Golang CheckMountedSecrets Beispiele

Programmiersprache: Golang

Namespace / Paketname: github.com/openshift/origin/pkg/api/kubegraph/analysis

Methode / Funktion: CheckMountedSecrets

Beispiele auf hotexamples.com: 2

Golang CheckMountedSecrets - 2 Beispiele gefunden. Dies sind die am besten bewerteten Golang Beispiele für die github.com/openshift/origin/pkg/api/kubegraph/analysis.CheckMountedSecrets, die aus Open Source-Projekten extrahiert wurden. Sie können Beispiele bewerten, um die Qualität der Beispiele zu verbessern.

Beispiel #1

Datei anzeigen

Datei: dc.go Projekt: starksm64/origin

// CheckMountedSecrets checks to be sure that all the referenced secrets are mountable (by service account) and present (not synthetic)
func CheckMountedSecrets(g osgraph.Graph, dcNode *deploygraph.DeploymentConfigNode) ( /*unmountable secrets*/ []*kubegraph.SecretNode /*unresolved secrets*/, []*kubegraph.SecretNode) {
	podSpecs := DescendentNodesByNodeKind(g, graphview.IntSet{}, dcNode, kubegraph.PodSpecNodeKind, func(g osgraph.Interface, head, tail graph.Node, edgeKinds util.StringSet) bool {
		if edgeKinds.Has(osgraph.ContainsEdgeKind) {
			return true
		}
		return false
	})

	if len(podSpecs) > 0 {
		return kubeanalysis.CheckMountedSecrets(g, podSpecs[0].(*kubegraph.PodSpecNode))
	}

	return []*kubegraph.SecretNode{}, []*kubegraph.SecretNode{}
}

Beispiel #2

Datei anzeigen

Datei: projectstatus.go Projekt: naheedmk/origin

func describeBadPodSpecs(out io.Writer, g osgraph.Graph) ([]string, []*kubegraph.SecretNode) {
	allMissingSecrets := []*kubegraph.SecretNode{}
	lines := []string{}

	for _, uncastPodSpec := range g.NodesByKind(kubegraph.PodSpecNodeKind) {
		podSpecNode := uncastPodSpec.(*kubegraph.PodSpecNode)
		unmountableSecrets, missingSecrets := kubeanalysis.CheckMountedSecrets(g, podSpecNode)
		containingNode := osgraph.GetTopLevelContainerNode(g, podSpecNode)

		allMissingSecrets = append(allMissingSecrets, missingSecrets...)

		unmountableNames := []string{}
		for _, secret := range unmountableSecrets {
			unmountableNames = append(unmountableNames, secret.ResourceString())
		}

		missingNames := []string{}
		for _, secret := range missingSecrets {
			missingNames = append(missingNames, secret.ResourceString())
		}

		containingNodeName := g.GraphDescriber.Name(containingNode)
		if resourceNode, ok := containingNode.(osgraph.ResourceNode); ok {
			containingNodeName = resourceNode.ResourceString()
		}

		switch {
		case len(unmountableSecrets) > 0 && len(missingSecrets) > 0:
			lines = append(lines, fmt.Sprintf("\t%s is not allowed to mount %s and wants to mount these missing secrets %s", containingNodeName, strings.Join(unmountableNames, ","), strings.Join(missingNames, ",")))
		case len(unmountableSecrets) > 0:
			lines = append(lines, fmt.Sprintf("\t%s is not allowed to mount %s", containingNodeName, strings.Join(unmountableNames, ",")))
		case len(unmountableSecrets) > 0 && len(missingSecrets) > 0:
			lines = append(lines, fmt.Sprintf("\t%s wants to mount these missing secrets %s", containingNodeName, strings.Join(missingNames, ",")))
		}
	}

	// if we had any failures, prepend the warning line
	if len(lines) > 0 {
		return append([]string{"Warning: some requested secrets are not allowed:"}, lines...), allMissingSecrets
	}

	return []string{}, allMissingSecrets
}