config

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 19, 2026 License: Apache-2.0 Imports: 34 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ControllerName = "pwo-config"

	ClusterIDOnboardingDynamic = "onboarding-dynamic"
)
View Source 
const (
	AdminRole  = "admin"
	ViewerRole = "viewer"
)

Variables

View Source 
var (
	BuiltinResourcesBlockingProjectDeletion = []DeletionBlockingResource{
		{
			GroupVersionKind: metav1.GroupVersionKind{
				Group:   pwov1alpha1.GroupVersion.Group,
				Version: pwov1alpha1.GroupVersion.Version,
				Kind:    "Workspace",
			},
			Source: pwov1alpha1.SourceBuiltin,
		},
	}
	BuiltinResourcesBlockingWorkspaceDeletion = []DeletionBlockingResource{
		{
			GroupVersionKind: metav1.GroupVersionKind{
				Group:   openmcpcorev2alpha1.GroupVersion.Group,
				Version: openmcpcorev2alpha1.GroupVersion.Version,
				Kind:    "ManagedControlPlaneV2",
			},
			Source: pwov1alpha1.SourceBuiltin,
		},
	}
	BuiltinPermissibleProjectResources = APIGroupsWithResourcesList{
		{
			APIGroups: []string{pwov1alpha1.GroupVersion.String()},
			Resources: []string{"workspaces"},
		},
	}
	BuiltinPermissibleWorkspaceResources = APIGroupsWithResourcesList{
		{
			APIGroups: []string{openmcpcorev2alpha1.GroupVersion.String()},
			Resources: []string{"managedcontrolplanev2s"},
		},
	}
)

Functions

func ProjectMemberRoleToRoleID 

func ProjectMemberRoleToRoleID(role pwov1alpha1.ProjectMemberRole) string

func WorkspaceMemberRoleToRoleID 

func WorkspaceMemberRoleToRoleID(role pwov1alpha1.WorkspaceMemberRole) string

Types

type APIGroupsWithResources 

type APIGroupsWithResources struct {
	APIGroups []string
	Resources []string
}

type APIGroupsWithResourcesList 

type APIGroupsWithResourcesList []APIGroupsWithResources

func (APIGroupsWithResourcesList) Append 

func (l APIGroupsWithResourcesList) Append(elems ...APIGroupsWithResources) APIGroupsWithResourcesList

Append appends the given elements to the list and returns the new list. If there is already an entry with the same apiGroups, the resources are merged. Otherwise, a new entry is appended.

type DeletionBlockingResource 

type DeletionBlockingResource struct {
	// This is the GroupVersionKind of the resource that should block deletion.
	metav1.GroupVersionKind `json:",inline"`
	// Source is where this GVK comes from, e.g. config or a service provider. It is used for logging purposes.
	Source string `json:"source"`
}

DeletionBlockingResource represents a resource that should block deletion of a project or workspace. It contains the GroupVersionKind of the resource and the source of this information for logging purposes.

func (*DeletionBlockingResource) DeepCopy 

func (dbr *DeletionBlockingResource) DeepCopy() *DeletionBlockingResource

type FakeSharedInformation 

type FakeSharedInformation struct {
	// contains filtered or unexported fields
}

FakeSharedInformation is a dummy implementation of the SharedInformation interface. It is meant for unit tests and should not be used anywhere else.

func NewFakeSharedInformation 

func NewFakeSharedInformation(onboardingClient client.Client, projectPermissionsByRole map[string][]rbacv1.PolicyRule, workspacePermissionsByRole map[string][]rbacv1.PolicyRule, resourcesBlockingProjectDeletion []DeletionBlockingResource, resourcesBlockingWorkspaceDeletion []DeletionBlockingResource) *FakeSharedInformation

func (*FakeSharedInformation) OnboardingClusterDynamic 

func (f *FakeSharedInformation) OnboardingClusterDynamic(ctx context.Context) (*clusters.Cluster, error)

OnboardingClusterDynamic implements SharedInformation.

