// purgeDeletedNamespaces will remove all namespaces enumerated in a reviewRecordStore that are not in the namespace set func purgeDeletedNamespaces(namespaceSet *sets.String, userSubjectRecordStore cache.Store, groupSubjectRecordStore cache.Store, reviewRecordStore cache.Store) { reviewRecordItems := reviewRecordStore.List() for i := range reviewRecordItems { reviewRecord := reviewRecordItems[i].(*reviewRecord) if !namespaceSet.Has(reviewRecord.namespace) { deleteNamespaceFromSubjects(userSubjectRecordStore, reviewRecord.users, reviewRecord.namespace) deleteNamespaceFromSubjects(groupSubjectRecordStore, reviewRecord.groups, reviewRecord.namespace) reviewRecordStore.Delete(reviewRecord) } } }
// getMatchingPolicies returns policies from the store. For now this returns everything // in the future it can filter based on UserInfo and permissions. func getMatchingPolicies(store cache.Store, user user.Info, sa user.Info) ([]*extensions.PodSecurityPolicy, error) { matchedPolicies := make([]*extensions.PodSecurityPolicy, 0) for _, c := range store.List() { constraint, ok := c.(*extensions.PodSecurityPolicy) if !ok { return nil, errors.NewInternalError(fmt.Errorf("error converting object from store to a pod security policy: %v", c)) } matchedPolicies = append(matchedPolicies, constraint) } return matchedPolicies, nil }
// purgeDeletedNamespaces will remove all namespaces enumerated in a reviewRecordStore that are not in the namespace set func (ac *AuthorizationCache) purgeDeletedNamespaces(oldNamespaces, newNamespaces sets.String, userSubjectRecordStore cache.Store, groupSubjectRecordStore cache.Store, reviewRecordStore cache.Store) { reviewRecordItems := reviewRecordStore.List() for i := range reviewRecordItems { reviewRecord := reviewRecordItems[i].(*reviewRecord) if !newNamespaces.Has(reviewRecord.namespace) { deleteNamespaceFromSubjects(userSubjectRecordStore, reviewRecord.users, reviewRecord.namespace) deleteNamespaceFromSubjects(groupSubjectRecordStore, reviewRecord.groups, reviewRecord.namespace) reviewRecordStore.Delete(reviewRecord) } } for namespace := range oldNamespaces.Difference(newNamespaces) { ac.notifyWatchers(namespace, nil, sets.String{}, sets.String{}) } }
// getMatchingSecurityContextConstraints returns constraints from the store that match the group, // uid, or user of the service account. func getMatchingSecurityContextConstraints(store cache.Store, userInfo user.Info) ([]*kapi.SecurityContextConstraints, error) { matchedConstraints := make([]*kapi.SecurityContextConstraints, 0) for _, c := range store.List() { constraint, ok := c.(*kapi.SecurityContextConstraints) if !ok { return nil, errors.NewInternalError(fmt.Errorf("error converting object from store to a security context constraint: %v", c)) } if ConstraintAppliesTo(constraint, userInfo) { matchedConstraints = append(matchedConstraints, constraint) } } return matchedConstraints, nil }
// initializeCaches fills all controller caches with initial data from etcd in // order to have the caches already filled when first addClaim/addVolume to // perform initial synchronization of the controller. func (ctrl *PersistentVolumeController) initializeCaches(volumeStore cache.Store, claimSource cache.ListerWatcher) { volumeList := volumeStore.List() for _, obj := range volumeList { volume, ok := obj.(*api.PersistentVolume) if !ok { glog.Errorf("PersistentVolumeController can't initialize caches, expected list of volumes, got: %#v", obj) } // Ignore template volumes from kubernetes 1.2 deleted := ctrl.upgradeVolumeFrom1_2(volume) if !deleted { clone, err := conversion.NewCloner().DeepCopy(volume) if err != nil { glog.Errorf("error cloning volume %q: %v", volume.Name, err) continue } volumeClone := clone.(*api.PersistentVolume) ctrl.storeVolumeUpdate(volumeClone) } } claimListObj, err := claimSource.List(api.ListOptions{}) if err != nil { glog.Errorf("PersistentVolumeController can't initialize caches: %v", err) return } claimList, ok := claimListObj.(*api.PersistentVolumeClaimList) if !ok { glog.Errorf("PersistentVolumeController can't initialize caches, expected list of claims, got: %#v", claimListObj) return } for _, claim := range claimList.Items { clone, err := conversion.NewCloner().DeepCopy(&claim) if err != nil { glog.Errorf("error cloning claim %q: %v", claimToClaimKey(&claim), err) continue } claimClone := clone.(*api.PersistentVolumeClaim) ctrl.storeClaimUpdate(claimClone) } glog.V(4).Infof("controller initialized") }
// getDefaultClass returns the default StorageClass from the store, or nil. func getDefaultClass(store cache.Store) (*storage.StorageClass, error) { defaultClasses := []*storage.StorageClass{} for _, c := range store.List() { class, ok := c.(*storage.StorageClass) if !ok { return nil, errors.NewInternalError(fmt.Errorf("error converting stored object to StorageClass: %v", c)) } if class.Annotations[isDefaultAnnotation] == "true" { defaultClasses = append(defaultClasses, class) glog.V(4).Infof("getDefaultClass added: %s", class.Name) } } if len(defaultClasses) == 0 { return nil, nil } if len(defaultClasses) > 1 { glog.V(4).Infof("getDefaultClass %s defaults found", len(defaultClasses)) return nil, errors.NewInternalError(fmt.Errorf("%d default StorageClasses were found", len(defaultClasses))) } return defaultClasses[0], nil }