bindings

package
v0.0.0-...-8340aad Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 24, 2024 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultMaxClientCacheTTL = 30 * time.Second
)

Variables

View Source 
var DependentsInconsistencyError = stderrors.New("inconsistency detected when deploying dependent objects")
View Source 
var (
	ErrorInvalidClientConfig = errors.New("invalid k8s client configuration")
)
View Source 
var (
	SecretDataNotFoundError = errors.New("data not found")
)

Functions

func NameCorresponds 

func NameCorresponds(actualName, specificName, generateName string) bool

NameCorresponds is a simple helper function to figure out whether the provided `actualName` can be a name of an K8s object with the provided `specificName` (`metadata.name`) or `generateName` (`metadata.generateName`).

The equality of the actualName with the specificName is determined first and only then the generateName is considered. This is to conform with the behavior of the cluster (https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/).

Types

type CachingClientFactory 

type CachingClientFactory struct {
	// LocalCluster provides the client and configuration for connecting to the local cluster
	LocalCluster LocalClusterConnectionDetails
	// ClientConfigurationInitializer is given the opportunity to configure the rest configuration and client options before
	// the client is created in the factory.
	ClientConfigurationInitializer func(cfg *rest.Config, opts *client.Options)

	// MaxClientCacheTTL is the duration after which the cached clients time out and need to be re-initialized. This is
	// necessary for optimizing the memory consumption versus the performance of the clients.
	MaxClientCacheTTL time.Duration
	// contains filtered or unexported fields
}

func (*CachingClientFactory) GetClient 

func (cf *CachingClientFactory) GetClient(ctx context.Context, currentNamespace string, targetSpec *api.RemoteSecretTarget, targetStatus *api.TargetStatus) (client.Client, error)

func (*CachingClientFactory) ServiceAccountChanged 

func (cf *CachingClientFactory) ServiceAccountChanged(sa client.ObjectKey)

type CheckPoint 

type CheckPoint struct {
	// contains filtered or unexported fields
}

CheckPoint is an opaque struct representing the state of the dependent objects at some point in time. It can be used in the DependentsHandler.RevertTo method to delete the secret/service accounts from the cluster that have been created after an instance of this struct has been returned from the DependentsHandler.CheckPoint method.

type ClientFactory 

type ClientFactory interface {
	// GetClient returns a client that can be used to deploy to a target described by the targetSpec and targetStatus from a remote secret in the provided namespace
	GetClient(ctx context.Context, currentNamespace string, targetSpec *api.RemoteSecretTarget, targetStatus *api.TargetStatus) (client.Client, error)
	// ServiceAccountChanged signals to the client factory that the service account changed. The client factory might react by revoking the client associated with
	// the service account from a cache, if any, etc.
	ServiceAccountChanged(sa client.ObjectKey)
}

ClientFactory is a helper interface for the RemoteSecretReconciler that creates clients that are able to deploy to remote secret targets. The default (and only) implementation is the CachingClientFactory but is hidden behind an interface so that this can be mocked out in the tests.

type Dependents 

type Dependents struct {
	Secret          *corev1.Secret
	ServiceAccounts []*corev1.ServiceAccount
}

Dependents represent the secret and the list of the service accounts that are linked to a deployment target of a dependents handler.

type DependentsHandler 

type DependentsHandler[K any] struct {
	Target           SecretDeploymentTarget
	SecretDataGetter SecretDataGetter[K]
	ObjectMarker     ObjectMarker
}

DependentsHandler is taking care of the dependent objects of the provided target.

func (*DependentsHandler[K]) CheckPoint 

func (d *DependentsHandler[K]) CheckPoint(ctx context.Context) (*CheckPoint, error)

CheckPoint creates an instance of CheckPoint struct that captures the secret name and the list of known service account names from the deployment target associated with the DependentsHandler. This can later be used to revert back to that state again. See RevertTo for more details.

