Documentation
¶
Index ¶
Constants ¶
const (
EnvVarsAnnotationKey = "credentials.openshift.io/role-arns-vars"
)
Variables ¶
This section is empty.
Functions ¶
func NewCredentialsRequestController ¶
func NewCredentialsRequestController( name, targetNamespace string, manifest []byte, dynamicClient dynamic.Interface, operatorClient v1helpers.OperatorClientWithFinalizers, operatorInformer operatorinformer.SharedInformerFactory, recorder events.Recorder, hooks ...CredentialsRequestHook, ) factory.Controller
NewCredentialsRequestController returns a CredentialsRequestController.
Types ¶
type CredentialsRequestController ¶
type CredentialsRequestController struct {
// contains filtered or unexported fields
}
CredentialsRequestController is a simple controller that maintains a CredentialsRequest static manifest. It uses unstructured.Unstructured as currently there's no API type for this resource. This controller produces the following conditions: <name>Available: indicates that the secret was successfully provisioned by cloud-credential-operator. <name>Progressing: indicates that the secret is yet to be provisioned by cloud-credential-operator. <name>Degraded: produced when the sync() method returns an error. The controller does not sync the CredentialsRequest if the cloud-credential-operator is in manual mode and STS (or other short-term credentials) are not enabled, or STS is enabled, but the controller does not see required env. vars set. For AWS STS, the controller needs ROLEARN env. var set. For GCP WIF, the controller needs POOL_ID, PROVIDER_ID, SERVICE_ACCOUNT_EMAIL, PROJECT_NUMBER env. vars set. The controller also supports a custom annotation "credentials.openshift.io/role-arns-vars" on the CredentialsRequest that allows to specify the comma-separated list of env. vars that should be used to set the role ARNs.
type CredentialsRequestHook ¶
type CredentialsRequestHook func(*opv1.OperatorSpec, *unstructured.Unstructured) error