Documentation ¶
Index ¶
- Variables
- func AuthenticateHandler(issuer *TokenIssuer) http.HandlerFunc
- func CA(w http.ResponseWriter, _ *http.Request)
- func GenerateAppRoleBinding(namespace string)
- func GenerateAppServiceAccount(namespace string)
- func GenerateDefaultRoleBinding(namespace string)
- func GenerateProjects(context []*types.Project)
- func GenerateResources() error
- func GenerateUserRoleBinding(namespace string, role string)
- func GetUserNamespace(group string) (*types.Project, error)
- func GetUserNamespaces(groups []string) []*types.Project
- func NamespaceParser(namespace string) types.Project
- func RefreshK8SResources()
- func WatchNetPolConfig() cache.Store
- func WatchProjects() cache.Store
- type TokenIssuer
- func (issuer *TokenIssuer) CurrentJWT(usertoken string) (*types.AuthJWTClaims, error)
- func (issuer *TokenIssuer) GenerateConfig(w http.ResponseWriter, r *http.Request)
- func (issuer *TokenIssuer) GenerateExtraToken(username string, email string, hasAdminAccess bool, hasApplicationAccess bool, ...) (*string, error)
- func (issuer *TokenIssuer) GenerateJWT(w http.ResponseWriter, r *http.Request)
- func (issuer *TokenIssuer) GenerateUserToken(groups []string, username string, email string, hasAdminAccess bool, ...) (*string, error)
- func (issuer *TokenIssuer) VerifyToken(usertoken string) error
Constants ¶
This section is empty.
Variables ¶
var DnsParser = regexp.MustCompile("(?:.+_+)*(?P<namespace>.+)_(?P<role>.+)$")
Functions ¶
func AuthenticateHandler ¶
func AuthenticateHandler(issuer *TokenIssuer) http.HandlerFunc
Authenticate service for kubernetes Api Server https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication
func GenerateAppRoleBinding ¶
func GenerateAppRoleBinding(namespace string)
func GenerateDefaultRoleBinding ¶
func GenerateDefaultRoleBinding(namespace string)
func GenerateProjects ¶
A loop wrapper for generateProject splitted for unit test !
func GenerateResources ¶
func GenerateResources() error
Generate Namespaces and Rolebinding from Ldap groups
func GenerateUserRoleBinding ¶
GenerateRolebinding from tupple If exists, nothing is done, only creating !
func GetUserNamespace ¶
Get Namespace, Role for a group name
func GetUserNamespaces ¶
Get Namespace, Role for a list of group name
func NamespaceParser ¶
Parse an ldap namespace an extract: - Kubernetes namespace - Project ( namespace without environment) - Environment If environment not found, return the namespace as is
func RefreshK8SResources ¶
func RefreshK8SResources()
Handler to regenerate all resources created by kubi
func WatchNetPolConfig ¶
Watch NetworkPolicyConfig, which is a config object for namespace network bubble This CRD allow user to deploy global configuration for network configuration for update, the default network config is updated for deletion, it is automatically recreated for create, just create it
func WatchProjects ¶
Watch NetworkPolicyConfig, which is a config object for namespace network bubble This CRD allow user to deploy global configuration for network configuration for update, the default network config is updated for deletion, it is automatically recreated for create, just create it
Types ¶
type TokenIssuer ¶
type TokenIssuer struct { EcdsaPrivate *ecdsa.PrivateKey EcdsaPublic *ecdsa.PublicKey TokenDuration string ExtraTokenDuration string Locator string PublicApiServerURL string Tenant string }
func (*TokenIssuer) CurrentJWT ¶
func (issuer *TokenIssuer) CurrentJWT(usertoken string) (*types.AuthJWTClaims, error)
func (*TokenIssuer) GenerateConfig ¶
func (issuer *TokenIssuer) GenerateConfig(w http.ResponseWriter, r *http.Request)
GenerateConfig generates a config in yaml, including JWT token and cluster information. It can be directly used out of the box by kubectl. It returns a well formatted yaml
func (*TokenIssuer) GenerateExtraToken ¶
func (issuer *TokenIssuer) GenerateExtraToken(username string, email string, hasAdminAccess bool, hasApplicationAccess bool, hasOpsAccess bool, scopes string) (*string, error)
Generate an service token from a user account The semantic of this token should be hold by the target backend, ex: service api, promotion api... Only user with transversal access can generate extra tokens
func (*TokenIssuer) GenerateJWT ¶
func (issuer *TokenIssuer) GenerateJWT(w http.ResponseWriter, r *http.Request)
func (*TokenIssuer) GenerateUserToken ¶
func (*TokenIssuer) VerifyToken ¶
func (issuer *TokenIssuer) VerifyToken(usertoken string) error