func (ks KnownSecretType) Matches(secretContent map[string][]byte) bool {
if secretContent == nil {
return false
}
secretKeys := sets.KeySet(reflect.ValueOf(secretContent))
return reflect.DeepEqual(ks.RequiredContents.List(), secretKeys.List())
}
// ListGroups queries for all groups as configured with the common group filter and returns their
// LDAP group UIDs. This also satisfies the LDAPGroupLister interface
func (e *ADLDAPInterface) ListGroups() ([]string, error) {
if err := e.populateCache(); err != nil {
return nil, err
}
return sets.KeySet(reflect.ValueOf(e.ldapGroupToLDAPMembers)).List(), nil
}
// execute an explicit task reconciliation, as per http://mesos.apache.org/documentation/latest/reconciliation/
func (k *KubernetesScheduler) explicitlyReconcileTasks(driver bindings.SchedulerDriver, taskToSlave map[string]string, cancel <-chan struct{}) error {
log.Info("explicit reconcile tasks")
// tell mesos to send us the latest status updates for all the non-terminal tasks that we know about
statusList := []*mesos.TaskStatus{}
remaining := sets.KeySet(reflect.ValueOf(taskToSlave))
for taskId, slaveId := range taskToSlave {
if slaveId == "" {
delete(taskToSlave, taskId)
continue
}
statusList = append(statusList, &mesos.TaskStatus{
TaskId: mutil.NewTaskID(taskId),
SlaveId: mutil.NewSlaveID(slaveId),
State: mesos.TaskState_TASK_RUNNING.Enum(), // req'd field, doesn't have to reflect reality
})
}
select {
case <-cancel:
return reconciliationCancelledErr
default:
if _, err := driver.ReconcileTasks(statusList); err != nil {
return err
}
}
start := time.Now()
first := true
for backoff := 1 * time.Second; first || remaining.Len() > 0; backoff = backoff * 2 {
first = false
// nothing to do here other than wait for status updates..
if backoff > k.schedcfg.ExplicitReconciliationMaxBackoff.Duration {
backoff = k.schedcfg.ExplicitReconciliationMaxBackoff.Duration
}
select {
case <-cancel:
return reconciliationCancelledErr
case <-time.After(backoff):
for taskId := range remaining {
if task, _ := k.taskRegistry.Get(taskId); task != nil && explicitTaskFilter(task) && task.UpdatedTime.Before(start) {
// keep this task in remaining list
continue
}
remaining.Delete(taskId)
}
}
}
return nil
}
// handleLocationChange goes through all service account dockercfg secrets and updates them to point at a new docker-registry location
func (e *DockerRegistryServiceController) handleLocationChange(serviceLocation string) error {
e.dockercfgController.SetDockerURL(serviceLocation)
dockercfgSecrets, err := e.listDockercfgSecrets()
if err != nil {
return err
}
for _, dockercfgSecret := range dockercfgSecrets {
dockercfg := &credentialprovider.DockerConfig{}
if err := json.Unmarshal(dockercfgSecret.Data[api.DockerConfigKey], dockercfg); err != nil {
util.HandleError(err)
continue
}
dockercfgMap := map[string]credentialprovider.DockerConfigEntry(*dockercfg)
keys := sets.KeySet(reflect.ValueOf(dockercfgMap))
if len(keys) != 1 {
util.HandleError(err)
continue
}
oldKey := keys.List()[0]
// if there's no change, skip
if oldKey == serviceLocation {
continue
}
dockercfgMap[serviceLocation] = dockercfgMap[oldKey]
delete(dockercfgMap, oldKey)
t := credentialprovider.DockerConfig(dockercfgMap)
dockercfg = &t
dockercfgContent, err := json.Marshal(dockercfg)
if err != nil {
util.HandleError(err)
continue
}
dockercfgSecret.Data[api.DockerConfigKey] = dockercfgContent
if _, err := e.client.Secrets(dockercfgSecret.Namespace).Update(dockercfgSecret); err != nil {
util.HandleError(err)
continue
}
}
return err
}
func DescribePolicy(policy *authorizationapi.Policy) (string, error) {
return tabbedString(func(out *tabwriter.Writer) error {
formatMeta(out, policy.ObjectMeta)
formatString(out, "Last Modified", policy.LastModified)
// using .List() here because I always want the sorted order that it provides
for _, key := range sets.KeySet(reflect.ValueOf(policy.Roles)).List() {
role := policy.Roles[key]
fmt.Fprint(out, key+"\t"+policyRuleHeadings+"\n")
for _, rule := range role.Rules {
describePolicyRule(out, rule, "\t")
}
}
return nil
})
}
func newNavigationSteps(path string) (*navigationSteps, error) {
steps := []navigationStep{}
individualParts := strings.Split(path, ".")
currType := reflect.TypeOf(clientcmdapi.Config{})
currPartIndex := 0
for currPartIndex < len(individualParts) {
switch currType.Kind() {
case reflect.Map:
// if we're in a map, we need to locate a name. That name may contain dots, so we need to know what tokens are legal for the map's value type
// for example, we could have a set request like: `set clusters.10.10.12.56.insecure-skip-tls-verify true`. We enter this case with
// steps representing 10, 10, 12, 56, insecure-skip-tls-verify. The name is "10.10.12.56", so we want to collect all those parts together and
// store them as a single step. In order to do that, we need to determine what set of tokens is a legal step AFTER the name of the map key
// This set of reflective code pulls the type of the map values, uses that type to look up the set of legal tags. Those legal tags are used to
// walk the list of remaining parts until we find a match to a legal tag or the end of the string. That name is used to burn all the used parts.
mapValueType := currType.Elem().Elem()
mapValueOptions, err := getPotentialTypeValues(mapValueType)
if err != nil {
return nil, err
}
nextPart := findNameStep(individualParts[currPartIndex:], sets.KeySet(reflect.ValueOf(mapValueOptions)))
steps = append(steps, navigationStep{nextPart, mapValueType})
currPartIndex += len(strings.Split(nextPart, "."))
currType = mapValueType
case reflect.Struct:
nextPart := individualParts[currPartIndex]
options, err := getPotentialTypeValues(currType)
if err != nil {
return nil, err
}
fieldType, exists := options[nextPart]
if !exists {
return nil, fmt.Errorf("unable to parse %v after %v at %v", path, steps, currType)
}
steps = append(steps, navigationStep{nextPart, fieldType})
currPartIndex += len(strings.Split(nextPart, "."))
currType = fieldType
}
}
return &navigationSteps{steps, 0}, nil
}
func DescribePolicyBinding(policyBinding *authorizationapi.PolicyBinding) (string, error) {
return tabbedString(func(out *tabwriter.Writer) error {
formatMeta(out, policyBinding.ObjectMeta)
formatString(out, "Last Modified", policyBinding.LastModified)
formatString(out, "Policy", policyBinding.PolicyRef.Namespace)
// using .List() here because I always want the sorted order that it provides
for _, key := range sets.KeySet(reflect.ValueOf(policyBinding.RoleBindings)).List() {
roleBinding := policyBinding.RoleBindings[key]
users, groups, sas, others := authorizationapi.SubjectsStrings(roleBinding.Namespace, roleBinding.Subjects)
formatString(out, "RoleBinding["+key+"]", " ")
formatString(out, "\tRole", roleBinding.RoleRef.Name)
formatString(out, "\tUsers", strings.Join(users, ", "))
formatString(out, "\tGroups", strings.Join(groups, ", "))
formatString(out, "\tServiceAccounts", strings.Join(sas, ", "))
formatString(out, "\tSubjects", strings.Join(others, ", "))
}
return nil
})
}
// resources.
DefaultOpenShiftStorageVersionLevel = latest.Versions[0]
// DeadKubernetesStorageVersionLevels are storage versions which shouldn't
// be exposed externally.
DeadKubernetesStorageVersionLevels = []string{"v1beta3"}
// DeadOpenShiftStorageVersionLevels are storage versions which shouldn't be
// exposed externally.
DeadOpenShiftStorageVersionLevels = []string{"v1beta1", "v1beta3"}
APIGroupKube = ""
APIGroupExtensions = "extensions"
KubeAPIGroupsToAllowedVersions = map[string][]string{
APIGroupKube: {"v1"},
APIGroupExtensions: {"v1beta1"},
}
KnownKubeAPIGroups = sets.KeySet(reflect.ValueOf(KubeAPIGroupsToAllowedVersions))
// FeatureAliases maps deprecated names of feature flag to their canonical
// names. Aliases must be lower-cased for O(1) lookup.
FeatureAliases = map[string]string{
"s2i builder": FeatureS2I,
"web console": FeatureWebConsole,
}
KnownOpenShiftFeatures = []string{FeatureBuilder, FeatureS2I, FeatureWebConsole}
AtomicDisabledFeatures = []string{FeatureBuilder, FeatureS2I, FeatureWebConsole}
)
type ExtendedArguments map[string][]string
// NodeConfig is the fully specified config starting an OpenShift node
type NodeConfig struct {