advanced

package
v0.15.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 14, 2025 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// FakingCallback_WaitingForAccessRequestReadiness is a key for a faking callback that is called when the reconciler is waiting for the AccessRequest to be granted.
	// Note that the execution happens directly before the return of the reconcile function (with a requeue). This means that the reconciliation needs to run a second time to pick up the changes made in the callback.
	FakingCallback_WaitingForAccessRequestReadiness = "WaitingForAccessRequestReadiness"
	// FakingCallback_WaitingForClusterRequestReadiness is a key for a faking callback that is called when the reconciler is waiting for the ClusterRequest to be granted.
	// Note that the execution happens directly before the return of the reconcile function (with a requeue). This means that the reconciliation needs to run a second time to pick up the changes made in the callback.
	FakingCallback_WaitingForClusterRequestReadiness = "WaitingForClusterRequestReadiness"
	// FakingCallback_WaitingForAccessRequestDeletion is a key for a faking callback that is called when the reconciler is waiting for the AccessRequest to be deleted.
	// Note that the execution happens directly before the return of the reconcile function (with a requeue). This means that the reconciliation needs to run a second time to pick up the changes made in the callback.
	FakingCallback_WaitingForAccessRequestDeletion = "WaitingForAccessRequestDeletion"
	// FakingCallback_WaitingForClusterRequestDeletion is a key for a faking callback that is called when the reconciler is waiting for the ClusterRequest to be deleted.
	// Note that the execution happens directly before the return of the reconcile function (with a requeue). This means that the reconciliation needs to run a second time to pick up the changes made in the callback.
	FakingCallback_WaitingForClusterRequestDeletion = "WaitingForClusterRequestDeletion"
)

Variables

This section is empty.

Functions

func AccessFromAccessRequest 

func AccessFromAccessRequest(ctx context.Context, platformClusterClient client.Client, id string, scheme *runtime.Scheme, ar *clustersv1alpha1.AccessRequest) (*clusters.Cluster, error)

AccessFromAccessRequest provides access to a k8s cluster based on the given AccessRequest.

func DefaultManagedLabelGenerator 

func DefaultManagedLabelGenerator(controllerName string, req reconcile.Request, reg ClusterRegistration) (string, string, map[string]string)

func DefaultNamespaceGenerator 

func DefaultNamespaceGenerator(req reconcile.Request, _ ...any) (string, error)

DefaultNamespaceGenerator is a default implementation of a namespace generator. It computes a UUID-style hash from the given request.

func DefaultNamespaceGeneratorForMCP 

func DefaultNamespaceGeneratorForMCP(req reconcile.Request, _ ...any) (string, error)

DefaultNamespaceGeneratorForMCP is a default implementation of a namespace generator for MCPs. It computes a UUID-style hash from the given request and prefixes it with "mcp--".

func IdentityReferenceGenerator 

func IdentityReferenceGenerator(req reconcile.Request, _ ...any) (*commonapi.ObjectReference, error)

IdentityReferenceGenerator is an ObjectReference generator that returns a reference that is identical to the request (name and namespace).

func RequestNamespaceGenerator 

func RequestNamespaceGenerator(req reconcile.Request, _ ...any) (string, error)

RequestNamespaceGenerator is a namespace generator that returns the namespace of the request.

func StableRequestName 

func StableRequestName(controllerName string, request reconcile.Request, suffix string) string

StableRequestName generates a stable name for a Cluster- or AccessRequest related to an MCP. This basically results in '<lowercase_controller_name>--<request_name>--<lowercase_suffix>'. If the resulting string exceeds the Kubernetes name length limit of 63 characters, it will be truncated with the last characters (excluding the suffix) replaced by a hash of what was removed. If the suffix is empty, it will be omitted (and the preceding hyphen as well).

func StableRequestNameFromLocalName 

func StableRequestNameFromLocalName(controllerName, localName, suffix string) string

StableRequestNameFromLocalName works like StableRequestName but takes a local name directly instead of a reconcile.Request. localName is converted to lowercase before processing.

func StaticClusterRequestSpecGenerator 

func StaticClusterRequestSpecGenerator(spec *clustersv1alpha1.ClusterRequestSpec) func(reconcile.Request, ...any) (*clustersv1alpha1.ClusterRequestSpec, error)

StaticClusterRequestSpecGenerator is a helper function that returns a ClusterRequestSpec generator which just returns deep copies of the given spec.

func StaticNamespaceGenerator 

func StaticNamespaceGenerator(namespace string) func(reconcile.Request, ...any) (string, error)

StaticNamespaceGenerator returns a namespace generator that always returns the same namespace.

func StaticReferenceGenerator 

func StaticReferenceGenerator(ref *commonapi.ObjectReference) func(reconcile.Request, ...any) (*commonapi.ObjectReference, error)

StaticReferenceGenerator is a helper function that returns an ObjectReference generator which just returns a deep copy of the given reference.

Types

type ClusterAccessReconciler 

type ClusterAccessReconciler interface {
	// Register registers a cluster to be managed by the reconciler.
	// No-op if reg is nil.
	// Overwrites any previous registration with the same ID.
	Register(reg ClusterRegistration) ClusterAccessReconciler
	// Unregister unregisters a cluster from being managed by the reconciler.
	// No-op if no registration with the given ID exists.
	Unregister(id string) ClusterAccessReconciler
	// WithRetryInterval sets the retry interval.
	WithRetryInterval(interval time.Duration) ClusterAccessReconciler
	// WithManagedLabels allows to overwrite the managed-by and managed-purpose labels that are set on the created resources.
	// Note that the implementation might depend on these labels to identify the resources it created,
	// so changing them might lead to unexpected behavior. They also must be unique within the context of this reconciler.
	// Use with caution.
	WithManagedLabels(gen ManagedLabelGenerator) ClusterAccessReconciler

	// Access returns an internal Cluster object granting access to the cluster for the specified request with the specified id.
	// Will fail if the cluster is not registered or no AccessRequest is registered for the cluster, or if some other error occurs.
	Access(ctx context.Context, request reconcile.Request, id string, additionalData ...any) (*clusters.Cluster, error)
	// AccessRequest fetches the AccessRequest object for the cluster for the specified request with the specified id.
	// Will fail if the cluster is not registered or no AccessRequest is registered for the cluster, or if some other error occurs.
	// The same additionalData must be passed into all methods of this ClusterAccessReconciler for the same request and id.
	AccessRequest(ctx context.Context, request reconcile.Request, id string, additionalData ...any) (*clustersv1alpha1.AccessRequest, error)
	// ClusterRequest fetches the ClusterRequest object for the cluster for the specified request with the specified id.
	// Will fail if the cluster is not registered or no ClusterRequest is registered for the cluster, or if some other error occurs.
	// The same additionalData must be passed into all methods of this ClusterAccessReconciler for the same request and id.
	ClusterRequest(ctx context.Context, request reconcile.Request, id string, additionalData ...any) (*clustersv1alpha1.ClusterRequest, error)
	// Cluster fetches the external Cluster object for the cluster for the specified request with the specified id.
	// Will fail if the cluster is not registered or no Cluster can be determined, or if some other error occurs.
	// The same additionalData must be passed into all methods of this ClusterAccessReconciler for the same request and id.
	Cluster(ctx context.Context, request reconcile.Request, id string, additionalData ...any) (*clustersv1alpha1.Cluster, error)

	// Reconcile creates the ClusterRequests and/or AccessRequests for the registered clusters.
	// This function should be called during all reconciliations of the reconciled object.
	// ctx is the context for the reconciliation.
	// request is the object that is being reconciled
	// It returns a reconcile.Result and an error if the reconciliation failed.
	// The reconcile.Result may contain a RequeueAfter value to indicate that the reconciliation should be retried after a certain duration.
	// The duration is set by the WithRetryInterval method.
	// Any additional arguments provided are passed into all methods of the ClusterRegistration objects that are called.
	Reconcile(ctx context.Context, request reconcile.Request, additionalData ...any) (reconcile.Result, error)
	// ReconcileDelete deletes the ClusterRequests and/or AccessRequests for the registered clusters.
	// This function should be called during the deletion of the reconciled object.
	// ctx is the context for the reconciliation.
	// request is the object that is being reconciled
	// It returns a reconcile.Result and an error if the reconciliation failed.
	// The reconcile.Result may contain a RequeueAfter value to indicate that the reconciliation should be retried after a certain duration.
	// The duration is set by the WithRetryInterval method.
	// Any additional arguments provided are passed into all methods of the ClusterRegistration objects that are called.
	ReconcileDelete(ctx context.Context, request reconcile.Request, additionalData ...any) (reconcile.Result, error)

	// WithFakingCallback passes a callback function with a specific key.
	// The available keys depend on the implementation.
	// The key determines when the callback function is executed.
	// This feature is meant for unit testing, where usually no ClusterProvider, which could answer ClusterRequests and AccessRequests, is running.
	WithFakingCallback(key string, callback FakingCallback) ClusterAccessReconciler
}

ClusterAccessReconciler is an interface for reconciling access k8s clusters based on the openMCP 'Cluster' API. It can create ClusterRequests and/or AccessRequests for an amount of clusters.

func NewClusterAccessReconciler 

func NewClusterAccessReconciler(platformClusterClient client.Client, controllerName string) ClusterAccessReconciler

NewClusterAccessReconciler creates a new Cluster Access Reconciler. Note that it needs to be configured further by calling its Register method and optionally its builder-like With* methods. This is meant to be instantiated and configured once during controller setup and then its Reconcile or ReconcileDelete methods should be called during each reconciliation of the controller.

type ClusterRegistration 

type ClusterRegistration interface {
	// ID is the unique identifier for the cluster.
	ID() string
	// Suffix is the suffix to be used for the names of the created resources.
	// It must be unique within the context of the reconciler.
	// If empty, the ID will be used as suffix.
	Suffix() string
	// Scheme is the scheme for the Kubernetes client of the cluster.
	// If nil, the default scheme will be used.
	Scheme() *runtime.Scheme
	// AccessRequestAvailable returns true if an AccessRequest can be retrieved from this registration.
	AccessRequestAvailable() bool
	// ClusterRequestAvailable returns true if a ClusterRequest can be retrieved from this registration.
	ClusterRequestAvailable() bool
	// Parameterize turns this ClusterRegistration into a ParamterizedClusterRegistration.
	Parameterize(req reconcile.Request, additionalData ...any) ParameterizedClusterRegistration
}

type ClusterRegistrationBuilder 

type ClusterRegistrationBuilder interface {
	// WithTokenAccess enables an AccessRequest for token-based access to be created for the cluster.
	// Use this method, if the token configuration does not depend on the reconcile request, use WithTokenAccessGenerator otherwise.
	// Calling this method will override any previous calls to WithTokenAccess, WithTokenAccessGenerator, WithOIDCAccess, or WithOIDCAccessGenerator.
	// Passing in a nil cfg will disable AccessRequest creation, if it was token-based before, and have no effect if it was OIDC-based before.
	WithTokenAccess(cfg *clustersv1alpha1.TokenConfig) ClusterRegistrationBuilder
	// WithTokenAccessGenerator is like WithTokenAccess, but takes a function that generates the TokenConfig based on the reconcile request.
	// Calling this method will override any previous calls to WithTokenAccess, WithTokenAccessGenerator, WithOIDCAccess, or WithOIDCAccessGenerator.
	// Passing in a nil function will disable AccessRequest creation, if it was token-based before, and have no effect if it was OIDC-based before.
	WithTokenAccessGenerator(f func(req reconcile.Request, additionalData ...any) (*clustersv1alpha1.TokenConfig, error)) ClusterRegistrationBuilder
	// WithOIDCAccess enables an AccessRequest for OIDC-based access to be created for the cluster.
	// Use this method, if the OIDC configuration does not depend on the reconcile request, use WithOIDCAccessGenerator otherwise.
	// Calling this method will override any previous calls to WithTokenAccess, WithTokenAccessGenerator, WithOIDCAccess, or WithOIDCAccessGenerator.
	// Passing in a nil cfg will disable AccessRequest creation, if it was OIDC-based before, and have no effect if it was token-based before.
	WithOIDCAccess(cfg *clustersv1alpha1.OIDCConfig) ClusterRegistrationBuilder
	// WithOIDCAccessGenerator is like WithOIDCAccess, but takes a function that generates the OIDCConfig based on the reconcile request.
	// Calling this method will override any previous calls to WithTokenAccess, WithTokenAccessGenerator, WithOIDCAccess, or WithOIDCAccessGenerator.
	// Passing in a nil function will disable AccessRequest creation, if it was OIDC-based before, and have no effect if it was token-based before.
	WithOIDCAccessGenerator(f func(req reconcile.Request, additionalData ...any) (*clustersv1alpha1.OIDCConfig, error)) ClusterRegistrationBuilder
	// WithScheme sets the scheme for the Kubernetes client of the cluster.
	// If not set or set to nil, the default scheme will be used.
	WithScheme(scheme *runtime.Scheme) ClusterRegistrationBuilder
	// WithNamespaceGenerator sets the function that generates the namespace on the Platform cluster to use for the created requests.
	WithNamespaceGenerator(f func(req reconcile.Request, additionalData ...any) (string, error)) ClusterRegistrationBuilder
	// Build builds the ClusterRegistration object.
	Build() ClusterRegistration
}

func ExistingCluster 

func ExistingCluster(id, suffix string, generateClusterRef ObjectReferenceGenerator) ClusterRegistrationBuilder

ExistingCluster instructs the Reconciler to use an existing Cluster resource. The given generateClusterRef function is used to generate the reference to the Cluster resource.

func ExistingClusterRequest 

func ExistingClusterRequest(id, suffix string, generateClusterRequestRef ObjectReferenceGenerator) ClusterRegistrationBuilder

ExistingClusterRequest instructs the Reconciler to use an existing Cluster resource that is referenced by the given ClusterRequest. The given generateClusterRequestRef function is used to generate the reference to the ClusterRequest resource.

func NewClusterRequest 

func NewClusterRequest(id, suffix string, generateClusterRequestSpec ClusterRequestSpecGenerator) ClusterRegistrationBuilder

NewClusterRequest instructs the Reconciler to create and manage a new ClusterRequest.

type ClusterRequestSpecGenerator 

type ClusterRequestSpecGenerator func(req reconcile.Request, additionalData ...any) (*clustersv1alpha1.ClusterRequestSpec, error)

ClusterRequestSpecGenerator is a function that takes the reconcile.Request and arbitrary additional arguments and generates a ClusterRequestSpec. Request and additional arguments depend on the arguments the ClusterAccessReconciler's Reconcile method is called with.

type FakingCallback 

type FakingCallback func(ctx context.Context, platformClusterClient client.Client, key string, req *reconcile.Request, cr *clustersv1alpha1.ClusterRequest, ar *clustersv1alpha1.AccessRequest, c *clustersv1alpha1.Cluster, access *clusters.Cluster) error

FakingCallback is a function that allows to mock a desired state for unit testing.

The idea behind this is: Before running any reconciliation logic in a unit tests, make sure to pass these callback functions to the cluster access reconciler implementation. During the reocncile, the cluster access reconciler will call these functions at specific points, e.g. when it is waiting for an AccessRequest to be approved. The time of the execution depends on the key and the implementation of the cluster access reconciler. In the callback function, modify the cluster state as desired by mocking actions usually performed by external operators, e.g. set the AccessRequest to approved.

Note that most of the arguments can be nil, depending on when the callback is executed. The arguments are: - ctx is the context, which is required for interacting with the cluster. - platformClusterClient is the client for the platform cluster. - key is the key that determined the execution of the callback. - req is the reconcile.Request that triggered the reconciliation, if known. - cr is the ClusterRequest related to the cluster access reconciliation, if known. - ar is the AccessRequest related to the cluster access reconciliation, if known. - c is the Cluster related to the cluster access reconciliation, if known. - access is the access to the cluster, if already retrieved.

func FakeAccessRequestDeletion 

func FakeAccessRequestDeletion(finalizersToRemoveFromAccessRequest, finalizersToRemoveFromSecret []string) FakingCallback

FakeAccessRequestDeletion returns a faking callback that removes finalizers from the given AccessRequest and deletes the referenced Secret, if it exists. The callback is a no-op if the AccessRequest is already nil (not found). It returns an error if the AccessRequest is non-nil but cannot be deleted. All finalizers from the finalizersToRemove* slices will be removed from the AccessRequest and/or Secret before deletion. The AccessRequest itself is not deleted by this callback, only finalizers are removed.

The returned callback is meant to be used with the key stored in FakingCallback_WaitingForAccessRequestDeletion.

func FakeAccessRequestReadiness 

func FakeAccessRequestReadiness(kcfgData []byte) FakingCallback

FakeAccessRequestReadiness returns a faking callback that sets the AccessRequest to 'Granted'. If kcfgData is not nil or empty, it will be used as 'kubeconfig' data in the secret referenced by the AccessRequest. Otherwise, the content of the kubeconfig key will just be 'fake'. The callback is a no-op if the AccessRequest is already granted (Secret reference and existence are not checked in this case). It returns an error if the AccessRequest is nil.