func (*FakeSharedInformation) OnboardingClusterStatic 

func (f *FakeSharedInformation) OnboardingClusterStatic(ctx context.Context) (*clusters.Cluster, error)

OnboardingClusterStatic implements SharedInformation.

func (*FakeSharedInformation) ProjectPermissionsForRole 

func (f *FakeSharedInformation) ProjectPermissionsForRole(ctx context.Context, roleID string) ([]rbacv1.PolicyRule, error)

ProjectPermissionsForRole implements SharedInformation.

func (*FakeSharedInformation) ResourcesBlockingProjectDeletion 

func (f *FakeSharedInformation) ResourcesBlockingProjectDeletion(ctx context.Context) ([]DeletionBlockingResource, error)

ResourcesBlockingProjectDeletion implements SharedInformation.

func (*FakeSharedInformation) ResourcesBlockingWorkspaceDeletion 

func (f *FakeSharedInformation) ResourcesBlockingWorkspaceDeletion(ctx context.Context) ([]DeletionBlockingResource, error)

ResourcesBlockingWorkspaceDeletion implements SharedInformation.

func (*FakeSharedInformation) WorkspacePermissionsForRole 

func (f *FakeSharedInformation) WorkspacePermissionsForRole(ctx context.Context, roleID string) ([]rbacv1.PolicyRule, error)

WorkspacePermissionsForRole implements SharedInformation.

type PWOConfigController 

type PWOConfigController struct {
	Car advanced.ClusterAccessReconciler

	OnboardingClusterAccessStatic *clusters.Cluster
	DiscoveryService              discovery.DiscoveryInterface
	// contains filtered or unexported fields
}

func NewPWOConfigController 

func NewPWOConfigController(providerName string, platformCluster *clusters.Cluster, onboardingClusterStatic *clusters.Cluster, onboardingClusterRef *commonapi.ObjectReference, rec record.EventRecorder, podNamespace string) (*PWOConfigController, error)

NewPWOConfigController creates a new PWOConfigController. This controller has the following responsibilities: - It watches the ProjectWorkspaceConfig resource belonging to this instance of the PlatformService PWO and reloads it on changes. - It watches ServiceProvider resources for their registered resource types in their status and updates permissions and blocking resources accordingly. - It can trigger project and workspace reconciliations via the passed-in channels if the config changes in a way that requires it. - It implements the SharedInformation interface, so that other controllers can query it for the current configuration. - It reconciles the OnboardingCluster AccessRequests for the project and workspace controllers to ensure they can always fetch the the resources that are supposed to block deletion.

Note that this is a pure v2 controller. It does neither work for v1, nor is it required, because in v1 all of this information is statically read from a file.

func (*PWOConfigController) OnboardingClusterDynamic 

func (c *PWOConfigController) OnboardingClusterDynamic(ctx context.Context) (*clusters.Cluster, error)

func (*PWOConfigController) OnboardingClusterStatic 

func (c *PWOConfigController) OnboardingClusterStatic(ctx context.Context) (*clusters.Cluster, error)

func (*PWOConfigController) ProjectPermissionsForRole 

func (c *PWOConfigController) ProjectPermissionsForRole(ctx context.Context, roleID string) ([]rbacv1.PolicyRule, error)

func (*PWOConfigController) Reconcile 

func (c *PWOConfigController) Reconcile(ctx context.Context, req reconcile.Request) (reconcile.Result, error)

func (*PWOConfigController) ResourcesBlockingProjectDeletion 

func (c *PWOConfigController) ResourcesBlockingProjectDeletion(ctx context.Context) ([]DeletionBlockingResource, error)

func (*PWOConfigController) ResourcesBlockingWorkspaceDeletion 

func (c *PWOConfigController) ResourcesBlockingWorkspaceDeletion(ctx context.Context) ([]DeletionBlockingResource, error)

