Documentation
¶
Overview ¶
Package builders provides "Builders" for Access Requests
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrRequestDurationInvalid = errors.New("access request duration invalid")
ErrRequestDurationInvalid indicates that the requested access duration is an invalid time string.
View Source
var ErrRequestDurationTooLong = errors.New(
"access request duration longer than template maximum duration",
)
ErrRequestDurationTooLong indicates that the Access Request's "duration" field is longer than the target templates "maxDuration" field.
View Source
var ErrRequestExpired = errors.New("access expired")
ErrRequestExpired indicates that the Access Request has expired
View Source
var ErrTemplateDoesNotExist = errors.New("template does not exist")
ErrTemplateDoesNotExist indicates that the TargetTemplate for the Access Request does not exist and therefore the Access Request cannot be satisified.
Functions ¶
This section is empty.
Types ¶
type IBuilder ¶
type IBuilder interface {
// GetTemplate checks whether or not the TargetTemplate actually exists
GetTemplate(
ctx context.Context,
client client.Client,
req v1alpha1.IRequestResource,
) (v1alpha1.ITemplateResource, error)
// GetAccessDuration checks the durations of the Access Request against the Template.
GetAccessDuration(
req v1alpha1.IRequestResource,
tmpl v1alpha1.ITemplateResource,
) (duration time.Duration, decision string, err error)
// SetRequestOwnerReference ensures that if the TargetTemplate is ever deleted,
// that all of the Access Requests pointing to it are also automatically
// deleted, which automatically cascades down to delete all of the access
// resources.
//
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/
SetRequestOwnerReference(
ctx context.Context,
client client.Client,
req v1alpha1.IRequestResource,
tmpl v1alpha1.ITemplateResource,
) error
// CreateAccessResources is the heavy lifter in an Access Builder - it is
// responsible for creating any access resources required to satisfy the
// access request. All resources created by this function must have an
// OwnerReference set to the Access Request to ensure proper cleanup.
CreateAccessResources(
ctx context.Context,
client client.Client,
req v1alpha1.IRequestResource,
tmpl v1alpha1.ITemplateResource,
) (string, error)
// AccessResourcesAreReady returns an indication of whether the resources
// are fully ready. For some this function may just return True right away
// (in the case of creating only a Role/RoleBinding). In other cases there
// may be work to check if the status of a resource is completed (eg,
// waiting for a Pod to become Ready).
AccessResourcesAreReady(
ctx context.Context,
client client.Client,
req v1alpha1.IRequestResource,
tmpl v1alpha1.ITemplateResource,
) (bool, error)
}
IBuilder defines an interface that our RequestController can use to manage Access Request resources
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package execaccessbuilder implements the IBuilder interface for ExecAccessRequest resources
|
Package execaccessbuilder implements the IBuilder interface for ExecAccessRequest resources |
|
internal
Package podselection contains pod selection logic for the execaccessbuilder.
|
Package podselection contains pod selection logic for the execaccessbuilder. |
|
Package podaccessbuilder implements the IBuilder interface for PodAccessRequest resources
|
Package podaccessbuilder implements the IBuilder interface for PodAccessRequest resources |
|
internal
Package helpers contains helper functions for the podaccessbuilder.
|
Package helpers contains helper functions for the podaccessbuilder. |
|
Package bldutil provides a set of utility functions that make implementing the IBuilder interface easier.
|
Package bldutil provides a set of utility functions that make implementing the IBuilder interface easier. |
Click to show internal directories.
Click to hide internal directories.