Documentation ¶
Index ¶
- Constants
- func AddTenantIDPrefix(tenantID, input string) string
- func AddTenantIDToUserInfo(tenantID string, info user.Info) user.Info
- func ContainString(sli []string, s string) bool
- func ConvertCRDNameToUpstream(name, tenantID string) string
- func ConvertInternalListOptions(ctx context.Context, options *metainternalversion.ListOptions, tenantID string) (*metav1.ListOptions, error)
- func ConvertTenantObjectNameToUpstream(name, tenantID string, gvk schema.GroupVersionKind) string
- func ConvertUpstreamApiGroupToTenant(tenantID string, apiGroup *metav1.APIGroup)
- func ConvertUpstreamResourceListToTenant(tenantID string, resourceList *metav1.APIResourceList)
- func EncodeCertPEM(cert *x509.Certificate) []byte
- func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte
- func FilterUnstructuredList(utdList *unstructured.UnstructuredList, tenantID string, ...) *unstructured.UnstructuredList
- func FlattenResourceLists(resourceLists []*metav1.APIResourceList) (ret []metav1.APIResource)
- func GenKubeconfig(kubeZooServerAddress, tenantId string, caCert, clientKey, clientCert []byte) ([]byte, error)
- func GetGVR(rsrc metav1.APIResource) schema.GroupVersionResource
- func GetTenantIDFromNamespace(namespace string) (string, error)
- func GetUnstructured(resource interface{}) (*unstructured.Unstructured, error)
- func IsCRD(r metav1.APIResource) bool
- func IsCRDObject(obj runtime.Object) bool
- func IsGroupKindNamespaced(kind metav1.GroupKind) (bool, error)
- func ListCRDsForTenant(tenantID string, crdLister v1.CustomResourceDefinitionLister) ([]*extensionsv1.CustomResourceDefinition, error)
- func NewCertAndKey(caCert *x509.Certificate, caKey crypto.Signer, config *Config) (*x509.Certificate, *rsa.PrivateKey, error)
- func NewPrivateKey() (*rsa.PrivateKey, error)
- func NewSignedCert(cfg *Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error)
- func NewTenantCertAndKey(caFile, caKeyFile, tenantID string) (*x509.Certificate, *rsa.PrivateKey, error)
- func RemoveString(sli []string, s string) (ret []string)
- func TenantFrom(ctx context.Context) (string, bool)
- func TenantIDFrom(ctx context.Context) string
- func TrimTenantIDFromError(err error, tenantID string) error
- func TrimTenantIDFromStatus(status metav1.Status, tenantID string) metav1.Status
- func TrimTenantIDPrefix(tenantID, input string) string
- func UpstreamObjectBelongsToTenant(obj runtime.Object, tenantID string, isNamespaceScoped bool) bool
- func ValidateTenantName(tenantId string) *string
- type AltNames
- type CheckGroupKindFunc
- type Config
- type CustomGroupResourcesMap
- func (grm CustomGroupResourcesMap) GetCRD(apiGroup, resourceName string) *v1.CustomResourceDefinition
- func (grm CustomGroupResourcesMap) HasGroup(apiGroup string) bool
- func (grm CustomGroupResourcesMap) HasGroupResource(apiGroup, resourceName string) bool
- func (grm CustomGroupResourcesMap) HasGroupVersion(apiGroup, version string) bool
- func (grm CustomGroupResourcesMap) HasGroupVersionResource(apiGroup, version, resourceName string) bool
- func (grm CustomGroupResourcesMap) HasResource(resourceName string) bool
- type FakeCRDLister
Constants ¶
const ( AnnotationTenantKubeConfigBase64 = "kubezoo.io/tenant.kubeconfig.base64" KubeZooClusterName = "kube-zoo" RsaKeySize = 2048 // CertificateValidity defines the validity, i.e., 10 Years, for all the signed certificates. CertificateValidity = time.Hour * 24 * 365 * 10 )
const ( TenantIDSeparator = "-" // TODO(renjingsi): move this to tenant apis and add some validations TenantIDLength = 6 TenantIDKey = "tenant" )
Variables ¶
This section is empty.
Functions ¶
func AddTenantIDPrefix ¶
AddTenantIDPrefix add tenantId as the prefix.
func AddTenantIDToUserInfo ¶
AddTenantIDToUserInfo add the tenantId to the extra of userinfo.
func ContainString ¶
ContainString checks if the slice contains the string.
func ConvertCRDNameToUpstream ¶
ConvertCRDNameToUpstream convert the name of CRD with adding tenantId prefix in group.
func ConvertInternalListOptions ¶
func ConvertInternalListOptions(ctx context.Context, options *metainternalversion.ListOptions, tenantID string) (*metav1.ListOptions, error)
ConvertInternalListOptions converts internal versions to v1 version.
func ConvertTenantObjectNameToUpstream ¶
func ConvertTenantObjectNameToUpstream(name, tenantID string, gvk schema.GroupVersionKind) string
ConvertTenantObjectNameToUpstream convert the object to upstream object by adding tenantId prefix.
func ConvertUpstreamApiGroupToTenant ¶
ConvertUpstreamApiGroupToTenant convert upstream the apigroup to tenant by trimming the tenantId prefix.
func ConvertUpstreamResourceListToTenant ¶
func ConvertUpstreamResourceListToTenant(tenantID string, resourceList *metav1.APIResourceList)
ConvertUpstreamResourceListToTenant convert upstream resource list to tenant by trimming the tenantId prefix.
func EncodeCertPEM ¶
func EncodeCertPEM(cert *x509.Certificate) []byte
EncodeCertPEM returns PEM-endcoded certificate data.
func EncodePrivateKeyPEM ¶
func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte
EncodePrivateKeyPEM returns PEM-encoded private key data.
func FilterUnstructuredList ¶
func FilterUnstructuredList(utdList *unstructured.UnstructuredList, tenantID string, isNamespaceScoped bool) *unstructured.UnstructuredList
FilterUnstructuredList filter the unstructures not belonged to the tenant
func FlattenResourceLists ¶
func FlattenResourceLists(resourceLists []*metav1.APIResourceList) (ret []metav1.APIResource)
FlattenResourceLists flattens the given nested list and return a list of resources.
func GenKubeconfig ¶
func GenKubeconfig(kubeZooServerAddress, tenantId string, caCert, clientKey, clientCert []byte) ([]byte, error)
GenKubeconfig signed a kubeconfig for the tenant.
func GetGVR ¶
func GetGVR(rsrc metav1.APIResource) schema.GroupVersionResource
GetGVR returns the corresponding GVR for the given APIResource.
func GetTenantIDFromNamespace ¶
GetTenantIDFromNamespace get the tenantId from the prefix of namespace.
func GetUnstructured ¶
func GetUnstructured(resource interface{}) (*unstructured.Unstructured, error)
GetUnstructured return Unstructured for any given kubernetes type.
func IsCRD ¶
func IsCRD(r metav1.APIResource) bool
IsCRD checks if the given APIResource is the CRD.
func IsCRDObject ¶
IsCRDObject checks whether the input obj is a CRD object or not.
func IsGroupKindNamespaced ¶
IsGroupKindNamespaced check the kind is namespace scoped or not.
func ListCRDsForTenant ¶
func ListCRDsForTenant(tenantID string, crdLister v1.CustomResourceDefinitionLister) ([]*extensionsv1.CustomResourceDefinition, error)
ListCRDsForTenant returns the CRDs belonged to the tenant.
func NewCertAndKey ¶
func NewCertAndKey(caCert *x509.Certificate, caKey crypto.Signer, config *Config) (*x509.Certificate, *rsa.PrivateKey, error)
NewCertAndKey creates new certificate and key by passing the certificate authority certificate and key.
func NewPrivateKey ¶
func NewPrivateKey() (*rsa.PrivateKey, error)
NewPrivateKey creates an RSA private key.
func NewSignedCert ¶
func NewSignedCert(cfg *Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error)
NewSignedCert creates a signed certificate using the given CA certificate and key.
func NewTenantCertAndKey ¶
func NewTenantCertAndKey(caFile, caKeyFile, tenantID string) (*x509.Certificate, *rsa.PrivateKey, error)
NewTenantCertAndKey creates new certificate and key for the denoted tenant.
func RemoveString ¶
RemoveString removes the string from the slice, if found.
func TenantFrom ¶
TenantFrom returns the value of the tenant info on the ctx.
func TenantIDFrom ¶
TenantIDFrom returns tenantID from ctx.
func TrimTenantIDFromError ¶
TrimTenantIDFromError trims tenantID from error message and returns the new error.
func TrimTenantIDFromStatus ¶
TrimTenantIDFromStatus trims tenantID from status and returns the new status.
func TrimTenantIDPrefix ¶
TrimTenantIDPrefix removes tenantId prefix.
func UpstreamObjectBelongsToTenant ¶
func UpstreamObjectBelongsToTenant(obj runtime.Object, tenantID string, isNamespaceScoped bool) bool
UpstreamObjectBelongsToTenant returns true if object belongs to tenant according to tenantID.
func ValidateTenantName ¶
Types ¶
type AltNames ¶
AltNames contains the domain names and IP addresses that will be added to the API Server's x509 certificate SubAltNames field. The values will be passed directly to the x509.Certificate object.
type CheckGroupKindFunc ¶
type CheckGroupKindFunc func(group, kind, tenantID string, isTenantObject bool) (namespaced, customResourceGroup bool, err error)
CheckGroupKindFunc returns whether resource of the group/kind is namespaced and whether it is custom resource group for the tenant.
func NewCheckGroupKindFunc ¶
func NewCheckGroupKindFunc(crdLister v1.CustomResourceDefinitionLister) CheckGroupKindFunc
NewCheckGroupKindFunc returns a check function to check the group/kind type.
type Config ¶
type Config struct { CommonName string Organization []string OrganizationalUnit []string AltNames AltNames Usages []x509.ExtKeyUsage }
Config contains the basic fields required for creating a certificate
type CustomGroupResourcesMap ¶
type CustomGroupResourcesMap map[string]map[string]*v1.CustomResourceDefinition
CustomGroupResourcesMap records the existence of all custom api group and resources for a tenant the first key is api group and the second key is resource name
func NewCustomGroupResourcesMap ¶
func NewCustomGroupResourcesMap(crdList []*v1.CustomResourceDefinition) CustomGroupResourcesMap
NewCustomGroupResourcesMap return a CRD map.
func (CustomGroupResourcesMap) GetCRD ¶
func (grm CustomGroupResourcesMap) GetCRD(apiGroup, resourceName string) *v1.CustomResourceDefinition
GetCRD return the CRD by APIGroup and resource name.
func (CustomGroupResourcesMap) HasGroup ¶
func (grm CustomGroupResourcesMap) HasGroup(apiGroup string) bool
HasGroup checks the map contains the api group or not.
func (CustomGroupResourcesMap) HasGroupResource ¶
func (grm CustomGroupResourcesMap) HasGroupResource(apiGroup, resourceName string) bool
HasGroupResource checks the map contains the group resource or not.
func (CustomGroupResourcesMap) HasGroupVersion ¶
func (grm CustomGroupResourcesMap) HasGroupVersion(apiGroup, version string) bool
HasGroupVersion checks the map contains the group version or not.
func (CustomGroupResourcesMap) HasGroupVersionResource ¶
func (grm CustomGroupResourcesMap) HasGroupVersionResource(apiGroup, version, resourceName string) bool
HasGroupVersionResource checks the map contains the group version resource or not.
func (CustomGroupResourcesMap) HasResource ¶
func (grm CustomGroupResourcesMap) HasResource(resourceName string) bool
HasResource checks the map contains the resource or not.
type FakeCRDLister ¶
type FakeCRDLister struct {
Crds []*apiextensionsv1.CustomResourceDefinition
}
func (*FakeCRDLister) Get ¶
func (l *FakeCRDLister) Get(name string) (*apiextensionsv1.CustomResourceDefinition, error)
func (*FakeCRDLister) List ¶
func (l *FakeCRDLister) List(selector labels.Selector) (ret []*apiextensionsv1.CustomResourceDefinition, err error)