caller

package
v0.0.0-...-782667f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 3, 2023 License: Apache-2.0 Imports: 38 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	HYPERAUTH_URL          string
	HYPERAUTH_REALM_PREFIX string
)
View Source 
var AuditResourceList []string
View Source 
var Clientset *kubernetes.Clientset
View Source 
var EventWatchChannel chan struct{}

Functions

func AdmitClusterClaim 

func AdmitClusterClaim(userId string, userGroups []string, clusterClaim *claimsv1alpha1.ClusterClaim, admit bool, reason string) (*claimsv1alpha1.ClusterClaim, error)

func AdmitClusterUpdateClaim 

func AdmitClusterUpdateClaim(userId string, userGroups []string, cuc *claimsv1alpha1.ClusterUpdateClaim, admit bool, reason string) (*claimsv1alpha1.ClusterUpdateClaim, error)

func CheckClusterManagerDuplication 

func CheckClusterManagerDuplication(clusterName string, namespace string) (bool, error)

func CheckClusterValid 

func CheckClusterValid(userId string, clusterName string, cucNamespace string) error

cluster created type check, cluster owner만 승인/거절 할 수 있도록 check, ready 상태의 cluster만 허용하도록 check

func CreateCLMRole 

func CreateCLMRole(clusterManager *clusterv1alpha1.ClusterManager, subject string, attribute string) error

func CreateCRBForKubectlSA 

func CreateCRBForKubectlSA(saName string, S ...struct {
	Kind string
	Name []string
}) error

func CreateClusterRoleBinding 

func CreateClusterRoleBinding(ClusterRoleBinding *rbacApi.ClusterRoleBinding) error

func CreateConfigmapForKubectl 

func CreateConfigmapForKubectl(serviceAccountName string, retry int) (string, error)

CreateConfigmapForKubectl creates configmap for volume mounting at /var/run/secrets/kubernetes.io/serviceaccount to change default namespace of kubectl container.

func CreateNSGetRole 

func CreateNSGetRole(clusterManager *clusterv1alpha1.ClusterManager, subject string, attribute string) error

func CreateRBForKubectlSA 

func CreateRBForKubectlSA(saName string, S ...struct {
	Kind string
	Name []string
}) error

func CreateRemoteSecretInLocal 

func CreateRemoteSecretInLocal(clusterManager *clusterv1alpha1.ClusterManager, subject string, remoteRole string, attribute string) error

master cluster에 remote Service account secret와 동일한 secret을 생성

func CreateRoleInRemote 

func CreateRoleInRemote(clusterManager *clusterv1alpha1.ClusterManager, subject string, remoteRole string, attribute string) error

remote cluster에 jwt-decode-auth용, oidc용 clusterrolebinding 생성

func CreateSASecretInRemote 

func CreateSASecretInRemote(clusterManager *clusterv1alpha1.ClusterManager, subject string, remoteRole string, attribute string) error

remote cluster에 service account와 secret을 미리 생성

func CreateSubjectAccessReview 

func CreateSubjectAccessReview(userId string, userGroups []string, group string, resource string, namespace string, name string, verb string) (*authApi.SubjectAccessReview, error)

func DeleteCLMRole 

func DeleteCLMRole(clusterManager *clusterv1alpha1.ClusterManager, subject string, attribute string) error

master cluster에 생성한 cluster manager role, rolebinding 삭제

func DeleteCRBWithUser 

func DeleteCRBWithUser(userId string) error

func DeleteClusterRoleBinding 

func DeleteClusterRoleBinding(name string) error

func DeleteKubectlAllResource 

func DeleteKubectlAllResource()

DeleteKubectlResource deletes all kubectl pod related resources for all user, which contains Pod, RoleBinding, ClusterRoleBinding and ServiceAccount. It only runs by cronJob, not by calling API.

func DeleteKubectlResourceByUserName 

func DeleteKubectlResourceByUserName(userName string) error

DeleteKubectlResource deletes all kubectl pod related resources for give userName, which contains Pod, RoleBinding, ClusterRoleBinding and ServiceAccount

func DeleteNSCWithUser 

func DeleteNSCWithUser(userId string) error

func DeleteNSGetRole 

func DeleteNSGetRole(clusterManager *clusterv1alpha1.ClusterManager, subject string, attribute string) error

master cluster에 생성한 namespace rolebinding 삭제

func DeleteRBCWithUser 

func DeleteRBCWithUser(userId string) error

func DeleteRBWithUser 

func DeleteRBWithUser(userId string) error

func DeleteRQCWithUser 

func DeleteRQCWithUser(userId string) error

func DeployKubectlPod 

func DeployKubectlPod(userName string) error

DeployKubectlPod makes serviceaccount which has same authorization compared to given userName(email), then deploy pod with kubectl image

func ExecCommand 

func ExecCommand(pod corev1.Pod, command []string, container string) (string, string, error)

ExecCommand sends a 'exec' command to specific pod. It returns outputs of command. If the container parameter == "", it chooses first container.

func GetAccessibleNS 

func GetAccessibleNS(userId string, labelSelector string, userGroups []string) (corev1.NamespaceList, error)

func GetAccessibleNSC 

func GetAccessibleNSC(userId string, userGroups []string, labelSelector string) (claim.NamespaceClaimList, error)

var nsList = &corev1.NamespaceList{}

func GetBindableResources 

func GetBindableResources() map[string]string

func GetCRBAdmin 

func GetCRBAdmin() string

func GetCluster 

func GetCluster(userId string, userGroups []string, clusterName string, namespace string) (*clusterv1alpha1.ClusterManager, error)

func GetClusterClaim 

func GetClusterClaim(userId string, userGroups []string, clusterClaimName string, clusterClaimNamespace string) (*claimsv1alpha1.ClusterClaim, error)

func GetClusterUpdateClaim 

func GetClusterUpdateClaim(userId string, userGroups []string, cucName string, cucNamespace string) (*claimsv1alpha1.ClusterUpdateClaim, error)

func GetClusterWithoutSAR 

func GetClusterWithoutSAR(userId string, userGroups []string, clusterName string, namespace string) (*clusterv1alpha1.ClusterManager, error)

func GetFbc 

func GetFbc(namespace string, name string) (*configv1alpha1.FluentBitConfiguration, error)

func GetHyperAuthAdminAccount 

func GetHyperAuthAdminAccount() (string, string, error)

func GetHyperAuthGroupByUser 

func GetHyperAuthGroupByUser(userId string) ([]string, error)

func GetHyperAuthUserDetail 

func GetHyperAuthUserDetail(userId string) (map[string]interface{}, error)

func GetNamespace 

func GetNamespace(nsName string) (*corev1.Namespace, error)

func GetPodListByLabel 

func GetPodListByLabel(label string, namespace string) (corev1.PodList, bool)

GetPodListByLabel returns a pod List using label and namespace. If you want to find pods through all namespace, pass "" for namespace parameter. If there is a pod list, it returns a list with 'true', if not, returns with 'false'

func IsAccessibleNS 

func IsAccessibleNS(ns string, userId string, labelSelector string, userGroups []string) (bool, error)

func ListAccessibleCluster 

func ListAccessibleCluster(userId string, userGroups []string) (*clusterv1alpha1.ClusterManagerList, error)

func ListAccessibleClusterClaims 

func ListAccessibleClusterClaims(userId string, userGroups []string, namespace string) (*claimsv1alpha1.ClusterClaimList, error)

func ListAllCluster 

func ListAllCluster(userId string, userGroups []string) (*clusterv1alpha1.ClusterManagerList, error)

func ListAllClusterClaims 

func ListAllClusterClaims(userId string, userGroups []string) (*claimsv1alpha1.ClusterClaimList, error)

func ListClusterInNamespace 

func ListClusterInNamespace(userId string, userGroups []string, namespace string) (*clusterv1alpha1.ClusterManagerList, error)

func ListClusterUpdateClaims 

func ListClusterUpdateClaims(userId string, userGroups []string) (*claimsv1alpha1.ClusterUpdateClaimList, error)

func ListClusterUpdateClaimsByNamespace 

func ListClusterUpdateClaimsByNamespace(userId string, userGroups []string, namespace string) (*claimsv1alpha1.ClusterUpdateClaimList, error)

func LoginAsAdmin 

func LoginAsAdmin() string

func ParseUserName 

func ParseUserName(userName string) string

func RemoveRemoteSecretInLocal 

func RemoveRemoteSecretInLocal(clusterManager *clusterv1alpha1.ClusterManager, subject string, attribute string) error

master cluster에 생성한 remote cluster의 service account secret token을 삭제

func RemoveRoleFromRemote 

func RemoveRoleFromRemote(clusterManager *clusterv1alpha1.ClusterManager, subject string, attribute string) error

remote cluster에 있는 jwt-decode-auth용, oidc용 clusterrolebinding 삭제

func RemoveSASecretFromRemote 

func RemoveSASecretFromRemote(clusterManager *clusterv1alpha1.ClusterManager, subject string, attribute string) error

remote cluster에 생성한 service account, service account secret 모두 삭제

func UpdateAuditResourceList 

func UpdateAuditResourceList()

func UpdateNamespace 

func UpdateNamespace(namespace *corev1.Namespace) (*corev1.Namespace, error)

func WatchK8sEvent 

func WatchK8sEvent()

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.