func (*PWOConfigController) SetupWithManager 

func (c *PWOConfigController) SetupWithManager(mgr ctrl.Manager) error

func (*PWOConfigController) WorkspacePermissionsForRole 

func (c *PWOConfigController) WorkspacePermissionsForRole(ctx context.Context, roleID string) ([]rbacv1.PolicyRule, error)

type SharedInformation 

type SharedInformation interface {
	// ResourcesBlockingProjectDeletion returns a list of resources that should block project deletion.
	// Each entry is a GroupVersionKind with an additional 'Source' field containing a string representation of the source of this information (e.g. config or a service provider).
	ResourcesBlockingProjectDeletion(ctx context.Context) ([]DeletionBlockingResource, error)
	// ResourcesBlockingWorkspaceDeletion returns a list of resources that should block workspace deletion.
	// Each entry is a GroupVersionKind with an additional 'Source' field containing a string representation of the source of this information (e.g. config or a service provider).
	ResourcesBlockingWorkspaceDeletion(ctx context.Context) ([]DeletionBlockingResource, error)

	// ProjectPermissionsForRole returns the permissions that users with the given role should have in a project namespace.
	ProjectPermissionsForRole(ctx context.Context, roleID string) ([]rbacv1.PolicyRule, error)
	// WorkspacePermissionsForRole returns the permissions that users with the given role should have in a workspace namespace.
	WorkspacePermissionsForRole(ctx context.Context, roleID string) ([]rbacv1.PolicyRule, error)

	// OnboardingClusterStatic returns the static access to the onboarding cluster.
	// It has permissions for namespaces, rbac resources, CRDs, and Project/Workspace resources.
	// For listing resources that potentially block deletion of projects or workspaces, the dynamic client needs to be used.
	OnboardingClusterStatic(ctx context.Context) (*clusters.Cluster, error)
	// OnboardingClusterDynamic returns the dynamic access to the onboarding cluster.
	// It is regularly updated to include get permissions for all resources that might block deletion of projects or workspaces.
	// For interacting with any other resource, the static client needs to be used.
	OnboardingClusterDynamic(ctx context.Context) (*clusters.Cluster, error)
}

SharedInformation holds information that is required by multiple controllers. There should be one instance which every controller can access. The implementation has to be thread-safe.

This is an interface so that we can implement a v1 version (where the information is static) and a v2 version (where this is populated by the config controller). This avoids having v1/v2 splits in the actual controller code.

type V1Config 

type V1Config struct {
	// contains filtered or unexported fields
}

func NewV1Config 

func NewV1Config(onboardingClusterConfig *rest.Config, cfg *pwov1alpha1.ProjectWorkspaceConfig) (*V1Config, error)

func (*V1Config) OnboardingClusterDynamic 

func (v *V1Config) OnboardingClusterDynamic(ctx context.Context) (*clusters.Cluster, error)

func (*V1Config) OnboardingClusterStatic 

func (v *V1Config) OnboardingClusterStatic(ctx context.Context) (*clusters.Cluster, error)

func (*V1Config) ProjectPermissionsForRole 

func (v *V1Config) ProjectPermissionsForRole(ctx context.Context, roleID string) ([]rbacv1.PolicyRule, error)

ProjectPermissionsForRole implements SharedInformation.

func (*V1Config) ResourcesBlockingProjectDeletion 

func (v *V1Config) ResourcesBlockingProjectDeletion(ctx context.Context) ([]DeletionBlockingResource, error)

ResourcesBlockingProjectDeletion implements SharedInformation.

func (*V1Config) ResourcesBlockingWorkspaceDeletion 

func (v *V1Config) ResourcesBlockingWorkspaceDeletion(ctx context.Context) ([]DeletionBlockingResource, error)

ResourcesBlockingWorkspaceDeletion implements SharedInformation.

func (*V1Config) WorkspacePermissionsForRole 

func (v *V1Config) WorkspacePermissionsForRole(ctx context.Context, roleID string) ([]rbacv1.PolicyRule, error)

WorkspacePermissionsForRole implements SharedInformation.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.