Documentation ¶
Index ¶
- Constants
- func AnnotateObject(obj client.Object, namespace string)
- func ConditionMarshal(conditions []metav1.Condition) ([]byte, error)
- func DecodeFile(ctx context.Context, fileData []byte, scheme *runtime.Scheme, ...) error
- func DeleteKuadrantAnnotationFromGateway(gw *gatewayapiv1.Gateway, namespace string)
- func Filter[T any](slice []T, f func(T) bool) []T
- func FilterValidSubdomains(domains, subdomains []gatewayapiv1.Hostname) []gatewayapiv1.Hostname
- func Find[T any](slice []T, match func(T) bool) (*T, bool)
- func FindAuthorinoStatusCondition(conditions []authorinov1beta1.Condition, conditionType string) *authorinov1beta1.Condition
- func FindDeploymentStatusCondition(conditions []appsv1.DeploymentCondition, conditionType string) *appsv1.DeploymentCondition
- func FindObjectKey(a []client.ObjectKey, x client.ObjectKey) int
- func GetEmptySliceIfNil[T any](val []T) []T
- func GetGatewayWorkloadSelector(ctx context.Context, cli client.Client, gateway *gatewayapiv1.Gateway) (map[string]string, error)
- func GetKuadrantNamespace(obj client.Object) (string, error)
- func GetKuadrantNamespaceFromPolicy(policy KuadrantPolicy) (string, bool)
- func GetKuadrantNamespaceFromPolicyTargetRef(ctx context.Context, cli client.Client, policy KuadrantPolicy) (string, error)
- func GetService(ctx context.Context, k8sClient client.Client, serviceKey client.ObjectKey) (*corev1.Service, error)
- func GetServicePortNumber(ctx context.Context, k8sClient client.Client, serviceKey client.ObjectKey, ...) (int32, error)
- func GetServiceWorkloadSelector(ctx context.Context, k8sClient client.Client, serviceKey client.ObjectKey) (map[string]string, error)
- func HTTPHeaderMatchToString(header gatewayapiv1.HTTPHeaderMatch) string
- func HTTPMethodToString(method *gatewayapiv1.HTTPMethod) string
- func HTTPPathMatchToString(path *gatewayapiv1.HTTPPathMatch) string
- func HTTPQueryParamMatchToString(queryParam gatewayapiv1.HTTPQueryParamMatch) string
- func HTTPRouteMatchToString(match gatewayapiv1.HTTPRouteMatch) string
- func HTTPRouteRuleToString(rule gatewayapiv1.HTTPRouteRule) string
- func HasKuadrantAuthorizer(configWrapper ConfigWrapper, authorizer KuadrantAuthorizer) (bool, error)
- func HostnamesFromHTTPRoute(ctx context.Context, route *gatewayapiv1.HTTPRoute, cli client.Client) ([]string, error)
- func HostnamesToStrings(hostnames []gatewayapiv1.Hostname) []string
- func Intersect[T comparable](slice1, slice2 []T) bool
- func Intersection[T comparable](slice1, slice2 []T) []T
- func IsHTTPRouteAccepted(httpRoute *gatewayapiv1.HTTPRoute) bool
- func IsKuadrantManaged(obj client.Object) bool
- func IsObjectTaggedToDelete(obj client.Object) bool
- func IsOwnedBy(owned, owner client.Object) bool
- func IsTargetRefGateway(targetRef gatewayapiv1alpha2.PolicyTargetReference) bool
- func IsTargetRefHTTPRoute(targetRef gatewayapiv1alpha2.PolicyTargetReference) bool
- func IstioWorkloadSelectorFromGateway(ctx context.Context, k8sClient client.Client, gateway *gatewayapiv1.Gateway) *istiocommon.WorkloadSelector
