Documentation ¶
Index ¶
- func ForbidClusterIDHeader(inner http.Handler) http.Handler
- func GenerateTransferToken() string
- func GetDomainReport(cluster *core.Cluster, dbDomain db.Domain, now time.Time, dbi db.Interface, ...) (*limesresources.DomainReport, error)
- func GetProjectRateReport(cluster *core.Cluster, dbDomain db.Domain, dbProject db.Project, ...) (*limesrates.ProjectReport, error)
- func GetProjectResourceReport(cluster *core.Cluster, dbDomain db.Domain, dbProject db.Project, now time.Time, ...) (*limesresources.ProjectReport, error)
- func NewTokenValidator(provider *gophercloud.ProviderClient, eo gophercloud.EndpointOpts) (gopherpolicy.Validator, error)
- func NewV1API(cluster *core.Cluster, dbm *gorp.DbMap, tokenValidator gopherpolicy.Validator, ...) httpapi.API
- func RequireJSON(w http.ResponseWriter, r *http.Request, data any) bool
- func StartAuditTrail()
- type JSONListStream
- type MissingProjectReportError
- type QuotaRequest
- type QuotaUpdater
- func (u QuotaUpdater) CommitAuditTrail(token *gopherpolicy.Token, r *http.Request, requestTime time.Time)
- func (u QuotaUpdater) IsValid() bool
- func (u QuotaUpdater) QuotaConstraints() core.QuotaConstraints
- func (u QuotaUpdater) ScopeName() string
- func (u QuotaUpdater) ScopeType() string
- func (u *QuotaUpdater) ValidateInput(input limesresources.QuotaRequest, dbi db.Interface) error
- func (u QuotaUpdater) WritePutErrorResponse(w http.ResponseWriter)
- func (u QuotaUpdater) WriteSimulationReport(w http.ResponseWriter)
- type RateLimitRequest
- type RateLimitUpdater
- func (u RateLimitUpdater) CommitAuditTrail(token *gopherpolicy.Token, r *http.Request, requestTime time.Time)
- func (u RateLimitUpdater) IsValid() bool
- func (u *RateLimitUpdater) ValidateInput(input limesrates.RateRequest, dbi db.Interface) error
- func (u RateLimitUpdater) WritePutErrorResponse(w http.ResponseWriter)
- func (u RateLimitUpdater) WriteSimulationReport(w http.ResponseWriter)
- type VersionData
- type VersionLinkData
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ForbidClusterIDHeader ¶
ForbidClusterIDHeader is a global middleware that rejects the X-Limes-Cluster-Id header (which was removed from the API spec).
func GenerateTransferToken ¶
func GenerateTransferToken() string
Generates a token that is used to transfer a commitment from a source to a target project. The token will be attached to the commitment that will be transferred and stored in the database until the transfer is concluded.
func GetDomainReport ¶
func GetDomainReport(cluster *core.Cluster, dbDomain db.Domain, now time.Time, dbi db.Interface, filter reports.Filter) (*limesresources.DomainReport, error)
GetDomainReport is a convenience wrapper around reports.GetDomains() for getting a single domain report.
func GetProjectRateReport ¶
func GetProjectRateReport(cluster *core.Cluster, dbDomain db.Domain, dbProject db.Project, dbi db.Interface, filter reports.Filter) (*limesrates.ProjectReport, error)
GetProjectRateReport is a convenience wrapper around reports.GetProjectRates() for getting a single project rate report.
func GetProjectResourceReport ¶
func GetProjectResourceReport(cluster *core.Cluster, dbDomain db.Domain, dbProject db.Project, now time.Time, dbi db.Interface, filter reports.Filter) (*limesresources.ProjectReport, error)
GetProjectResourceReport is a convenience wrapper around reports.GetProjectResources() for getting a single project resource report.
func NewTokenValidator ¶
func NewTokenValidator(provider *gophercloud.ProviderClient, eo gophercloud.EndpointOpts) (gopherpolicy.Validator, error)
NewTokenValidator constructs a gopherpolicy.TokenValidator instance.