The returned callback is meant to be used with the key stored in FakingCallback_WaitingForAccessRequestReadiness.

func FakeClusterRequestDeletion 

func FakeClusterRequestDeletion(deleteCluster bool, finalizersToRemoveFromClusterRequest, finalizersToRemoveFromCluster []string) FakingCallback

FakeClusterRequestDeletion returns a faking callback that removes finalizers from the given ClusterRequest and potentially deletes the referenced Cluster. The callback is a no-op if the ClusterRequest is already nil (not found). If deleteCluster is true, the Cluster referenced by the ClusterRequest will be deleted, if it exists. All finalizers from the finalizersToRemove* slices will be removed from the ClusterRequest and/or Cluster before deletion. The ClusterRequest itself is not deleted by this callback, only finalizers are removed.

The returned callback is meant to be used with the key stored in FakingCallback_WaitingForClusterRequestDeletion.

func FakeClusterRequestReadiness 

func FakeClusterRequestReadiness(clusterSpec *clustersv1alpha1.ClusterSpec) FakingCallback

FakeClusterRequestReadiness returns a faking callback that sets the ClusterRequest to 'Granted'. If the given ClusterSpec is not nil, it creates a corresponding Cluster next to the ClusterRequest, if it doesn't exist yet. If during the callback, the Cluster is non-nil, with a non-empty name and namespace, but doesn't exist yet, it will be created with the data from the Cluster, ignoring the given ClusterSpec. Otherwise, only the ClusterRequest's status is modified. The callback is a no-op if the ClusterRequest is already granted (Cluster reference and existence are not checked in this case). It returns an error if the ClusterRequest is nil.

The returned callback is meant to be used with the key stored in FakingCallback_WaitingForClusterRequestReadiness.

type ManagedLabelGenerator 

type ManagedLabelGenerator func(controllerName string, req reconcile.Request, reg ClusterRegistration) (string, string, map[string]string)

ManagedLabelGenerator is a function that generates the managed-by and managed-purpose labels for the created resources. The first return value is the value for the managed-by label, the second one is the value for the managed-purpose label. The third return value can be nil, or it can contain additional labels to be set on the created resources.

type ObjectReferenceGenerator 

type ObjectReferenceGenerator func(req reconcile.Request, additionalData ...any) (*commonapi.ObjectReference, error)

ObjectReferenceGenerator is a function that takes the reconcile.Request and arbitrary additional arguments and generates an ObjectReference. Request and additional arguments depend on the arguments the ClusterAccessReconciler's Reconcile method is called with. The kind of the object the reference refers to depends on the method the function is passed into.

type ParameterizedClusterRegistration 

type ParameterizedClusterRegistration interface {
	ClusterRegistration

	// AccessRequestTokenConfig is the token configuration for the AccessRequest to be created for the cluster.
	// Might be nil if no AccessRequest should be created or if OIDC access is used.
	// Only one of AccessRequestTokenConfig and AccessRequestOIDCConfig should be non-nil.
	AccessRequestTokenConfig() (*clustersv1alpha1.TokenConfig, error)
	// AccessRequestOIDCConfig is the OIDC configuration for the AccessRequest to be created for the cluster.
	// Might be nil if no AccessRequest should be created or if token-based access is used.
	// Only one of AccessRequestTokenConfig and AccessRequestOIDCConfig should be non-nil.
	AccessRequestOIDCConfig() (*clustersv1alpha1.OIDCConfig, error)
	// ClusterRequestSpec is the spec for the ClusterRequest to be created for the cluster.
	// It is nil if no ClusterRequest should be created.
	// Only one of ClusterRequestSpec, ClusterReference and ClusterRequestReference should be non-nil.
	ClusterRequestSpec() (*clustersv1alpha1.ClusterRequestSpec, error)
	// ClusterReference returns name and namespace of an existing Cluster resource.
	// It is nil if a new ClusterRequest should be created or if the Cluster is referenced by an existing ClusterRequest.
	// Only one of ClusterRequestSpec, ClusterReference and ClusterRequestReference should be non-nil.
	ClusterReference() (*commonapi.ObjectReference, error)
	// ClusterRequestReference returns name and namespace of the ClusterRequest resource.
	// It is nil if a new ClusterRequest should be created or if the Cluster is referenced directly.
	// Only one of ClusterRequestSpec, ClusterReference and ClusterRequestReference should be non-nil.
	ClusterRequestReference() (*commonapi.ObjectReference, error)
	// Namespace generates the namespace on the Platform cluster to use for the created requests.
	// The generated namespace is expected be unique within the context of the reconciler.
	Namespace() (string, error)
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.