- func Map[T, U any](slice []T, f func(T) U) []U
- func MergeMapStringString(existing *map[string]string, desired map[string]string) bool
- func NamespacedNameToObjectKey(namespacedName, defaultNamespace string) client.ObjectKey
- func ObjectInfo(obj client.Object) string
- func ObjectKeyListDifference(a, b []client.ObjectKey) []client.ObjectKey
- func ReadAnnotationsFromObject(obj client.Object) map[string]string
- func RegisterKuadrantAuthorizer(configWrapper ConfigWrapper, authorizer Authorizer) error
- func RouteHTTPMethodToRuleMethod(httpMethod *gatewayapiv1.HTTPMethod) []string
- func RouteHostnames(route *gatewayapiv1.HTTPRoute) []string
- func SameElements[T comparable](s1, s2 []T) bool
- func StatusConditionsMarshalJSON(input []metav1.Condition) ([]byte, error)
- func TagObjectToDelete(obj client.Object)
- func TargetHostnames(targetNetworkObject client.Object) ([]string, error)
- func UnMarshallLimitNamespace(ns string) (client.ObjectKey, string, error)
- func UnMarshallObjectKey(keyStr string) (client.ObjectKey, error)
- func UnregisterKuadrantAuthorizer(configWrapper ConfigWrapper, authorizer Authorizer) error
- func ValidSubdomains(domains, subdomains []string) (bool, string)
- func ValidateHierarchicalRules(policy KuadrantPolicy, targetNetworkObject client.Object) error
- type Authorizer
- type ConfigWrapper
- type DecodeCallback
- type GatewayWrapper
- func GatewaysMissingPolicyRef(gwList *gatewayapiv1.GatewayList, policyKey client.ObjectKey, ...) []GatewayWrapper
- func GatewaysWithInvalidPolicyRef(gwList *gatewayapiv1.GatewayList, policyKey client.ObjectKey, ...) []GatewayWrapper
- func GatewaysWithValidPolicyRef(gwList *gatewayapiv1.GatewayList, policyKey client.ObjectKey, ...) []GatewayWrapper
- func (g GatewayWrapper) AddPolicy(policyKey client.ObjectKey) bool
- func (g GatewayWrapper) ContainsPolicy(policyKey client.ObjectKey) bool
- func (g GatewayWrapper) DeletePolicy(policyKey client.ObjectKey) bool
- func (g GatewayWrapper) Hostnames() []gatewayapiv1.Hostname
- func (g GatewayWrapper) Key() client.ObjectKey
- func (g GatewayWrapper) PolicyRefs() []client.ObjectKey
- type GatewayWrapperList
- type HTTPRouteRule
- type HTTPRouteRuleSelector
- type KuadrantAuthPolicyRefsConfig
- type KuadrantAuthorizer
- type KuadrantPolicy
- type KuadrantPolicyList
- type KuadrantRateLimitPolicyRefsConfig
- type Name
- type PolicyRefsConfig
Constants ¶
const ( KuadrantRateLimitClusterName = "kuadrant-rate-limiting-service" RateLimitPoliciesBackRefAnnotation = "kuadrant.io/ratelimitpolicies" RateLimitPolicyBackRefAnnotation = "kuadrant.io/ratelimitpolicy" AuthPoliciesBackRefAnnotation = "kuadrant.io/authpolicies" AuthPolicyBackRefAnnotation = "kuadrant.io/authpolicy" KuadrantNamespaceLabel = "kuadrant.io/namespace" NamespaceSeparator = '/' LimitadorName = "limitador" )
TODO: move the const to a proper place, or get it from config
const (
DeleteTagAnnotation = "kuadrant.io/delete"
)
const (
ExtAuthorizerName = "kuadrant-authorization"
)
const GatewayProgrammedConditionType = "Programmed"
Variables ¶
This section is empty.
Functions ¶
func AnnotateObject ¶ added in v0.2.0
func ConditionMarshal ¶
ConditionMarshal marshals the set of conditions as a JSON array, sorted by condition type.
func DecodeFile ¶
func DecodeFile(ctx context.Context, fileData []byte, scheme *runtime.Scheme, cb DecodeCallback) error
DecodeFile decodes the provided file data (encoded YAML documents) into Kubernetes objects using the specified scheme, and invokes the callback function for each decoded object. Returns an error if any decoding error occurs.
func DeleteKuadrantAnnotationFromGateway ¶ added in v0.2.0
func DeleteKuadrantAnnotationFromGateway(gw *gatewayapiv1.Gateway, namespace string)
func Filter ¶ added in v0.4.0
Filter filters the input slice using the given predicate function and returns a new slice with the results.
func FilterValidSubdomains ¶ added in v0.4.0
func FilterValidSubdomains(domains, subdomains []gatewayapiv1.Hostname) []gatewayapiv1.Hostname
FilterValidSubdomains returns every subdomain that is a subset of at least one of the (super) domains specified in the first argument.
func FindAuthorinoStatusCondition ¶
func FindAuthorinoStatusCondition(conditions []authorinov1beta1.Condition, conditionType string) *authorinov1beta1.Condition
func FindDeploymentStatusCondition ¶
func FindDeploymentStatusCondition(conditions []appsv1.DeploymentCondition, conditionType string) *appsv1.DeploymentCondition
func FindObjectKey ¶ added in v0.2.0
FindObjectKey returns the smallest index i at which x == a[i], or len(a) if there is no such index.
func GetEmptySliceIfNil ¶ added in v0.3.0
func GetEmptySliceIfNil[T any](val []T) []T
GetEmptySliceIfNil returns a provided slice, or an empty slice of the same type if the input slice is nil.
func GetGatewayWorkloadSelector ¶ added in v0.3.0
func GetKuadrantNamespace ¶ added in v0.2.0
func GetKuadrantNamespaceFromPolicy ¶ added in v0.4.0
func GetKuadrantNamespaceFromPolicy(policy KuadrantPolicy) (string, bool)
func GetKuadrantNamespaceFromPolicyTargetRef ¶ added in v0.4.0
func GetService ¶ added in v0.3.0
func GetServicePortNumber ¶ added in v0.2.0
func GetServicePortNumber(ctx context.Context, k8sClient client.Client, serviceKey client.ObjectKey, servicePort string) (int32, error)
GetServicePortNumber returns the port number from the referenced key and port info the port info can be named port or already a number.
func GetServiceWorkloadSelector ¶ added in v0.3.0
func HTTPHeaderMatchToString ¶ added in v0.4.0
func HTTPHeaderMatchToString(header gatewayapiv1.HTTPHeaderMatch) string
func HTTPMethodToString ¶ added in v0.4.0
func HTTPMethodToString(method *gatewayapiv1.HTTPMethod) string
func HTTPPathMatchToString ¶ added in v0.4.0
func HTTPPathMatchToString(path *gatewayapiv1.HTTPPathMatch) string
func HTTPQueryParamMatchToString ¶ added in v0.4.0
func HTTPQueryParamMatchToString(queryParam gatewayapiv1.HTTPQueryParamMatch) string
func HTTPRouteMatchToString ¶ added in v0.4.0
func HTTPRouteMatchToString(match gatewayapiv1.HTTPRouteMatch) string
func HTTPRouteRuleToString ¶ added in v0.4.0
func HTTPRouteRuleToString(rule gatewayapiv1.HTTPRouteRule) string
HTTPRouteRuleToString prints the matches of a HTTPRouteRule as string
func HasKuadrantAuthorizer ¶ added in v0.4.0
func HasKuadrantAuthorizer(configWrapper ConfigWrapper, authorizer KuadrantAuthorizer) (bool, error)
HasKuadrantAuthorizer returns true if the IstioOperator has the Kuadrant ExtensionProvider
func HostnamesFromHTTPRoute ¶ added in v0.4.0
func HostnamesFromHTTPRoute(ctx context.Context, route *gatewayapiv1.HTTPRoute, cli client.Client) ([]string, error)
HostnamesFromHTTPRoute returns an array of all hostnames specified in a HTTPRoute or inherited from its parent Gateways
func HostnamesToStrings ¶ added in v0.2.0
func HostnamesToStrings(hostnames []gatewayapiv1.Hostname) []string
HostnamesToStrings converts []gatewayapiv1.Hostname to []string
func Intersect ¶ added in v0.4.0
func Intersect[T comparable](slice1, slice2 []T) bool
func Intersection ¶ added in v0.4.0
func Intersection[T comparable](slice1, slice2 []T) []T
func IsHTTPRouteAccepted ¶ added in v0.3.1
func IsHTTPRouteAccepted(httpRoute *gatewayapiv1.HTTPRoute) bool
func IsKuadrantManaged ¶ added in v0.2.0
func IsObjectTaggedToDelete ¶
IsObjectTaggedToDelete checks if the given object is tagged for deletion. It looks for the DeleteTagAnnotation in the object's annotations and returns true if the annotation value is set to "true", false otherwise.
