...

Source file src/edge-infra.dev/pkg/edge/controllers/sequel/doc.go

Documentation: edge-infra.dev/pkg/edge/controllers/sequel

     1  // Sequel is the Edge Database Authentication and Authorization controller
     2  // it is an extension of kcc.
     3  //
     4  // Example Database User Spec for BulitIn User Type
     5  // NB: in this example we do not provide a reference to a secret
     6  // that contains a password for the user to be created in the spec.passwordRef.
     7  // A secret will be created for you in the cluster with the name of the database
     8  // user suffixed by sql-password. The secret will also be saved in Secret Manager with the same identifier.
     9  //
    10  //	apiVersion: backend.edge.ncr.com/v1alpha2
    11  //	kind: DatabaseUser
    12  //	metadata:
    13  //	  name: edgereadonly
    14  //	spec:
    15  //	  type: BUILT_IN
    16  //	  prune: true
    17  //	  instanceRef:
    18  //	    name: sequel
    19  //	    namespace: sequel
    20  //	    projectID: ret-edge-dev-sandbox1
    21  //	  grants:
    22  //	    - schema: public
    23  //	      tableGrant:
    24  //	        - table: clusters
    25  //	          permissions:
    26  //	            - permission: INSERT
    27  //
    28  // Example Database User Spec for BulitIn User Type
    29  // NB: in this example we provide a reference to a secret
    30  // that contains a password for the user to be created in the spec.passwordRef
    31  //
    32  //	apiVersion: backend.edge.ncr.com/v1alpha2
    33  //	kind: DatabaseUser
    34  //	metadata:
    35  //	  name: edgereadonly
    36  //	spec:
    37  //	  type: BUILT_IN
    38  //	  prune: true
    39  //	  passwordRef:
    40  //	    name: edgereadonly
    41  //	    namespace: edge-system
    42  //	  instanceRef:
    43  //	    name: sequel
    44  //	    namespace: sequel
    45  //	    projectID: ret-edge-dev-sandbox1
    46  //	  grants:
    47  //	    - schema: public
    48  //	      tableGrant:
    49  //	        - table: clusters
    50  //	          permissions:
    51  //	            - permission: INSERT
    52  //
    53  // Example Database User Spec for IAM Service Account Type
    54  // NB: in this example the service account does not already exist
    55  // so we set the spec.serviceAccount.createServiceAccount to true
    56  // this ensures that the Sequel controller will create a service account for the Database User.
    57  //
    58  //	 apiVersion: backend.edge.ncr.com/v1alpha2
    59  //	 kind: DatabaseUser
    60  //	 metadata:
    61  //	  name: bannerctl
    62  //	 spec:
    63  //		 type: CLOUD_IAM_SERVICE_ACCOUNT
    64  //		 prune: true
    65  //		 instanceRef:
    66  //		   name: sequel
    67  //		   namespace: sequel
    68  //		   projectID: ret-edge-dev-sandbox1
    69  //		 serviceAccount:
    70  //		   createServiceAccount: true
    71  //		 grants:
    72  //		   - schema: public
    73  //		     tableGrant:
    74  //		       - table: clusters
    75  //		         permissions:
    76  //		           - permission: INSERT
    77  //
    78  // Example Database User Spec for IAM Service Account Type
    79  // NB: in this example the service account already exists
    80  // so we set the spec.serviceAccount.EmailRef to the email of the service account.
    81  //
    82  //	 apiVersion: backend.edge.ncr.com/v1alpha1
    83  //	 kind: DatabaseUser
    84  //	 metadata:
    85  //	 name: bannerctl
    86  //	 spec:
    87  //	  type: CLOUD_IAM_SERVICE_ACCOUNT
    88  //	  prune: true
    89  //	  instanceRef:
    90  //		name: sequel
    91  //		namespace: sequel
    92  //		projectID: ret-edge-dev-sandbox1
    93  //	  serviceAccount:
    94  //		emailRef: obef405a91deb46c8105@ret-edge-dev-sandbox1.iam.gserviceaccount.com
    95  //	  grants:
    96  //	    - schema: public
    97  //	      tableGrant:
    98  //	    - table: clusters
    99  //	      permissions:
   100  //	    - permission: INSERT
   101  package sequel
   102  

View as plain text