func NewV1API ¶
func NewV1API(cluster *core.Cluster, dbm *gorp.DbMap, tokenValidator gopherpolicy.Validator, timeNow func() time.Time, generateTransferToken func() string) httpapi.API
NewV1API creates an httpapi.API that serves the Limes v1 API. It also returns the VersionData for this API version which is needed for the version advertisement on "GET /".
func RequireJSON ¶
RequireJSON will parse the request body into the given data structure, or write an error response if that fails.
func StartAuditTrail ¶
func StartAuditTrail()
StartAuditTrail starts the audit trail by initializing the event sink and starting a Commit() goroutine.
Types ¶
type JSONListStream ¶
type JSONListStream[T any] struct { OuterFieldName string Request *http.Request ResponseWriter http.ResponseWriter // contains filtered or unexported fields }
JSONListStream writes a JSON response containing a single array in the form
{ "things": [ thing1, thing2, ..., thingN ] }
without needing to hold the entire list of things in memory at once. This is especially necessary for large project reports because the JSON can grow to several 100 MiB for large domains and high detail settings, which would lead to OOM on the API process in a cgroup-controlled deployment if we try to hold it all in memory.
We delay the opening `{"things":[` until we receive the first item, so that errors can be logged as a 5xx response if necessary. Upon getting the first report, we commit to the response being 200 and print reports as they come in. If we get to the end, we just need to write the trailing `]}` to complete the response.
func NewJSONListStream ¶
func NewJSONListStream[T any](w http.ResponseWriter, r *http.Request, outerFieldName string) *JSONListStream[T]
func (*JSONListStream[T]) FinalizeDocument ¶
func (s *JSONListStream[T]) FinalizeDocument(err error)
FinalizeDocument must be called once after all items have been written, to properly finalize the JSON document.
func (*JSONListStream[T]) WriteItem ¶
func (s *JSONListStream[T]) WriteItem(item T) error
WriteItem can be called as many times as necessary to append items to the JSON document.
type MissingProjectReportError ¶
type MissingProjectReportError struct { ServiceType limes.ServiceType ResourceName limesresources.ResourceName }
MissingProjectReportError is returned by QuotaUpdater.ValidateInput() when a project report is incomplete. This usually happens when a user tries to PUT a quota on a new project that has not been scraped yet.
func (MissingProjectReportError) Error ¶
func (e MissingProjectReportError) Error() string
Error implements the builtin/error interface.
type QuotaRequest ¶
type QuotaRequest struct { OldValue uint64 NewValue uint64 Unit limes.Unit ValidationError *core.QuotaValidationError }
QuotaRequest describes a single quota value that a PUT request wants to change. It appears in type QuotaUpdater.
type QuotaUpdater ¶
type QuotaUpdater struct { // scope Cluster *core.Cluster Domain *db.Domain // always set (for project quota updates, contains the project's domain) Project *db.Project // nil for domain quota updates // context DB *gorp.DbMap Now time.Time // AuthZ info CanRaise func(serviceType limes.ServiceType, resourceName limesresources.ResourceName) bool CanRaiseLP func(serviceType limes.ServiceType, resourceName limesresources.ResourceName) bool // low-privilege raise CanLower func(serviceType limes.ServiceType, resourceName limesresources.ResourceName) bool CanLowerLP func(serviceType limes.ServiceType, resourceName limesresources.ResourceName) bool // Filled by ValidateInput() with the keys being the service type and the resource name. Requests map[limes.ServiceType]map[limesresources.ResourceName]QuotaRequest }
QuotaUpdater contains the shared code for domain and project PUT requests. See func PutDomain and func PutProject for how it's used.
func (QuotaUpdater) CommitAuditTrail ¶
func (u QuotaUpdater) CommitAuditTrail(token *gopherpolicy.Token, r *http.Request, requestTime time.Time)
CommitAuditTrail prepares an audit.Trail instance for this updater and commits it.
func (QuotaUpdater) IsValid ¶
func (u QuotaUpdater) IsValid() bool
IsValid returns true if all u.Requests are valid (i.e. ValidationError == nil).
func (QuotaUpdater) QuotaConstraints ¶
func (u QuotaUpdater) QuotaConstraints() core.QuotaConstraints
QuotaConstraints returns the quota constraints that apply to this updater's scope.
func (QuotaUpdater) ScopeName ¶
func (u QuotaUpdater) ScopeName() string
ScopeName is "$DOMAIN_NAME" for domains and "$DOMAIN_NAME/$PROJECT_NAME" for projects.
func (QuotaUpdater) ScopeType ¶
func (u QuotaUpdater) ScopeType() string
ScopeType is used for constructing error messages.
func (*QuotaUpdater) ValidateInput ¶
func (u *QuotaUpdater) ValidateInput(input limesresources.QuotaRequest, dbi db.Interface) error
ValidateInput reads the given input and validates the quotas contained therein. Results are collected into u.Requests. The return value is only set for unexpected errors, not for validation errors.
func (QuotaUpdater) WritePutErrorResponse ¶
func (u QuotaUpdater) WritePutErrorResponse(w http.ResponseWriter)
WritePutErrorResponse produces a negative HTTP response for this PUT request. It may only be used when `u.IsValid()` is false.
func (QuotaUpdater) WriteSimulationReport ¶
func (u QuotaUpdater) WriteSimulationReport(w http.ResponseWriter)
WriteSimulationReport produces the HTTP response for the POST /simulate-put endpoints.
type RateLimitRequest ¶
type RateLimitRequest struct { Unit limes.Unit OldLimit uint64 NewLimit uint64 OldWindow limesrates.Window NewWindow limesrates.Window ValidationError *core.QuotaValidationError }
RateLimitRequest describes a single rate limit that a PUT requests wants to change. It appears in type QuotaUpdater.
type RateLimitUpdater ¶
type RateLimitUpdater struct { // scope (all fields are always set since rate limits can only be updated on // the project level) Cluster *core.Cluster Domain *db.Domain Project *db.Project // AuthZ info CanSetRateLimit func(limes.ServiceType) bool // Filled by ValidateInput() with the keys being the service type and the rate name. Requests map[limes.ServiceType]map[limesrates.RateName]RateLimitRequest }
RateLimitUpdater is the equivalent of QuotaUpdater for rate limit PUT requests.
func (RateLimitUpdater) CommitAuditTrail ¶
func (u RateLimitUpdater) CommitAuditTrail(token *gopherpolicy.Token, r *http.Request, requestTime time.Time)
CommitAuditTrail prepares an audit.Trail instance for this updater and commits it.
func (RateLimitUpdater) IsValid ¶
func (u RateLimitUpdater) IsValid() bool
IsValid returns true if all u.LimitRequests are valid (i.e. ValidationError == nil).
func (*RateLimitUpdater) ValidateInput ¶
func (u *RateLimitUpdater) ValidateInput(input limesrates.RateRequest, dbi db.Interface) error
ValidateInput reads the given input and validates the quotas contained therein. Results are collected into u.Requests. The return value is only set for unexpected errors, not for validation errors.
func (RateLimitUpdater) WritePutErrorResponse ¶
func (u RateLimitUpdater) WritePutErrorResponse(w http.ResponseWriter)
WritePutErrorResponse produces a negative HTTP response for this PUT request. It may only be used when `u.IsValid()` is false.
func (RateLimitUpdater) WriteSimulationReport ¶
func (u RateLimitUpdater) WriteSimulationReport(w http.ResponseWriter)
WriteSimulationReport produces the HTTP response for the POST /simulate-put endpoints.
type VersionData ¶
type VersionData struct { Status string `json:"status"` ID string `json:"id"` Links []VersionLinkData `json:"links"` }
VersionData is used by version advertisement handlers.
type VersionLinkData ¶
type VersionLinkData struct { URL string `json:"href"` Relation string `json:"rel"` Type string `json:"type,omitempty"` }
VersionLinkData is used by version advertisement handlers, as part of the VersionData struct.