func (*DependentsHandler[K]) Cleanup 

func (d *DependentsHandler[K]) Cleanup(ctx context.Context) error

func (*DependentsHandler[K]) RevertTo 

func (d *DependentsHandler[K]) RevertTo(ctx context.Context, checkPoint *CheckPoint) error

RevertTo reverts the reconciliation "transaction". I.e. this should be called after Sync in case the subsequent steps in the reconciliation fail and the operator needs to revert the changes made in sync so that the changes remain idempotent. The provided checkpoint represents the state obtained from the DependentsHandler.Target prior to making any changes by Sync(). Note that currently this method is only able to delete secrets/service accounts that should not be in the cluster. It cannot "undelete" what has been deleted from the cluster. That should be OK though because we don't delete stuff during the Sync call.

func (*DependentsHandler[K]) Sync 

func (d *DependentsHandler[K]) Sync(ctx context.Context, dataKey K) (*Dependents, string, error)

type ErrorReason 

type ErrorReason string
const (
	ErrorReasonNone ErrorReason = ""

	// XXX: note that this used to be used as:
	// - api.SPIAccessTokenBindingErrorReasonTokenSync originally in secretHandler.Sync
	ErrorReasonSecretUpdate ErrorReason = "SecretUpdate"
	// XXX: note that this used to be used as:
	// - api.SPIAccessTokenBindingErrorReasonServiceAccountUnavailable in ensureReferencedServiceAccount -> serviceAccountHandler.Sync
	ErrorReasonServiceAccountUnavailable ErrorReason = "ServiceAccountUnavailable"
	// XXX: note that this used to be used as:
	// - api.SPIAccessTokenBindingErrorReasonServiceAccountUpdate in ensureReferencedServiceAccount -> serviceAccountHandler.Sync
	// - api.SPIAccessTokenBindingErrorReasonTokenSync in ensureReferencedServiceAccount -> serviceAccountHandler.Sync
	ErrorReasonServiceAccountUpdate ErrorReason = "ServiceAccountUpdate"
)

type LocalClusterConnectionDetails 

type LocalClusterConnectionDetails struct {
	Client client.Client
	Config *rest.Config
}

LocalClusterConnectionDetails provides the client and configuration for connecting to the local cluster

type ObjectMarker 

type ObjectMarker interface {
	MarkManaged(ctx context.Context, target client.ObjectKey, obj client.Object) (bool, error)
	UnmarkManaged(ctx context.Context, target client.ObjectKey, obj client.Object) (bool, error)
	MarkReferenced(ctx context.Context, target client.ObjectKey, obj client.Object) (bool, error)
	UnmarkReferenced(ctx context.Context, target client.ObjectKey, obj client.Object) (bool, error)
	IsManagedBy(ctx context.Context, target client.ObjectKey, obj client.Object) (bool, error)
	// IsManagedByOther checks whether obj is marked as managed by something other than target or not marked as managed at all.
	// Note that ! IsManagedBy does not imply IsManagedByOther. If obj is marked as managed by ObjectKey different target,
	// such ObjectKey should be returned by the function.
	IsManagedByOther(ctx context.Context, target client.ObjectKey, obj client.Object) (bool, client.ObjectKey, error)
	IsReferencedBy(ctx context.Context, target client.ObjectKey, obj client.Object) (bool, error)
	ListManagedOptions(ctx context.Context, taget client.ObjectKey) ([]client.ListOption, error)
	ListReferencedOptions(ctx context.Context, target client.ObjectKey) ([]client.ListOption, error)
	GetReferencingTargets(ctx context.Context, obj client.Object) ([]client.ObjectKey, error)
}

ObjectMarker is used to mark or unmark some object with a link to the target.

type SecretDataGetter 

type SecretDataGetter[K any] interface {
	// GetData returns the secret data from the backend storage given the key. If the data is not found, this method
	// MUST return the SecretDataNotFoundError.
	GetData(ctx context.Context, secretDataKey K) (data map[string][]byte, errorReason string, err error)
}

