nmi

package
v1.7.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 2, 2021 License: MIT Imports: 10 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetKubeClient

func GetKubeClient(nodeName, mode string, enableScaleFeatures bool) (k8s.Client, error)

GetKubeClient returns kube client based on nmi mode

Types

type Config

type Config struct {
	// Mode is the operation mode for token client
	Mode string
	// RetryAttemptsForCreated number of retries in NMI to find assigned identity in CREATED state for standard mode
	RetryAttemptsForCreated int
	// RetryAttemptsForAssigned number of retries in NMI to find assigned identity in ASSIGNED state for standard mode
	RetryAttemptsForAssigned int
	// FindIdentityRetryIntervalInSeconds Retry interval to find assigned identities in seconds for standard mode
	FindIdentityRetryIntervalInSeconds int
	// NodeName is the node on which NMI is running
	NodeName string
	// Namespaced makes NMI looks for identities in same namespace as pods
	Namespaced bool
}

Config is the parameters used by token client

type ManagedClient

type ManagedClient struct {
	TokenClient
	KubeClient   k8s.Client
	IsNamespaced bool
}

ManagedClient implements the TokenClient interface

func NewManagedTokenClient

func NewManagedTokenClient(client k8s.Client, config Config) (*ManagedClient, error)

NewManagedTokenClient creates new managed token client

func (*ManagedClient) GetIdentities

func (mc *ManagedClient) GetIdentities(ctx context.Context, podns, podname, clientID, resourceID string) (*aadpodid.AzureIdentity, error)

GetIdentities gets the azure identity that matches the podns/podname and client id

func (*ManagedClient) GetTokens added in v1.7.0

func (mc *ManagedClient) GetTokens(ctx context.Context, rqClientID, rqResource string, azureID aadpodid.AzureIdentity) ([]*adal.Token, error)

GetTokens returns ADAL tokens based on the request and its pod identity.

type OperationMode

type OperationMode string

OperationMode is the mode in which NMI is operating allowed values: standard, managed

const (
	// StandardMode is the name of NMI's standard mode.
	StandardMode OperationMode = "standard"

	// ManagedMode is the name of NMI's managed mode.
	ManagedMode OperationMode = "managed"
)

type StandardClient

type StandardClient struct {
	TokenClient
	KubeClient                         k8s.Client
	ListPodIDsRetryAttemptsForCreated  int
	ListPodIDsRetryAttemptsForAssigned int
	ListPodIDsRetryIntervalInSeconds   int
	IsNamespaced                       bool
}

StandardClient implements the TokenClient interface

func NewStandardTokenClient

func NewStandardTokenClient(client k8s.Client, config Config) (*StandardClient, error)

NewStandardTokenClient creates new standard nmi client

func (*StandardClient) GetIdentities

func (sc *StandardClient) GetIdentities(ctx context.Context, podns, podname, clientID, resourceID string) (*aadpodid.AzureIdentity, error)

GetIdentities gets the azure identity that matches the podns/podname and client id

func (*StandardClient) GetTokens added in v1.7.0

func (sc *StandardClient) GetTokens(ctx context.Context, rqClientID, rqResource string, azureID aadpodid.AzureIdentity) ([]*adal.Token, error)

GetTokens returns ADAL tokens based on the request and its pod identity.

type TokenClient

type TokenClient interface {
	// GetIdentities gets the list of identities which match the
	// given pod in the form of AzureIdentity.
	GetIdentities(ctx context.Context, podns, podname, clientID, resourceID string) (*aadpodid.AzureIdentity, error)
	// GetTokens acquires tokens by using the AzureIdentity.
	GetTokens(ctx context.Context, clientID, resource string, podID aadpodid.AzureIdentity) (tokens []*adal.Token, err error)
}

TokenClient is an abstraction used to retrieve pods' identities and ADAL tokens.

func GetTokenClient

func GetTokenClient(client k8s.Client, config Config) (TokenClient, error)

GetTokenClient returns a token client

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL