Documentation
¶
Index ¶
- func IsObjectRBACRelated(obj interface{}) (related bool, object runtime.Object)
- func IsServiceAccountToken(secret *v1.Secret, sa *v1.ServiceAccount) bool
- type BearerTokenRetriever
- type ClientAttenuator
- func (s *ClientAttenuator) AttenuateClient(querier ServiceAccountQuerierFunc) (kubeclient operatorclient.ClientInterface, crclient versioned.Interface, ...)
- func (s *ClientAttenuator) AttenuateClientWithServiceAccount(reference *corev1.ObjectReference) (kubeclient operatorclient.ClientInterface, crclient versioned.Interface, ...)
- func (s *ClientAttenuator) AttenuateOperatorClient(querier ServiceAccountQuerierFunc) (kubeclient operatorclient.ClientInterface, err error)
- type ServiceAccountQuerierFunc
- type UserDefinedServiceAccountQuerier
- type UserDefinedServiceAccountSyncer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsObjectRBACRelated ¶
func IsServiceAccountToken ¶
func IsServiceAccountToken(secret *v1.Secret, sa *v1.ServiceAccount) bool
IsServiceAccountToken returns true if the secret is a valid api token for the service account This has been copied from https://github.com/kubernetes/kubernetes/blob/master/pkg/serviceaccount/util.go
Types ¶
type BearerTokenRetriever ¶
type BearerTokenRetriever struct {
// contains filtered or unexported fields
}
BearerTokenRetriever retrieves bearer token from a service account.
func (*BearerTokenRetriever) Retrieve ¶
func (r *BearerTokenRetriever) Retrieve(reference *corev1.ObjectReference) (token string, err error)
Retrieve returns the bearer token for API access from a given service account reference.
type ClientAttenuator ¶
type ClientAttenuator struct {
// contains filtered or unexported fields
}
ClientAttenuator returns appropriately scoped client(s) to be used for an operator that is being installed.
func NewClientAttenuator ¶
func NewClientAttenuator(logger *logrus.Logger, config *rest.Config, kubeclient operatorclient.ClientInterface, crclient versioned.Interface, dynamicClient dynamic.Interface) *ClientAttenuator
NewClientAttenuator returns a new instance of ClientAttenuator.
func (*ClientAttenuator) AttenuateClient ¶
func (s *ClientAttenuator) AttenuateClient(querier ServiceAccountQuerierFunc) (kubeclient operatorclient.ClientInterface, crclient versioned.Interface, dynamicClient dynamic.Interface, err error)
AttenuateClient returns appropriately scoped client(s) to the caller.
client(s) that are bound to OLM cluster-admin role are returned if the querier returns no error and reference to a service account is nil. Otherwise an attempt is made to return attenuated client instance(s).
func (*ClientAttenuator) AttenuateClientWithServiceAccount ¶
func (s *ClientAttenuator) AttenuateClientWithServiceAccount(reference *corev1.ObjectReference) (kubeclient operatorclient.ClientInterface, crclient versioned.Interface, dynamicClient dynamic.Interface, err error)
AttenuateClientWithServiceAccount returns appropriately scoped client(s) to the caller.
client(s) that are bound to OLM cluster-admin role are returned if the querier returns no error and reference to a service account is nil. Otherwise an attempt is made to return attenuated client instance(s).
func (*ClientAttenuator) AttenuateOperatorClient ¶
func (s *ClientAttenuator) AttenuateOperatorClient(querier ServiceAccountQuerierFunc) (kubeclient operatorclient.ClientInterface, err error)
AttenuateOperatorClient returns a scoped operator client instance based on the service account returned by the querier specified.
type ServiceAccountQuerierFunc ¶
type ServiceAccountQuerierFunc func() (reference *corev1.ObjectReference, err error)
ServiceAccountQuerierFunc returns a reference to the service account from which scope client(s) can be created. This abstraction allows the attenuator to be agnostic of what the source of user specified service accounts are. A user can specify service account(s) for an operator group, subscription and CSV.
type UserDefinedServiceAccountQuerier ¶
type UserDefinedServiceAccountQuerier struct {
// contains filtered or unexported fields
}
UserDefinedServiceAccountQuerier retrieves reference to user defined service account(s).
func NewUserDefinedServiceAccountQuerier ¶
func NewUserDefinedServiceAccountQuerier(logger *logrus.Logger, crclient versioned.Interface) *UserDefinedServiceAccountQuerier
NewUserDefinedServiceAccountQuerier returns a new instance of UserDefinedServiceAccountQuerier.
func (*UserDefinedServiceAccountQuerier) NamespaceQuerier ¶
func (f *UserDefinedServiceAccountQuerier) NamespaceQuerier(namespace string) ServiceAccountQuerierFunc
NamespaceQuerier returns an instance of ServiceAccountQuerierFunc that can be used by the caller to get the reference to the service account associated with the namespace.
type UserDefinedServiceAccountSyncer ¶
type UserDefinedServiceAccountSyncer struct {
// contains filtered or unexported fields
}
UserDefinedServiceAccountSyncer syncs an operator group appropriately when a user defined service account is specified.
func NewUserDefinedServiceAccountSyncer ¶
func NewUserDefinedServiceAccountSyncer(logger *logrus.Logger, scheme *runtime.Scheme, client operatorclient.ClientInterface, versioned versioned.Interface) *UserDefinedServiceAccountSyncer
NewUserDefinedServiceAccountSyncer returns a new instance of UserDefinedServiceAccountSyncer.
func (*UserDefinedServiceAccountSyncer) SyncOperatorGroup ¶
func (s *UserDefinedServiceAccountSyncer) SyncOperatorGroup(in *v1.OperatorGroup) (out *v1.OperatorGroup, err error)
SyncOperatorGroup takes appropriate actions when a user specifies a service account.
Source Files