SecretDataGetter is an abstraction that, given the provided key, is able to obtain the secret data from some kind of backing secret storage and prepare it in some way or fashion to be ready for persisting as the Data field of a Kubernetes secret.

type SecretDeploymentTarget 

type SecretDeploymentTarget interface {
	// GetClient returns the client to use when connecting to the target "destination" to deploy the dependent objects to.
	GetClient() client.Client
	// GetType returns the type of the secret deployment target object.
	GetType() string
	// GetTargetObjectKey is the location of the object that describes the target.
	GetTargetObjectKey() client.ObjectKey
	// GetTargetNamespace specifies the namespace to which the secret and service accounts
	// should be deployed to.
	GetTargetNamespace() string
	// GetSpec gives the spec from which the secrets and service accounts should be created.
	// Make sure to do a DeepCopy of this object before you make modifications to it to avoid
	// modifying the shared state stored in maps and slices therein.
	GetSpec() api.LinkableSecretSpec
	// GetActualSecretName returns the actual name of the secret, if any (as opposed to the
	// configured name from the spec, which may not fully represent what's in the cluster
	// if for example GenerateName is used).
	GetActualSecretName() string
	// GetActualServiceAccountNames returns the names of the service accounts that the spec
	// configures.
	GetActualServiceAccountNames() []string
	// GetActualManagedLabels returns the list of labels that are actually present on the target
	// and that should be managed (i.e. deleted when no longer required).
	GetActualManagedLabels() []string
	// GetActualManagedAnnotations returns the list of annotations that are actually present
	// on the target and that should be managed (i.e. deleted when no longer required).
	GetActualManagedAnnotations() []string
}

SecretDeploymentTarget together with SecretBuilder and ObjectMarker, represents a method of obtaining enough information for the DependentsHandler to be able to deliver the secrets and service accounts to some "target" place in (some) K8s cluster.

type TestDeploymentTarget 

type TestDeploymentTarget struct {
	GetClientImpl                    func() client.Client
	GetTypeImpl                      func() string
	GetTargetObjectKeyImpl           func() client.ObjectKey
	GetTargetNamespaceImpl           func() string
	GetSpecImpl                      func() api.LinkableSecretSpec
	GetActualSecretNameImpl          func() string
	GetActualServiceAccountNamesImpl func() []string
	GetActualManagedLabelsImpl       func() []string
	GetActualManagedAnnotationsImpl  func() []string
}

func (*TestDeploymentTarget) GetActualManagedAnnotations 

func (t *TestDeploymentTarget) GetActualManagedAnnotations() []string

GetActualManagedAnnotations implements SecretDeploymentTarget.

func (*TestDeploymentTarget) GetActualManagedLabels 

func (t *TestDeploymentTarget) GetActualManagedLabels() []string

GetActualManagedLabels implements SecretDeploymentTarget.

func (*TestDeploymentTarget) GetActualSecretName 

func (t *TestDeploymentTarget) GetActualSecretName() string

GetActualSecretName implements SecretDeploymentTarget

func (*TestDeploymentTarget) GetActualServiceAccountNames 

func (t *TestDeploymentTarget) GetActualServiceAccountNames() []string

GetActualServiceAccountNames implements SecretDeploymentTarget

func (*TestDeploymentTarget) GetClient 

func (t *TestDeploymentTarget) GetClient() client.Client

GetClient implements SecretDeploymentTarget

func (*TestDeploymentTarget) GetSpec 

func (t *TestDeploymentTarget) GetSpec() api.LinkableSecretSpec

GetSpec implements SecretDeploymentTarget

func (*TestDeploymentTarget) GetTargetNamespace 

func (t *TestDeploymentTarget) GetTargetNamespace() string

GetTargetNamespace implements SecretDeploymentTarget

func (*TestDeploymentTarget) GetTargetObjectKey 

func (t *TestDeploymentTarget) GetTargetObjectKey() client.ObjectKey

GetTargetObjectKey implements SecretDeploymentTarget

func (*TestDeploymentTarget) GetType 

func (t *TestDeploymentTarget) GetType() string

GetType implements SecretDeploymentTarget

type TestObjectMarker 

type TestObjectMarker struct {
	IsManagedByImpl           func(context.Context, client.ObjectKey, client.Object) (bool, error)
	IsManagedByOtherImpl      func(context.Context, client.ObjectKey, client.Object) (bool, client.ObjectKey, error)
	IsReferencedByImpl        func(context.Context, client.ObjectKey, client.Object) (bool, error)
	ListManagedOptionsImpl    func(context.Context, client.ObjectKey) ([]client.ListOption, error)
	ListReferencedOptionsImpl func(context.Context, client.ObjectKey) ([]client.ListOption, error)
	MarkManagedImpl           func(context.Context, client.ObjectKey, client.Object) (bool, error)
	MarkReferencedImpl        func(context.Context, client.ObjectKey, client.Object) (bool, error)
	UnmarkManagedImpl         func(context.Context, client.ObjectKey, client.Object) (bool, error)
	UnmarkReferencedImpl      func(context.Context, client.ObjectKey, client.Object) (bool, error)
	GetReferencingTargetsImpl func(context.Context, client.Object) ([]client.ObjectKey, error)
}

func (*TestObjectMarker) GetReferencingTargets 

func (m *TestObjectMarker) GetReferencingTargets(ctx context.Context, obj client.Object) ([]types.NamespacedName, error)

GetReferencingTarget implements ObjectMarker

func (*TestObjectMarker) IsManagedBy 

func (m *TestObjectMarker) IsManagedBy(ctx context.Context, target client.ObjectKey, obj client.Object) (bool, error)

IsManaged implements ObjectMarker

func (*TestObjectMarker) IsManagedByOther 

func (m *TestObjectMarker) IsManagedByOther(ctx context.Context, target client.ObjectKey, obj client.Object) (bool, client.ObjectKey, error)

IsManagedByOther implements ObjectMarker

func (*TestObjectMarker) IsReferencedBy 

func (m *TestObjectMarker) IsReferencedBy(ctx context.Context, target client.ObjectKey, obj client.Object) (bool, error)

IsReferenced implements ObjectMarker

func (*TestObjectMarker) ListManagedOptions 

func (m *TestObjectMarker) ListManagedOptions(ctx context.Context, target client.ObjectKey) ([]client.ListOption, error)

ListManagedOptions implements ObjectMarker

func (*TestObjectMarker) ListReferencedOptions 

func (m *TestObjectMarker) ListReferencedOptions(ctx context.Context, target client.ObjectKey) ([]client.ListOption, error)

ListReferencedOptions implements ObjectMarker

func (*TestObjectMarker) MarkManaged 

func (m *TestObjectMarker) MarkManaged(ctx context.Context, target client.ObjectKey, obj client.Object) (bool, error)

MarkManaged implements ObjectMarker

func (*TestObjectMarker) MarkReferenced 

func (m *TestObjectMarker) MarkReferenced(ctx context.Context, target client.ObjectKey, obj client.Object) (bool, error)

MarkReferenced implements ObjectMarker

func (*TestObjectMarker) UnmarkManaged 

func (m *TestObjectMarker) UnmarkManaged(ctx context.Context, target client.ObjectKey, obj client.Object) (bool, error)

UnmarkManaged implements ObjectMarker

func (*TestObjectMarker) UnmarkReferenced 

func (m *TestObjectMarker) UnmarkReferenced(ctx context.Context, target client.ObjectKey, obj client.Object) (bool, error)

UnmarkReferenced implements ObjectMarker

type TestSecretDataGetter 

type TestSecretDataGetter[K any] struct {
	GetDataImpl func(context.Context, K) (map[string][]byte, string, error)
}

func (*TestSecretDataGetter[K]) GetData 

func (g *TestSecretDataGetter[K]) GetData(ctx context.Context, secretDataKey K) (data map[string][]byte, errorReason string, err error)

GetData implements SecretBuilder

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.