Documentation
¶
Index ¶
- Constants
- func AddControllerToManager(logger logging.Logger, mgr manager.Manager, ...) error
- func CreateSubjectsForSubjectList(ctx context.Context, subjectList *lssv1alpha1.SubjectList) []rbacv1.Subject
- func CreateViewerSubjectsForSubjectList(ctx context.Context, subjectList *lssv1alpha1.SubjectList) []rbacv1.Subject
- func NewController(logger logging.Logger, c client.Client, scheme *runtime.Scheme, ...) (reconcile.Reconciler, error)
- func UpdateRoleBindingSubjects(ctx context.Context, cl client.Client, binding *rbacv1.RoleBinding, ...) error
- type ClusterRoleDefinition
- func (r *ClusterRoleDefinition) CreateOrUpdateClusterRole(ctx context.Context, cl client.Client) error
- func (r *ClusterRoleDefinition) CreateOrUpdateClusterRoleBinding(ctx context.Context, cl client.Client, subjects []rbacv1.Subject) error
- func (r *ClusterRoleDefinition) PolicyRules() []rbacv1.PolicyRule
- type Controller
- type RoleDefinition
- func (r *RoleDefinition) CreateOrUpdateRole(ctx context.Context, cl client.Client) error
- func (r *RoleDefinition) CreateOrUpdateRoleBinding(ctx context.Context, cl client.Client, subjects []rbacv1.Subject) error
- func (r *RoleDefinition) CreateRoleBindingWithoutSubjectsIfNotExist(ctx context.Context, cl client.Client) error
- func (r *RoleDefinition) DeleteRole(ctx context.Context, cl client.Client) error
- func (r *RoleDefinition) DeleteRoleBinding(ctx context.Context, cl client.Client) error
- func (r *RoleDefinition) PolicyRules() []rbacv1.PolicyRule
Constants ¶
View Source
const ( // USER_CLUSTER_ROLE is the cluster-wide admin role USER_CLUSTER_ROLE = "landscaper-service:namespace-registrator" USER_CLUSTER_ROLE_BINDING = "landscaper-service:namespace-registrator" // LS_USER_ROLE_IN_NAMESPACE is the admin role for namespace "ls-user" LS_USER_ROLE_IN_NAMESPACE = "landscaper-service:namespace-registrator" LS_USER_ROLE_BINDING_IN_NAMESPACE = "landscaper-service:namespace-registrator" // USER_ROLE_IN_NAMESPACE is the admin role for registered customer namespaces USER_ROLE_IN_NAMESPACE = "landscaper-service:landscaper-user" USER_ROLE_BINDING_IN_NAMESPACE = "landscaper-service:landscaper-user" // VIEWER_CLUSTER_ROLE is the cluster-wide viewer role VIEWER_CLUSTER_ROLE = "landscaper-service:landscaper-cluster-viewer" VIEWER_CLUSTER_ROLE_BINDING = "landscaper-service:landscaper-cluster-viewer" // VIEWER_ROLE_IN_NAMESPACE is the viewer role for registered customer namespaces VIEWER_ROLE_IN_NAMESPACE = "landscaper-service:landscaper-viewer" VIEWER_ROLE_BINDING_IN_NAMESPACE = "landscaper-service:landscaper-viewer" SUBJECT_LIST_NAME = "subjects" LS_USER_NAMESPACE = "ls-user" SUBJECT_LIST_ENTRY_USER = "User" SUBJECT_LIST_ENTRY_GROUP = "Group" SUBJECT_LIST_ENTRY_SERVICE_ACCOUNT = "ServiceAccount" CUSTOM_NS_PREFIX = "cu-" )
Variables ¶
This section is empty.
Functions ¶
func AddControllerToManager ¶
func AddControllerToManager(logger logging.Logger, mgr manager.Manager, config *config.TargetShootSidecarConfiguration) error
AddControllerToManager adds the SubjectList Controller to the manager
func CreateSubjectsForSubjectList ¶
func CreateSubjectsForSubjectList(ctx context.Context, subjectList *lssv1alpha1.SubjectList) []rbacv1.Subject
CreateSubjectsForSubjectList converts the subjects of the SubjectList custom resource into rbac subjects.
func CreateViewerSubjectsForSubjectList ¶
func CreateViewerSubjectsForSubjectList(ctx context.Context, subjectList *lssv1alpha1.SubjectList) []rbacv1.Subject
CreateViewerSubjectsForSubjectList converts the viewer subjects of the SubjectList into rbac subjects.
func NewController ¶
Types ¶
type ClusterRoleDefinition ¶
type ClusterRoleDefinition struct {
// contains filtered or unexported fields
}
func GetUserClusterRoleDefinition ¶
func GetUserClusterRoleDefinition() *ClusterRoleDefinition
func GetViewerClusterRoleDefinition ¶
func GetViewerClusterRoleDefinition() *ClusterRoleDefinition
func (*ClusterRoleDefinition) CreateOrUpdateClusterRole ¶
func (*ClusterRoleDefinition) CreateOrUpdateClusterRoleBinding ¶
func (*ClusterRoleDefinition) PolicyRules ¶
func (r *ClusterRoleDefinition) PolicyRules() []rbacv1.PolicyRule
type Controller ¶
type Controller struct {
operation.TargetShootSidecarOperation
ReconcileFunc func(ctx context.Context, subjectList *lssv1alpha1.SubjectList) (reconcile.Result, error)
// contains filtered or unexported fields
}
func NewTestActuator ¶
func NewTestActuator(op operation.TargetShootSidecarOperation, logger logging.Logger) *Controller
NewTestActuator creates a new controller for testing purposes.
type RoleDefinition ¶
type RoleDefinition struct {
// contains filtered or unexported fields
}
func GetLsUserRoleDefinition ¶
func GetLsUserRoleDefinition() *RoleDefinition
GetLsUserRoleDefinition defines the admin role for the "ls-user" namespace.
func GetUserRoleDefinition ¶
func GetUserRoleDefinition(namespace string) *RoleDefinition
GetUserRoleDefinition defines the admin role for a customer namespace generated from a NamespaceRegistration.
func GetViewerRoleDefinition ¶
func GetViewerRoleDefinition(namespace string) *RoleDefinition
GetViewerRoleDefinition defines the viewer role for a customer namespace generated from a NamespaceRegistration.
func (*RoleDefinition) CreateOrUpdateRole ¶
func (*RoleDefinition) CreateOrUpdateRoleBinding ¶
func (*RoleDefinition) CreateRoleBindingWithoutSubjectsIfNotExist ¶
func (*RoleDefinition) DeleteRole ¶
func (*RoleDefinition) DeleteRoleBinding ¶
func (*RoleDefinition) PolicyRules ¶
func (r *RoleDefinition) PolicyRules() []rbacv1.PolicyRule
Source Files
Click to show internal directories.
Click to hide internal directories.