilegedProjectMemberProvider interface {
	// CreateUnsecured creates a binding for the given member and the given project
	// This function is unsafe in a sense that it uses privileged account to create the resource
	CreateUnsecured(project *kubermaticv1.Project, memberEmail, group string) (*kubermaticv1.UserProjectBinding, error)

	// DeleteUnsecured deletes the given binding
	// Note:
	// Use List to get binding for the specific member of the given project
	// This function is unsafe in a sense that it uses privileged account to delete the resource
	DeleteUnsecured(bindingName string) error

	// UpdateUnsecured updates the given binding
	// This function is unsafe in a sense that it uses privileged account to update the resource
	UpdateUnsecured(binding *kubermaticv1.UserProjectBinding) (*kubermaticv1.UserProjectBinding, error)
}

PrivilegedProjectMemberProvider binds users with projects and uses privileged account for it

type PrivilegedProjectProvider

type PrivilegedProjectProvider interface {
	// GetUnsecured returns the project with the given name
	// This function is unsafe in a sense that it uses privileged account to get project with the given name
	GetUnsecured(projectInternalName string, options *ProjectGetOptions) (*kubermaticv1.Project, error)

	// DeleteUnsecured deletes any given project
	// This function is unsafe in a sense that it uses privileged account to delete project with the given name
	DeleteUnsecured(projectInternalName string) error

	// UpdateUnsecured update an existing project and returns it
	// This function is unsafe in a sense that it uses privileged account to update project
	UpdateUnsecured(project *kubermaticv1.Project) (*kubermaticv1.Project, error)
}

PrivilegedProjectProvider declares the set of method for interacting with kubermatic's project and uses privileged account for it

type PrivilegedSSHKeyProvider

type PrivilegedSSHKeyProvider interface {
	// GetUnsecured returns a key with the given name
	// This function is unsafe in a sense that it uses privileged account to get the ssh key
	GetUnsecured(keyName string) (*kubermaticv1.UserSSHKey, error)

	// UpdateUnsecured update a specific ssh key and returns the updated ssh key
	// This function is unsafe in a sense that it uses privileged account to update the ssh key
	UpdateUnsecured(sshKey *kubermaticv1.UserSSHKey) (*kubermaticv1.UserSSHKey, error)

	// Create creates a ssh key that belongs to the given project
	// This function is unsafe in a sense that it uses privileged account to create the ssh key
	CreateUnsecured(project *kubermaticv1.Project, keyName, pubKey string) (*kubermaticv1.UserSSHKey, error)

	// Delete deletes the given ssh key
	// This function is unsafe in a sense that it uses privileged account to delete the ssh key
	DeleteUnsecured(keyName string) error
}

SSHKeyProvider declares the set of methods for interacting with ssh keys and uses privileged account for it

type PrivilegedServiceAccountProvider

type PrivilegedServiceAccountProvider interface {
	// CreateUnsecured creates a service accounts
	//
	// Note that this function:
	// is unsafe in a sense that it uses privileged account to create the resources
	CreateUnsecured(project *kubermaticv1.Project, name, group string) (*kubermaticv1.User, error)

	// ListUnsecured gets all service accounts
	// If you want to filter the result please take a look at ServiceAccountListOptions
	//
	// Note that this function:
	// is unsafe in a sense that it uses privileged account to get the resources
	ListUnsecured(project *kubermaticv1.Project, options *ServiceAccountListOptions) ([]*kubermaticv1.User, error)

	// GetUnsecured gets all service accounts
	//
	// Note that this function:
	// is unsafe in a sense that it uses privileged account to get the resource
	GetUnsecured(name string, options *ServiceAccountGetOptions) (*kubermaticv1.User, error)

	// UpdateUnsecured gets all service accounts
	//
	// Note that this function:
	// is unsafe in a sense that it uses privileged account to update the resource
	UpdateUnsecured(serviceAccount *kubermaticv1.User) (*kubermaticv1.User, error)

	// DeleteUnsecured gets all service accounts
	//
	// Note that this function:
	// is unsafe in a sense that it uses privileged account to delete the resource
	DeleteUnsecured(name string) error
}

PrivilegedServiceAccountProvider declares the set of methods for interacting with kubermatic service account

type PrivilegedServiceAccountTokenProvider

type PrivilegedServiceAccountTokenProvider interface {
	// ListUnsecured returns all tokens in kubermatic namespace
	//
	// Note that this function:
	// is unsafe in a sense that it uses privileged account to get the resource
	// gets resources from the cache
	ListUnsecured(*ServiceAccountTokenListOptions) ([]*corev1.Secret, error)

	// CreateUnsecured creates a new token
	//
	// Note that this function:
	// is unsafe in a sense that it uses privileged account to create the resource
	CreateUnsecured(sa *kubermaticv1.User, projectID, tokenName, tokenID, tokenData string) (*corev1.Secret, error)

	// GetUnsecured gets the token
	//
	// Note that this function:
	// is unsafe in a sense that it uses privileged account to get the resource
	GetUnsecured(name string) (*corev1.Secret, error)

	// UpdateUnsecured updates the token
	//
	// Note that this function:
	// is unsafe in a sense that it uses privileged account to get the resource
	UpdateUnsecured(secret *corev1.Secret) (*corev1.Secret, error)

	// DeleteUnsecured deletes the token
	//
	// Note that this function:
	// is unsafe in a sense that it uses privileged account to delete the resource
	DeleteUnsecured(name string) error
}

PrivilegedServiceAccountTokenProvider declares the set of method for interacting with kubermatic's sa's tokens and uses privileged account for it

type ProjectGetOptions

type ProjectGetOptions struct {
	// IncludeUninitialized if set to true will skip the check if project is initialized. By default the call will return
	// an  error if not all project components are active
	IncludeUninitialized bool
}

ProjectGetOptions allows to check the status of the Project

type ProjectListOptions

type ProjectListOptions struct {
	// ProjectName list only projects with the given name
	ProjectName string

	// OwnerUID list only project that belong to this user
	OwnerUID types.UID
}

ProjectListOptions allows to set filters that will be applied to the result returned form List method

type ProjectMemberListOptions

type ProjectMemberListOptions struct {
	// MemberEmail set the email address of a member for the given project
	MemberEmail string

	// SkipPrivilegeVerification if set will not check if the user that wants to list members of the given project has sufficient privileges.
	SkipPrivilegeVerification bool
}

ProjectMemberListOptions allows to set filters that will be applied to filter the result.

type ProjectMemberMapper

type ProjectMemberMapper interface {
	// MapUserToGroup maps the given user to a specific group of the given project
	// This function is unsafe in a sense that it uses privileged account to list all members in the system
	MapUserToGroup(userEmail string, projectID string) (string, error)

	// MappingsFor returns the list of projects (bindings) for the given user
	// This function is unsafe in a sense that it uses privileged account to list all members in the system
	MappingsFor(userEmail string) ([]*kubermaticv1.UserProjectBinding, error)
}

ProjectMemberMapper exposes method that knows how to map a user to a group for a project

type ProjectMemberProvider

type ProjectMemberProvider interface {
	// Create creates a binding for the given member and the given project
	Create(userInfo *UserInfo, project *kubermaticv1.Project, memberEmail, group string) (*kubermaticv1.UserProjectBinding, error)

	// List gets all members of the given project
	List(userInfo *UserInfo, project *kubermaticv1.Project, options *ProjectMemberListOptions) ([]*kubermaticv1.UserProjectBinding, error)

	// Delete deletes the given binding
	// Note:
	// Use List to get binding for the specific member of the given project
	Delete(userInfo *UserInfo, bindinName string) error

	// Update updates the given binding
	Update(userInfo *UserInfo, binding *kubermaticv1.UserProjectBinding) (*kubermaticv1.UserProjectBinding, error)
}

ProjectMemberProvider binds users with projects

type ProjectProvider

type ProjectProvider interface {
	// New creates a brand new project in the system with the given name
	// Note that a user cannot own more than one project with the given name
	New(user *kubermaticv1.User, name string, labels map[string]string) (*kubermaticv1.Project, error)

	// Delete deletes the given project as the given user
	//
	// Note:
	// Before deletion project's status.phase is set to ProjectTerminating
	Delete(userInfo *UserInfo, projectInternalName string) error

	// Get returns the project with the given name
	Get(userInfo *UserInfo, projectInternalName string, options *ProjectGetOptions) (*kubermaticv1.Project, error)

	// Update update an existing project and returns it
	Update(userInfo *UserInfo, newProject *kubermaticv1.Project) (*kubermaticv1.Project, error)

	// List gets a list of projects, by default it returns all resources.
	// If you want to filter the result please set ProjectListOptions
	//
	// Note that the list is taken from the cache
	List(options *ProjectListOptions) ([]*kubermaticv1.Project, error)
}

ProjectProvider declares the set of method for interacting with kubermatic's project

type SSHKeyListOptions

type SSHKeyListOptions struct {
	// ClusterName gets the keys that are being used by the given cluster name
	ClusterName string
	// SSHKeyName gets the ssh keys with the given name in the spec
	SSHKeyName string
}

SSHKeyListOptions allows to set filters that will be applied to filter the result.

type SSHKeyProvider

type SSHKeyProvider interface {
	// List gets a list of ssh keys, by default it will get all the keys that belong to the given project.
	// If you want to filter the result please take a look at SSHKeyListOptions
	//
	// Note:
	// After we get the list of the keys we could try to get each individually using unprivileged account to see if the user have read access,
	List(project *kubermaticv1.Project, options *SSHKeyListOptions) ([]*kubermaticv1.UserSSHKey, error)

	// Create creates a ssh key that belongs to the given project
	Create(userInfo *UserInfo, project *kubermaticv1.Project, keyName, pubKey string) (*kubermaticv1.UserSSHKey, error)

	// Delete deletes the given ssh key
	Delete(userInfo *UserInfo, keyName string) error

	// Get returns a key with the given name
	Get(userInfo *UserInfo, keyName string) (*kubermaticv1.UserSSHKey, error)

	// Update simply updates the given key
	Update(userInfo *UserInfo, newKey *kubermaticv1.UserSSHKey) (*kubermaticv1.UserSSHKey, error)
}

SSHKeyProvider declares the set of methods for interacting with ssh keys This provider is Project and RBAC compliant

type SecretKeySelectorValueFunc

type SecretKeySelectorValueFunc func(configVar *providerconfig.GlobalSecretKeySelector, key string) (string, error)

SecretKeySelectorValueFunc is used to fetch the value of a config var. Do not build your own implementation, use SecretKeySelectorValueFuncFactory.

type SeedClientGetter

type SeedClientGetter = func(seed *kubermaticv1.Seed) (ctrlruntimeclient.Client, error)

SeedClientGetter is used to get a ctrlruntimeclient for a given seed

func SeedClientGetterFactory

func SeedClientGetterFactory(kubeconfigGetter SeedKubeconfigGetter) SeedClientGetter

SeedClientGetterFactory returns a SeedClientGetter. It uses a RestMapperCache to cache the discovery data, which considerably speeds up client creation.

type SeedGetter

type SeedGetter = func() (*kubermaticv1.Seed, error)

SeedGetter is a function to retrieve a single seed

func SeedGetterFactory

func SeedGetterFactory(ctx context.Context, client ctrlruntimeclient.Client, seedName string, namespace string) (SeedGetter, error)

SeedGetterFactory returns a SeedGetter. It has validation of all its arguments

type SeedKubeconfigGetter

type SeedKubeconfigGetter = func(seed *kubermaticv1.Seed) (*rest.Config, error)

SeedKubeconfigGetter is used to fetch the kubeconfig for a given seed

func SeedKubeconfigGetterFactory

func SeedKubeconfigGetterFactory(ctx context.Context, client ctrlruntimeclient.Client) (SeedKubeconfigGetter, error)

type SeedsGetter

type SeedsGetter = func() (map[string]*kubermaticv1.Seed, error)

SeedsGetter is a function to retrieve a list of seeds

func SeedsGetterFactory

func SeedsGetterFactory(ctx context.Context, client ctrlruntimeclient.Client, namespace string) (SeedsGetter, error)

type ServiceAccountGetOptions

type ServiceAccountGetOptions struct {
	// RemovePrefix when set to false will NOT remove "serviceaccount-" prefix from the ID
	//
	// Note:
	// By default the prefix IS removed, for example given "serviceaccount-7d4b5695vb" it returns "7d4b5695vb"
	RemovePrefix bool
}

ServiceAccountGetOptions allows to set filters that will be applied to filter the get result.

type ServiceAccountListOptions

type ServiceAccountListOptions struct {
	// ServiceAccountName list only service account with the given name
	ServiceAccountName string
}

ServiceAccountListOptions allows to set filters that will be applied to filter the result.

type ServiceAccountProvider

type ServiceAccountProvider interface {
	Create(userInfo *UserInfo, project *kubermaticv1.Project, name, group string) (*kubermaticv1.User, error)
	List(userInfo *UserInfo, project *kubermaticv1.Project, options *ServiceAccountListOptions) ([]*kubermaticv1.User, error)
	Get(userInfo *UserInfo, name string, options *ServiceAccountGetOptions) (*kubermaticv1.User, error)
	Update(userInfo *UserInfo, serviceAccount *kubermaticv1.User) (*kubermaticv1.User, error)
	Delete(userInfo *UserInfo, name string) error
}

ServiceAccountProvider declares the set of methods for interacting with kubermatic service account

type ServiceAccountTokenListOptions

type ServiceAccountTokenListOptions struct {
	// TokenID list only tokens with the specified name
	TokenID string

	// LabelSelector list only tokens with the specified label
	LabelSelector labels.Selector

	// TokenID list only tokens which belong to the SA
	ServiceAccountID string
}

ServiceAccountTokenListOptions allows to set filters that will be applied to filter the result.

type ServiceAccountTokenProvider

type ServiceAccountTokenProvider interface {
	Create(userInfo *UserInfo, sa *kubermaticv1.User, projectID, tokenName, tokenID, tokenData string) (*corev1.Secret, error)
	List(userInfo *UserInfo, project *kubermaticv1.Project, sa *kubermaticv1.User, options *ServiceAccountTokenListOptions) ([]*corev1.Secret, error)
	Get(userInfo *UserInfo, name string) (*corev1.Secret, error)
	Update(userInfo *UserInfo, secret *corev1.Secret) (*corev1.Secret, error)
	Delete(userInfo *UserInfo, name string) error
}

ServiceAccountTokenProvider declares the set of methods for interacting with kubermatic service account token

type SettingsProvider

type SettingsProvider interface {
	GetGlobalSettings() (*kubermaticv1.KubermaticSetting, error)
	UpdateGlobalSettings(userInfo *UserInfo, settings *kubermaticv1.KubermaticSetting) (*kubermaticv1.KubermaticSetting, error)
	WatchGlobalSettings() (watch.Interface, error)
}

SettingsProvider declares the set of methods for interacting global settings

type UserInfo

type UserInfo struct {
	Email   string
	Group   string
	IsAdmin bool
}

UserInfo represent authenticated user

type UserInfoGetter

type UserInfoGetter = func(ctx context.Context, projectID string) (*UserInfo, error)

UserInfoGetter is a function to retrieve a UserInfo

func UserInfoGetterFactory

func UserInfoGetterFactory(userProjectMapper ProjectMemberMapper) (UserInfoGetter, error)

type UserProvider

type UserProvider interface {
	UserByEmail(email string) (*kubermaticv1.User, error)
	CreateUser(id, name, email string) (*kubermaticv1.User, error)
	UpdateUser(user *kubermaticv1.User) (*kubermaticv1.User, error)
	UserByID(id string) (*kubermaticv1.User, error)
	AddUserTokenToBlacklist(user *kubermaticv1.User, token string, expiry apiv1.Time) error
	GetUserBlacklistTokens(user *kubermaticv1.User) ([]string, error)
	WatchUser() (watch.Interface, error)
}

UserProvider declares the set of methods for interacting with kubermatic users

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL