actuator

package

v1.0.0 Latest Latest Go to latest Published: Apr 21, 2023 License: Apache-2.0 Imports: 29 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/gallettilance/cloud-credential-operator

Links

Open Source Insights

Documentation ¶

Overview ¶

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index ¶

func AreSlicesEqualWithoutOrder(a, b []string) bool
func CreateRole(gcpClient ccgcp.Client, permissions []string, ...) (*iamadminpb.Role, error)
func CreateServiceAccount(gcpClient ccgcp.Client, ...) (*iamadminpb.ServiceAccount, error)
func DeleteRole(gcpClient ccgcp.Client, roleName string) (*iamadminpb.Role, error)
func DeleteServiceAccount(gcpClient ccgcp.Client, svcAcct *iamadminpb.ServiceAccount) error
func EnsurePolicyBindingsForProject(rootClient ccgcp.Client, roles []string, member string) error
func EnsurePolicyBindingsForServiceAccount(rootClient ccgcp.Client, svcAcct *iamadminpb.ServiceAccount, roles []string, ...) error
func GenerateRoleID(infraName string, crName string) (string, error)
func GetRole(gcpClient ccgcp.Client, roleID, projectName string) (*iamadminpb.Role, error)
func GetServiceAccount(gcpClient ccgcp.Client, svcAcctID string) (*iamadminpb.ServiceAccount, error)
func RemovePolicyBindingsForProject(gcpClient ccgcp.Client, memberName string) error
func ServiceAccountBindingName(svcAccount *iamadminpb.ServiceAccount) string
func UpdateRole(gcpClient ccgcp.Client, role *iamadminpb.Role, roleName string) (*iamadminpb.Role, error)
type Actuator
- func NewActuator(c client.Client, projectName string) (*Actuator, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AreSlicesEqualWithoutOrder ¶

func AreSlicesEqualWithoutOrder(a, b []string) bool

AreSlicesEqualWithoutOrder check for equality on slices without order

func CreateRole ¶

func CreateRole(gcpClient ccgcp.Client, permissions []string, roleName, roleID, roleDescription, projectName string) (*iamadminpb.Role, error)

CreateRole creates a new role given permissions

func CreateServiceAccount ¶

func CreateServiceAccount(gcpClient ccgcp.Client, svcAcctID, svcAcctName, svcAcctDescription, projectName string) (*iamadminpb.ServiceAccount, error)

func DeleteRole ¶

func DeleteRole(gcpClient ccgcp.Client, roleName string) (*iamadminpb.Role, error)

DeleteRole deletes the role created to satisfy a credentials request

func DeleteServiceAccount ¶

func DeleteServiceAccount(gcpClient ccgcp.Client, svcAcct *iamadminpb.ServiceAccount) error

func EnsurePolicyBindingsForProject ¶

func EnsurePolicyBindingsForProject(rootClient ccgcp.Client, roles []string, member string) error

EnsurePolicyBindingsForProject ensures that given roles and member, appropriate binding is added to project

func EnsurePolicyBindingsForServiceAccount ¶

func EnsurePolicyBindingsForServiceAccount(rootClient ccgcp.Client, svcAcct *iamadminpb.ServiceAccount, roles []string, member string) error

EnsurePolicyBindingsForServiceAccount ensures that given roles and member, appropriate binding is added to IAM service account

func GenerateRoleID ¶

func GenerateRoleID(infraName string, crName string) (string, error)

GenerateRoleID generates a unique ID for the role given infra name and credentials request name. The role ID has a max length of 64 chars and can include only letters, numbers, period and underscores we sanitize infraName and crName to make them alphanumeric and then split role ID into 29_28_5 where the resulting string becomes: <infraName chopped to 29 chars>_<crName chopped to 28 chars>_<random 5 chars>

func GetRole ¶

func GetRole(gcpClient ccgcp.Client, roleID, projectName string) (*iamadminpb.Role, error)

GetRole fetches the role created to satisfy a credentials request

func GetServiceAccount ¶

func GetServiceAccount(gcpClient ccgcp.Client, svcAcctID string) (*iamadminpb.ServiceAccount, error)

func RemovePolicyBindingsForProject ¶

func RemovePolicyBindingsForProject(gcpClient ccgcp.Client, memberName string) error

RemovePolicyBindingsForProject ensures that given member, all the associated bindings for that member are removed from the project policy

func ServiceAccountBindingName ¶

func ServiceAccountBindingName(svcAccount *iamadminpb.ServiceAccount) string

func UpdateRole ¶

func UpdateRole(gcpClient ccgcp.Client, role *iamadminpb.Role, roleName string) (*iamadminpb.Role, error)

UpdateRole updates an existing role given permissions

Types ¶

type Actuator ¶

type Actuator struct {
	ProjectName      string
	Client           client.Client
	Codec            *minterv1.ProviderCodec
	GCPClientBuilder func(string, []byte) (ccgcp.Client, error)
}

Actuator implements the CredentialsRequest Actuator interface to create credentials for GCP.

func NewActuator ¶

func NewActuator(c client.Client, projectName string) (*Actuator, error)

NewActuator initializes and returns a new Actuator for GCP.

func (*Actuator) Create ¶

func (a *Actuator) Create(ctx context.Context, cr *minterv1.CredentialsRequest) error

Create the credentials.

func (*Actuator) Delete ¶

func (a *Actuator) Delete(ctx context.Context, cr *minterv1.CredentialsRequest) error

Delete the credentials. If no error returned, it is assumed that all dependent resources have been cleaned up.

func (*Actuator) Exists ¶

func (a *Actuator) Exists(ctx context.Context, cr *minterv1.CredentialsRequest) (bool, error)

Exists checks if the credentials currently exist.

To do this we will check if the target secret exists. This call is only used to determine if we're doing a Create or an Update, but in the context of this acutator it makes no difference. As such we will not check if the service account exists in GCP and is correctly configured as this will all be handled in both Create and Update.

func (*Actuator) GetCredentialsRootSecret ¶

func (a *Actuator) GetCredentialsRootSecret(ctx context.Context, cr *minterv1.CredentialsRequest) (*corev1.Secret, error)

GetCredentialsRootSecret will return the cluster's root GCP cloud cred secret if it exists and is properly annotated

func (*Actuator) GetCredentialsRootSecretLocation ¶

func (a *Actuator) GetCredentialsRootSecretLocation() types.NamespacedName

GetCredentialsRootSecretLocation returns the namespace and name where the parent credentials secret is stored.

func (*Actuator) Update ¶

func (a *Actuator) Update(ctx context.Context, cr *minterv1.CredentialsRequest) error

Update the credentials to the provided definition.

func (*Actuator) Upgradeable ¶

func (a *Actuator) Upgradeable(mode operatorv1.CloudCredentialsMode) *configv1.ClusterOperatorStatusCondition

Upgradeable returns a ClusterOperator status condition for the upgradeable type if the system is considered not upgradeable. Otherwise, return nil as the default value is for things to be upgradeable.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL