Documentation ¶
Index ¶
- Variables
- func AdmitClusterClaim(userId string, userGroups []string, clusterClaim *claimsv1alpha1.ClusterClaim, ...) (*claimsv1alpha1.ClusterClaim, error)
- func AdmitClusterUpdateClaim(userId string, userGroups []string, cuc *claimsv1alpha1.ClusterUpdateClaim, ...) (*claimsv1alpha1.ClusterUpdateClaim, error)
- func CheckClusterManagerDuplication(clusterName string, namespace string) (bool, error)
- func CheckClusterValid(userId string, clusterName string, cucNamespace string) error
- func CreateCLMRole(clusterManager *clusterv1alpha1.ClusterManager, subject string, ...) error
- func CreateCRBForKubectlSA(saName string, S ...) error
- func CreateClusterRoleBinding(ClusterRoleBinding *rbacApi.ClusterRoleBinding) error
- func CreateConfigmapForKubectl(serviceAccountName string, retry int) (string, error)
- func CreateNSGetRole(clusterManager *clusterv1alpha1.ClusterManager, subject string, ...) error
- func CreateRBForKubectlSA(saName string, S ...) error
- func CreateRemoteSecretInLocal(clusterManager *clusterv1alpha1.ClusterManager, subject string, ...) error
- func CreateRoleInRemote(clusterManager *clusterv1alpha1.ClusterManager, subject string, ...) error
- func CreateSASecretInRemote(clusterManager *clusterv1alpha1.ClusterManager, subject string, ...) error
- func CreateSubjectAccessReview(userId string, userGroups []string, group string, resource string, ...) (*authApi.SubjectAccessReview, error)
- func DeleteCLMRole(clusterManager *clusterv1alpha1.ClusterManager, subject string, ...) error
- func DeleteCRBWithUser(userId string) error
- func DeleteClusterRoleBinding(name string) error
- func DeleteKubectlAllResource()
- func DeleteKubectlResourceByUserName(userName string) error
- func DeleteNSCWithUser(userId string) error
- func DeleteNSGetRole(clusterManager *clusterv1alpha1.ClusterManager, subject string, ...) error
- func DeleteRBCWithUser(userId string) error
- func DeleteRBWithUser(userId string) error
- func DeleteRQCWithUser(userId string) error
- func DeployKubectlPod(userName string) error
- func ExecCommand(pod corev1.Pod, command []string, container string) (string, string, error)
- func GetAccessibleNS(userId string, labelSelector string, userGroups []string) (corev1.NamespaceList, error)
- func GetAccessibleNSC(userId string, userGroups []string, labelSelector string) (claim.NamespaceClaimList, error)
- func GetBindableResources() map[string]string
- func GetCRBAdmin() string
- func GetCluster(userId string, userGroups []string, clusterName string, namespace string) (*clusterv1alpha1.ClusterManager, error)
- func GetClusterClaim(userId string, userGroups []string, clusterClaimName string, ...) (*claimsv1alpha1.ClusterClaim, error)
- func GetClusterUpdateClaim(userId string, userGroups []string, cucName string, cucNamespace string) (*claimsv1alpha1.ClusterUpdateClaim, error)
- func GetClusterWithoutSAR(userId string, userGroups []string, clusterName string, namespace string) (*clusterv1alpha1.ClusterManager, error)
- func GetFbc(namespace string, name string) (*configv1alpha1.FluentBitConfiguration, error)
- func GetHyperAuthAdminAccount() (string, string, error)
- func GetHyperAuthGroupByUser(userId string) ([]string, error)
- func GetHyperAuthUserDetail(userId string) (map[string]interface{}, error)
- func GetNamespace(nsName string) (*corev1.Namespace, error)
- func GetPodListByLabel(label string, namespace string) (corev1.PodList, bool)
- func IsAccessibleNS(ns string, userId string, labelSelector string, userGroups []string) (bool, error)
- func ListAccessibleCluster(userId string, userGroups []string) (*clusterv1alpha1.ClusterManagerList, error)
- func ListAccessibleClusterClaims(userId string, userGroups []string, namespace string) (*claimsv1alpha1.ClusterClaimList, error)
- func ListAllCluster(userId string, userGroups []string) (*clusterv1alpha1.ClusterManagerList, error)
- func ListAllClusterClaims(userId string, userGroups []string) (*claimsv1alpha1.ClusterClaimList, error)
- func ListClusterInNamespace(userId string, userGroups []string, namespace string) (*clusterv1alpha1.ClusterManagerList, error)
- func ListClusterUpdateClaims(userId string, userGroups []string) (*claimsv1alpha1.ClusterUpdateClaimList, error)
- func ListClusterUpdateClaimsByNamespace(userId string, userGroups []string, namespace string) (*claimsv1alpha1.ClusterUpdateClaimList, error)
- func LoginAsAdmin() string
- func ParseUserName(userName string) string
- func RemoveRemoteSecretInLocal(clusterManager *clusterv1alpha1.ClusterManager, subject string, ...) error
- func RemoveRoleFromRemote(clusterManager *clusterv1alpha1.ClusterManager, subject string, ...) error
- func RemoveSASecretFromRemote(clusterManager *clusterv1alpha1.ClusterManager, subject string, ...) error
- func UpdateAuditResourceList()
- func UpdateNamespace(namespace *corev1.Namespace) (*corev1.Namespace, error)
- func WatchK8sEvent()
Constants ¶
This section is empty.
Variables ¶
var ( HYPERAUTH_URL string HYPERAUTH_REALM_PREFIX string )
var AuditResourceList []string
var Clientset *kubernetes.Clientset
var EventWatchChannel chan struct{}
Functions ¶
func AdmitClusterClaim ¶
func AdmitClusterClaim(userId string, userGroups []string, clusterClaim *claimsv1alpha1.ClusterClaim, admit bool, reason string) (*claimsv1alpha1.ClusterClaim, error)
func AdmitClusterUpdateClaim ¶
func AdmitClusterUpdateClaim(userId string, userGroups []string, cuc *claimsv1alpha1.ClusterUpdateClaim, admit bool, reason string) (*claimsv1alpha1.ClusterUpdateClaim, error)
func CheckClusterValid ¶
cluster created type check, cluster owner만 승인/거절 할 수 있도록 check, ready 상태의 cluster만 허용하도록 check
func CreateCLMRole ¶
func CreateCLMRole(clusterManager *clusterv1alpha1.ClusterManager, subject string, attribute string) error
func CreateCRBForKubectlSA ¶
func CreateClusterRoleBinding ¶
func CreateClusterRoleBinding(ClusterRoleBinding *rbacApi.ClusterRoleBinding) error
func CreateConfigmapForKubectl ¶
CreateConfigmapForKubectl creates configmap for volume mounting at /var/run/secrets/kubernetes.io/serviceaccount to change default namespace of kubectl container.
func CreateNSGetRole ¶
func CreateNSGetRole(clusterManager *clusterv1alpha1.ClusterManager, subject string, attribute string) error
func CreateRBForKubectlSA ¶
func CreateRemoteSecretInLocal ¶
func CreateRemoteSecretInLocal(clusterManager *clusterv1alpha1.ClusterManager, subject string, remoteRole string, attribute string) error
master cluster에 remote Service account secret와 동일한 secret을 생성
func CreateRoleInRemote ¶
func CreateRoleInRemote(clusterManager *clusterv1alpha1.ClusterManager, subject string, remoteRole string, attribute string) error
remote cluster에 jwt-decode-auth용, oidc용 clusterrolebinding 생성
func CreateSASecretInRemote ¶
func CreateSASecretInRemote(clusterManager *clusterv1alpha1.ClusterManager, subject string, remoteRole string, attribute string) error
remote cluster에 service account와 secret을 미리 생성
func DeleteCLMRole ¶
func DeleteCLMRole(clusterManager *clusterv1alpha1.ClusterManager, subject string, attribute string) error
master cluster에 생성한 cluster manager role, rolebinding 삭제
func DeleteCRBWithUser ¶
func DeleteKubectlAllResource ¶
func DeleteKubectlAllResource()
DeleteKubectlResource deletes all kubectl pod related resources for all user, which contains Pod, RoleBinding, ClusterRoleBinding and ServiceAccount. It only runs by cronJob, not by calling API.
func DeleteKubectlResourceByUserName ¶
DeleteKubectlResource deletes all kubectl pod related resources for give userName, which contains Pod, RoleBinding, ClusterRoleBinding and ServiceAccount
func DeleteNSCWithUser ¶
func DeleteNSGetRole ¶
func DeleteNSGetRole(clusterManager *clusterv1alpha1.ClusterManager, subject string, attribute string) error
master cluster에 생성한 namespace rolebinding 삭제
func DeleteRBCWithUser ¶
func DeleteRBWithUser ¶
func DeleteRQCWithUser ¶
func DeployKubectlPod ¶
DeployKubectlPod makes serviceaccount which has same authorization compared to given userName(email), then deploy pod with kubectl image
func ExecCommand ¶
ExecCommand sends a 'exec' command to specific pod. It returns outputs of command. If the container parameter == "", it chooses first container.
func GetAccessibleNS ¶
func GetAccessibleNSC ¶
func GetAccessibleNSC(userId string, userGroups []string, labelSelector string) (claim.NamespaceClaimList, error)
var nsList = &corev1.NamespaceList{}
func GetBindableResources ¶
func GetCRBAdmin ¶
func GetCRBAdmin() string
func GetCluster ¶
func GetCluster(userId string, userGroups []string, clusterName string, namespace string) (*clusterv1alpha1.ClusterManager, error)
func GetClusterClaim ¶
func GetClusterClaim(userId string, userGroups []string, clusterClaimName string, clusterClaimNamespace string) (*claimsv1alpha1.ClusterClaim, error)
func GetClusterUpdateClaim ¶
func GetClusterUpdateClaim(userId string, userGroups []string, cucName string, cucNamespace string) (*claimsv1alpha1.ClusterUpdateClaim, error)
func GetClusterWithoutSAR ¶
func GetClusterWithoutSAR(userId string, userGroups []string, clusterName string, namespace string) (*clusterv1alpha1.ClusterManager, error)
func GetFbc ¶
func GetFbc(namespace string, name string) (*configv1alpha1.FluentBitConfiguration, error)
func GetHyperAuthGroupByUser ¶
func GetHyperAuthUserDetail ¶
func GetPodListByLabel ¶
GetPodListByLabel returns a pod List using label and namespace. If you want to find pods through all namespace, pass "" for namespace parameter. If there is a pod list, it returns a list with 'true', if not, returns with 'false'
func IsAccessibleNS ¶
func ListAccessibleCluster ¶
func ListAccessibleCluster(userId string, userGroups []string) (*clusterv1alpha1.ClusterManagerList, error)
func ListAccessibleClusterClaims ¶
func ListAccessibleClusterClaims(userId string, userGroups []string, namespace string) (*claimsv1alpha1.ClusterClaimList, error)
func ListAllCluster ¶
func ListAllCluster(userId string, userGroups []string) (*clusterv1alpha1.ClusterManagerList, error)
func ListAllClusterClaims ¶
func ListAllClusterClaims(userId string, userGroups []string) (*claimsv1alpha1.ClusterClaimList, error)
func ListClusterInNamespace ¶
func ListClusterInNamespace(userId string, userGroups []string, namespace string) (*clusterv1alpha1.ClusterManagerList, error)
func ListClusterUpdateClaims ¶
func ListClusterUpdateClaims(userId string, userGroups []string) (*claimsv1alpha1.ClusterUpdateClaimList, error)
func ListClusterUpdateClaimsByNamespace ¶
func ListClusterUpdateClaimsByNamespace(userId string, userGroups []string, namespace string) (*claimsv1alpha1.ClusterUpdateClaimList, error)
func LoginAsAdmin ¶
func LoginAsAdmin() string
func ParseUserName ¶
func RemoveRemoteSecretInLocal ¶
func RemoveRemoteSecretInLocal(clusterManager *clusterv1alpha1.ClusterManager, subject string, attribute string) error
master cluster에 생성한 remote cluster의 service account secret token을 삭제
func RemoveRoleFromRemote ¶
func RemoveRoleFromRemote(clusterManager *clusterv1alpha1.ClusterManager, subject string, attribute string) error
remote cluster에 있는 jwt-decode-auth용, oidc용 clusterrolebinding 삭제
func RemoveSASecretFromRemote ¶
func RemoveSASecretFromRemote(clusterManager *clusterv1alpha1.ClusterManager, subject string, attribute string) error
remote cluster에 생성한 service account, service account secret 모두 삭제
func UpdateAuditResourceList ¶
func UpdateAuditResourceList()
func WatchK8sEvent ¶
func WatchK8sEvent()
Types ¶
This section is empty.