func IsOwnedBy ¶
IsOwnedBy checks if the provided owned object is owned by the given owner object. Ownership is determined based on matching the owner reference's group, kind, and name. The version of the owner reference is not checked in this implementation. Returns true if the owned object is owned by the owner object, false otherwise.
func IsTargetRefGateway ¶ added in v0.2.0
func IsTargetRefGateway(targetRef gatewayapiv1alpha2.PolicyTargetReference) bool
func IsTargetRefHTTPRoute ¶ added in v0.2.0
func IsTargetRefHTTPRoute(targetRef gatewayapiv1alpha2.PolicyTargetReference) bool
func IstioWorkloadSelectorFromGateway ¶ added in v0.3.0
func IstioWorkloadSelectorFromGateway(ctx context.Context, k8sClient client.Client, gateway *gatewayapiv1.Gateway) *istiocommon.WorkloadSelector
func Map ¶ added in v0.3.0
func Map[T, U any](slice []T, f func(T) U) []U
Map applies the given mapper function to each element in the input slice and returns a new slice with the results.
func MergeMapStringString ¶ added in v0.2.0
MergeMapStringString Merge desired into existing. Not Thread-Safe. Does it matter?
func NamespacedNameToObjectKey ¶ added in v0.2.0
NamespacedNameToObjectKey converts <namespace/name> format string to k8s object key. It's common for K8s to reference an object using this format. For e.g. gateways in VirtualService.
func ObjectInfo ¶
ObjectInfo generates a string representation of the provided Kubernetes object, including its kind and name. The generated string follows the format: "kind/name".
func ObjectKeyListDifference ¶
ObjectKeyListDifference computest a - b
func ReadAnnotationsFromObject ¶ added in v0.3.0
ReadAnnotationsFromObject reads the annotations from a Kubernetes object and returns them as a map. If the object has no annotations, it returns an empty map.
func RegisterKuadrantAuthorizer ¶ added in v0.4.0
func RegisterKuadrantAuthorizer(configWrapper ConfigWrapper, authorizer Authorizer) error
RegisterKuadrantAuthorizer adds the Kuadrant ExtensionProvider to the IstioOperator
func RouteHTTPMethodToRuleMethod ¶ added in v0.2.0
func RouteHTTPMethodToRuleMethod(httpMethod *gatewayapiv1.HTTPMethod) []string
func RouteHostnames ¶ added in v0.2.0
func RouteHostnames(route *gatewayapiv1.HTTPRoute) []string
func SameElements ¶ added in v0.4.0
func SameElements[T comparable](s1, s2 []T) bool
SameElements checks if the two slices contain the exact same elements. Order does not matter.
func StatusConditionsMarshalJSON ¶ added in v0.2.0
StatusConditionsMarshalJSON marshals the list of conditions as a JSON array, sorted by condition type.
