api

package
v0.0.0-...-ecf1725 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 31, 2024 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// Resource information that are used as encryption key storage. Can be accessible by multiple dashboard replicas.
	EncryptionKeyHolderName = "kubernetes-dashboard-key-holder"

	// Resource information that are used as certificate storage for custom certificates used by the user.
	CertificateHolderSecretName = "kubernetes-dashboard-certs"

	// Expiration time (in seconds) of tokens generated by dashboard. Default: 15 min.
	DefaultTokenTTL = 900
)

Variables

This section is empty.

Functions

func ShouldRejectRequest

func ShouldRejectRequest(url string) bool

ShouldRejectRequest returns true if url contains name and namespace of resource that should be filtered out from dashboard.

Types

type AuthManager

type AuthManager interface {
	// Login authenticates user based on provided LoginSpec and returns AuthResponse. AuthResponse contains
	// generated token and list of non-critical errors such as 'Failed authentication'.
	Login(*LoginSpec) (*AuthResponse, error)
	// Refresh takes valid token that hasn't expired yet and returns a new one with expiration time set to TokenTTL. In
	// case provided token has expired, token expiration error is returned.
	Refresh(string) (string, error)
	// AuthenticationModes returns array of auth modes supported by dashboard.
	AuthenticationModes() []AuthenticationMode
	// AuthenticationSkippable tells if the Skip button should be enabled or not
	AuthenticationSkippable() bool
}

AuthManager is used for user authentication management.

type AuthResponse

type AuthResponse struct {
	// Name is a user/subject name if available
	Name string `json:"name,omitempty"`
	// JWEToken is a token generated during login request that contains AuthInfo data in the payload.
	JWEToken string `json:"jweToken"`
	// Errors are a list of non-critical errors that happened during login request.
	Errors []error `json:"errors"`
}

AuthResponse is returned from our backend as a response for login/refresh requests. It contains generated JWEToken and a list of non-critical errors such as 'Failed authentication'.

type AuthenticationMode

type AuthenticationMode string

AuthenticationMode represents auth mode supported by dashboard, i.e. basic.

const (
	Token AuthenticationMode = "token"
	Basic AuthenticationMode = "basic"
)

Authentication modes supported by dashboard should be defined below.

func (AuthenticationMode) String

func (self AuthenticationMode) String() string

String returns string representation of auth mode.

type AuthenticationModes

type AuthenticationModes map[AuthenticationMode]bool

AuthenticationModes represents auth modes supported by dashboard.

func ToAuthenticationModes

func ToAuthenticationModes(modes []string) AuthenticationModes

ToAuthenticationModes transforms array of authentication mode strings to valid AuthenticationModes type.

func (AuthenticationModes) Add

func (self AuthenticationModes) Add(mode AuthenticationMode)

Add adds given auth mode to AuthenticationModes map

func (AuthenticationModes) Array

func (self AuthenticationModes) Array() []AuthenticationMode

Array returns array of auth modes supported by dashboard.

func (AuthenticationModes) IsEnabled

func (self AuthenticationModes) IsEnabled(mode AuthenticationMode) bool

IsEnabled returns true if given auth mode is supported, false otherwise.

type Authenticator

type Authenticator interface {
	// GetAuthInfo returns filled AuthInfo structure that can be used for K8S api client creation.
	GetAuthInfo() (api.AuthInfo, error)
}

Authenticator represents authentication methods supported by Dashboard. Currently supported types are:

  • Token based - Any bearer token accepted by apiserver
  • Basic - Username and password based authentication. Requires that apiserver has basic auth enabled also
  • Kubeconfig based - Authenticates user based on kubeconfig file. Only token/basic modes are supported within the kubeconfig file.

type LoginModesResponse

type LoginModesResponse struct {
	Modes []AuthenticationMode `json:"modes"`
}

LoginModesResponse contains list of auth modes supported by dashboard.

type LoginSkippableResponse

type LoginSkippableResponse struct {
	Skippable bool `json:"skippable"`
}

LoginSkippableResponse contains a flag that tells the UI not to display the Skip button. Note that this only hides the button, it doesn't disable unauthenticated access.

type LoginSpec

type LoginSpec struct {
	// Username is the username for basic authentication to the kubernetes cluster.
	Username string `json:"username,omitempty"`
	// Password is the password for basic authentication to the kubernetes cluster.
	Password string `json:"password,omitempty"`
	// Token is the bearer token for authentication to the kubernetes cluster.
	Token string `json:"token,omitempty"`
	// KubeConfig is the content of users' kubeconfig file. It will be parsed and auth data will be extracted.
	// Kubeconfig can not contain any paths. All data has to be provided within the file.
	KubeConfig string `json:"kubeconfig,omitempty"`
}

LoginSpec is extracted from request coming from Dashboard frontend during login request. It contains all the information required to authenticate user.

type ProtectedResource

type ProtectedResource struct {
	// ResourceName is a name of the protected resource.
	ResourceName string
	// ResourceNamespace is a namespace of the protected resource. Should be empty if resource is non-namespaced.
	ResourceNamespace string
}

ProtectedResource represents basic information about resource that should be filtered out from Dashboard UI.

type TokenManager

type TokenManager interface {
	// Generate secure token based on AuthInfo structure and save it tokens' payload.
	Generate(api.AuthInfo) (string, error)
	// Decrypt generated token and return AuthInfo structure that will be used for K8S api client creation.
	Decrypt(string) (*api.AuthInfo, error)
	// Refresh returns refreshed token based on provided token. In case provided token has expired, token expiration
	// error is returned.
	Refresh(string) (string, error)
	// SetTokenTTL sets expiration time (in seconds) of generated tokens.
	SetTokenTTL(time.Duration)
}

TokenManager is responsible for generating and decrypting tokens used for authorization. Authorization is handled by K8S apiserver. Token contains AuthInfo structure used to create K8S api client.

type TokenRefreshSpec

type TokenRefreshSpec struct {
	// JWEToken is a token generated during login request that contains AuthInfo data in the payload.
	JWEToken string `json:"jweToken"`
}

TokenRefreshSpec contains token that is required by token refresh operation.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL