Documentation
¶
Index ¶
- func FormatToken(creds, certFile string) (string, error)
- func FormatTokenBytes(creds string, b []byte) (string, error)
- func GetHTTPClient(cacerts []byte, certFile, keyFile string) *http.Client
- func ParseUsernamePassword(token string) (string, string, bool)
- func WriteClientKubeConfig(destFile, url, serverCAFile, clientCertFile, clientKeyFile string) error
- type Info
- type ValidationOption
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FormatToken ¶
FormatToken takes a username:password string or join token, and a path to a certificate bundle, and returns a string containing the full K10 format token string. If the credentials are empty, an empty token is returned. If the certificate bundle does not exist or does not contain a valid bundle, an error is returned.
func FormatTokenBytes ¶
FormatTokenBytes has the same interface as FormatToken, but accepts a byte slice instead of file path.
func GetHTTPClient ¶
GetHTTPClient returns a http client that validates TLS server certificates using the provided CA bundle. If the CA bundle is empty, it validates using the default http client using the OS CA bundle. If the CA bundle is not empty but does not contain any valid certs, it validates using an empty CA bundle (which will always fail). If valid cert+key paths can be loaded from the provided paths, they are used for client cert auth.
func ParseUsernamePassword ¶
ParseUsernamePassword returns the username and password portion of a token string, along with a bool indicating if the token was successfully parsed. Kubeadm-style tokens have ID/Secret not Username/Password and therefore will return false (invalid).
func WriteClientKubeConfig ¶
WriteClientKubeConfig generates a kubeconfig at destFile that can be used to connect to a server at url with the given certs and keys
Types ¶
type Info ¶
type Info struct {
*kubeadm.BootstrapTokenString
CACerts []byte
BaseURL string
Username string
Password string
CertFile string
KeyFile string
// contains filtered or unexported fields
}
Info contains fields that track parsed parts of a cluster join token
func ParseAndValidateToken ¶
func ParseAndValidateToken(server string, token string, options ...ValidationOption) (*Info, error)
ParseAndValidateToken parses a token, downloads and validates the server's CA bundle, and validates it according to the caHash from the token if set.
type ValidationOption ¶
type ValidationOption func(*Info)
ValidationOption is a callback to mutate the token prior to use
func WithClientCertificate ¶
func WithClientCertificate(certFile, keyFile string) ValidationOption
WithClientCertificate configures certs and keys to be used to authenticate the request.
func WithUser ¶
func WithUser(username string) ValidationOption
WithUser overrides the username from the token with the provided value.
Source Files