func TagObjectToDelete ¶
TagObjectToDelete adds a special DeleteTagAnnotation to the object's annotations. If the object's annotations are nil, it first initializes the Annotations field with an empty map.
func TargetHostnames ¶ added in v0.3.0
TargetHostnames returns an array of hostnames coming from the network object (HTTPRoute, Gateway)
func UnMarshallLimitNamespace ¶ added in v0.2.0
UnMarshallLimitNamespace parses limit namespace with format "gwNS/gwName#domain"
func UnMarshallObjectKey ¶ added in v0.2.0
UnMarshallObjectKey takes a string input and converts it into an ObjectKey struct that can be used to access a specific Kubernetes object. The input string is expected to be in the format "namespace/name". If the input string does not contain a NamespaceSeparator (typically '/') or has too few components, this function returns an error.
func UnregisterKuadrantAuthorizer ¶ added in v0.4.0
func UnregisterKuadrantAuthorizer(configWrapper ConfigWrapper, authorizer Authorizer) error
UnregisterKuadrantAuthorizer removes the Kuadrant ExtensionProvider from the IstioOperator
func ValidSubdomains ¶ added in v0.2.0
ValidSubdomains returns (true, "") when every single subdomains item is a subset of at least one of the domains. Domains and subdomains may be prefixed with a wildcard label (*.). The wildcard label must appear by itself as the first label. When one of the subdomains is not a subset of the domains, it returns false and the subdomain not being subset of the domains
func ValidateHierarchicalRules ¶ added in v0.3.0
func ValidateHierarchicalRules(policy KuadrantPolicy, targetNetworkObject client.Object) error
ValidateHierarchicalRules returns error if the policy rules hostnames fail to match the target network hosts
Types ¶
type Authorizer ¶ added in v0.4.0
type Authorizer interface {
GetExtensionProvider() *istiomeshv1alpha1.MeshConfig_ExtensionProvider
}
type ConfigWrapper ¶ added in v0.4.0
type ConfigWrapper interface { GetConfigObject() client.Object GetMeshConfig() (*istiomeshv1alpha1.MeshConfig, error) SetMeshConfig(*istiomeshv1alpha1.MeshConfig) error }
type DecodeCallback ¶
type GatewayWrapper ¶ added in v0.3.0
type GatewayWrapper struct { *gatewayapiv1.Gateway PolicyRefsConfig }
GatewayWrapper wraps a Gateway API Gateway adding methods and configs to manage policy references in annotations
func GatewaysMissingPolicyRef ¶ added in v0.3.0
func GatewaysMissingPolicyRef(gwList *gatewayapiv1.GatewayList, policyKey client.ObjectKey, policyGwKeys []client.ObjectKey, config PolicyRefsConfig) []GatewayWrapper
func GatewaysWithInvalidPolicyRef ¶ added in v0.3.0
func GatewaysWithInvalidPolicyRef(gwList *gatewayapiv1.GatewayList, policyKey client.ObjectKey, policyGwKeys []client.ObjectKey, config PolicyRefsConfig) []GatewayWrapper
func GatewaysWithValidPolicyRef ¶ added in v0.3.0
func GatewaysWithValidPolicyRef(gwList *gatewayapiv1.GatewayList, policyKey client.ObjectKey, policyGwKeys []client.ObjectKey, config PolicyRefsConfig) []GatewayWrapper
func (GatewayWrapper) AddPolicy ¶ added in v0.3.0
func (g GatewayWrapper) AddPolicy(policyKey client.ObjectKey) bool
AddPolicy tries to add a policy to the existing ref list. Returns true if policy was added, false otherwise
func (GatewayWrapper) ContainsPolicy ¶ added in v0.3.0
func (g GatewayWrapper) ContainsPolicy(policyKey client.ObjectKey) bool
func (GatewayWrapper) DeletePolicy ¶ added in v0.3.0
func (g GatewayWrapper) DeletePolicy(policyKey client.ObjectKey) bool
DeletePolicy tries to delete a policy from the existing ref list. Returns true if the policy was deleted, false otherwise
func (GatewayWrapper) Hostnames ¶ added in v0.3.0
func (g GatewayWrapper) Hostnames() []gatewayapiv1.Hostname
Hostnames builds a list of hostnames from the listeners.
func (GatewayWrapper) Key ¶ added in v0.3.0
func (g GatewayWrapper) Key() client.ObjectKey
func (GatewayWrapper) PolicyRefs ¶ added in v0.3.0
func (g GatewayWrapper) PolicyRefs() []client.ObjectKey
type GatewayWrapperList ¶ added in v0.4.0
type GatewayWrapperList []GatewayWrapper
GatewayWrapperList is a list of GatewayWrappers that implements sort.Interface
func (GatewayWrapperList) Len ¶ added in v0.4.0
func (g GatewayWrapperList) Len() int
func (GatewayWrapperList) Less ¶ added in v0.4.0
func (g GatewayWrapperList) Less(i, j int) bool
func (GatewayWrapperList) Swap ¶ added in v0.4.0
func (g GatewayWrapperList) Swap(i, j int)
type HTTPRouteRule ¶ added in v0.2.0
func RulesFromHTTPRoute ¶ added in v0.2.0
func RulesFromHTTPRoute(route *gatewayapiv1.HTTPRoute) []HTTPRouteRule
RulesFromHTTPRoute computes a list of rules from the HTTPRoute object
type HTTPRouteRuleSelector ¶ added in v0.4.0
type HTTPRouteRuleSelector struct {
*gatewayapiv1.HTTPRouteMatch
}
func (*HTTPRouteRuleSelector) Selects ¶ added in v0.4.0
func (s *HTTPRouteRuleSelector) Selects(rule gatewayapiv1.HTTPRouteRule) bool
type KuadrantAuthPolicyRefsConfig ¶ added in v0.3.0
type KuadrantAuthPolicyRefsConfig struct{}
func (*KuadrantAuthPolicyRefsConfig) PolicyRefsAnnotation ¶ added in v0.3.0
func (c *KuadrantAuthPolicyRefsConfig) PolicyRefsAnnotation() string
type KuadrantAuthorizer ¶ added in v0.4.0
type KuadrantAuthorizer struct {
// contains filtered or unexported fields
}
func NewKuadrantAuthorizer ¶ added in v0.4.0
func NewKuadrantAuthorizer(namespace string) *KuadrantAuthorizer
NewKuadrantAuthorizer Creates a new KuadrantAuthorizer
func (*KuadrantAuthorizer) GetExtensionProvider ¶ added in v0.4.0
func (k *KuadrantAuthorizer) GetExtensionProvider() *istiomeshv1alpha1.MeshConfig_ExtensionProvider
GetExtensionProvider Returns the Istio MeshConfig ExtensionProvider for Kuadrant
type KuadrantPolicy ¶ added in v0.2.0
type KuadrantPolicy interface { client.Object GetTargetRef() gatewayapiv1alpha2.PolicyTargetReference GetWrappedNamespace() gatewayapiv1.Namespace GetRulesHostnames() []string }
type KuadrantPolicyList ¶ added in v0.4.0
type KuadrantPolicyList interface {
GetItems() []KuadrantPolicy
}
type KuadrantRateLimitPolicyRefsConfig ¶ added in v0.3.0
type KuadrantRateLimitPolicyRefsConfig struct{}
func (*KuadrantRateLimitPolicyRefsConfig) PolicyRefsAnnotation ¶ added in v0.3.0
func (c *KuadrantRateLimitPolicyRefsConfig) PolicyRefsAnnotation() string
type Name ¶ added in v0.2.0
type Name string
Name describes a (possibly wildcarded) hostname
func (Name) IsWildCarded ¶ added in v0.2.0
type PolicyRefsConfig ¶ added in v0.3.0
type PolicyRefsConfig interface {
PolicyRefsAnnotation() string
}