auth

package
v0.0.0-...-f34f428 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 16, 2021 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source 
const AuthConnectTypeKubeConfig = "kubeconfig"
View Source 
const AuthConnectTypeKubeToken = "k8s-token"

Variables

This section is empty.

Functions

func NewKubeTokenAuthTokenRecord 

func NewKubeTokenAuthTokenRecord(portalProxy interfaces.PortalProxy, token string) *interfaces.TokenRecord

func TestFetchCertAuth 

func TestFetchCertAuth(t *testing.T)

Types

type AWSIAMUserInfo 

type AWSIAMUserInfo struct {
	Cluster   string `json:"cluster"`
	AccessKey string `json:"accessKey"`
	SecretKey string `json:"secretKey"`
}

AWSIAMUserInfo is the user info needed to connect to AWS Kubernetes

func (*AWSIAMUserInfo) IsExpired 

func (c *AWSIAMUserInfo) IsExpired() bool

func (*AWSIAMUserInfo) Retrieve 

func (c *AWSIAMUserInfo) Retrieve() (credentials.Value, error)

type AWSKubeAuth 

type AWSKubeAuth struct {
	// contains filtered or unexported fields
}

AWSKubeAuth is AWS IAM Authentication for Kubernetes

func (*AWSKubeAuth) AddAuthInfo 

func (c *AWSKubeAuth) AddAuthInfo(info *clientcmdapi.AuthInfo, tokenRec interfaces.TokenRecord) error

func (*AWSKubeAuth) DoFlowRequest 

func (c *AWSKubeAuth) DoFlowRequest(cnsiRequest *interfaces.CNSIRequest, req *http.Request) (*http.Response, error)

func (*AWSKubeAuth) FetchToken 

func (c *AWSKubeAuth) FetchToken(cnsiRecord interfaces.CNSIRecord, ec echo.Context) (*interfaces.TokenRecord, *interfaces.CNSIRecord, error)

func (*AWSKubeAuth) GetName 

func (c *AWSKubeAuth) GetName() string

GetName returns the Auth Provider name

func (*AWSKubeAuth) GetUserFromToken 

func (c *AWSKubeAuth) GetUserFromToken(cnsiGUID string, cfTokenRecord *interfaces.TokenRecord) (*interfaces.ConnectedUser, bool)

func (*AWSKubeAuth) RefreshIAMToken 

func (c *AWSKubeAuth) RefreshIAMToken(skipSSLValidation bool, cnsiGUID, userGUID, client, clientSecret, tokenEndpoint string) (t interfaces.TokenRecord, err error)

func (*AWSKubeAuth) RegisterJetstreamAuthType 

func (c *AWSKubeAuth) RegisterJetstreamAuthType(portal interfaces.PortalProxy)

type AzureKubeAuth 

type AzureKubeAuth struct {
	CertKubeAuth
}

AzureKubeAuth is Azure Authentication with Certificates

func (*AzureKubeAuth) FetchToken 

func (p *AzureKubeAuth) FetchToken(cnsiRecord interfaces.CNSIRecord, ec echo.Context) (*interfaces.TokenRecord, *interfaces.CNSIRecord, error)

func (*AzureKubeAuth) GetName 

func (c *AzureKubeAuth) GetName() string

GetName returns the provider name

func (*AzureKubeAuth) RegisterJetstreamAuthType 

func (c *AzureKubeAuth) RegisterJetstreamAuthType(portal interfaces.PortalProxy)

type CertKubeAuth 

type CertKubeAuth struct {
	// contains filtered or unexported fields
}

CertKubeAuth is GKE Authentication with Certificates

func InitCertKubeAuth 

func InitCertKubeAuth(portalProxy interfaces.PortalProxy) *CertKubeAuth

InitCertKubeAuth creates a GKEKubeAuth

func (*CertKubeAuth) AddAuthInfo 

func (c *CertKubeAuth) AddAuthInfo(info *clientcmdapi.AuthInfo, tokenRec interfaces.TokenRecord) error

func (*CertKubeAuth) DoFlowRequest 

func (c *CertKubeAuth) DoFlowRequest(cnsiRequest *interfaces.CNSIRequest, req *http.Request) (*http.Response, error)

func (*CertKubeAuth) FetchToken 

func (c *CertKubeAuth) FetchToken(cnsiRecord interfaces.CNSIRecord, ec echo.Context) (*interfaces.TokenRecord, *interfaces.CNSIRecord, error)

func (*CertKubeAuth) GetName 

func (c *CertKubeAuth) GetName() string

GetName returns the provider name

func (*CertKubeAuth) GetUserFromToken 

func (c *CertKubeAuth) GetUserFromToken(cnsiGUID string, cfTokenRecord *interfaces.TokenRecord) (*interfaces.ConnectedUser, bool)

func (*CertKubeAuth) RefreshCertAuth 

func (c *CertKubeAuth) RefreshCertAuth(skipSSLValidation bool, cnsiGUID, userGUID, client, clientSecret, tokenEndpoint string) (t interfaces.TokenRecord, err error)

func (*CertKubeAuth) RegisterJetstreamAuthType 

func (c *CertKubeAuth) RegisterJetstreamAuthType(portal interfaces.PortalProxy)

type GKEConfig 

type GKEConfig struct {
	ClientID     string `json:"client_id"`
	ClientSecret string `json:"client_secret"`
	RefreshToken string `json:"refresh_token"`
	Type         string `json:"type"`
	Email        string `json:"email"`
}

GKEConfig is the format of the config file we expect for GKE authentication

type GKEKubeAuth 

type GKEKubeAuth struct {
	// contains filtered or unexported fields
}

GKEKubeAuth is GKE Authentication for Kubernetes

func (*GKEKubeAuth) AddAuthInfo 

func (c *GKEKubeAuth) AddAuthInfo(info *clientcmdapi.AuthInfo, tokenRec interfaces.TokenRecord) error

func (*GKEKubeAuth) DoFlowRequest 

func (c *GKEKubeAuth) DoFlowRequest(cnsiRequest *interfaces.CNSIRequest, req *http.Request) (*http.Response, error)

func (*GKEKubeAuth) FetchToken 

func (c *GKEKubeAuth) FetchToken(cnsiRecord interfaces.CNSIRecord, ec echo.Context) (*interfaces.TokenRecord, *interfaces.CNSIRecord, error)

FetchToken will create a token for the GKE Authentication using the POSTed data

func (*GKEKubeAuth) GetName 

func (c *GKEKubeAuth) GetName() string

GetName returns the provider name

func (*GKEKubeAuth) GetUserFromToken 

func (c *GKEKubeAuth) GetUserFromToken(cnsiGUID string, tokenRecord *interfaces.TokenRecord) (*interfaces.ConnectedUser, bool)

GetUserFromToken gets the username from the GKE Token

func (*GKEKubeAuth) RefreshGKEToken 

func (c *GKEKubeAuth) RefreshGKEToken(skipSSLValidation bool, cnsiGUID, userGUID, client, clientSecret, tokenEndpoint string) (t interfaces.TokenRecord, err error)

RefreshGKEToken will refresh a GKE token

func (*GKEKubeAuth) RegisterJetstreamAuthType 

func (c *GKEKubeAuth) RegisterJetstreamAuthType(portal interfaces.PortalProxy)

type KubeAuthProvider 

type KubeAuthProvider interface {
	GetName() string
	AddAuthInfo(info *clientcmdapi.AuthInfo, tokenRec interfaces.TokenRecord) error
	FetchToken(cnsiRecord interfaces.CNSIRecord, ec echo.Context) (*interfaces.TokenRecord, *interfaces.CNSIRecord, error)

	RegisterJetstreamAuthType(portal interfaces.PortalProxy)
}

KubeAuthProvider is the interface for Kubernetes Authentication Providers

func InitAWSKubeAuth 

func InitAWSKubeAuth(portalProxy interfaces.PortalProxy) KubeAuthProvider

InitAWSKubeAuth creates a GKEKubeAuth

func InitAzureKubeAuth 

func InitAzureKubeAuth(portalProxy interfaces.PortalProxy) KubeAuthProvider

InitAzureKubeAuth creates a AzureKubeAuth

func InitGKEKubeAuth 

func InitGKEKubeAuth(portalProxy interfaces.PortalProxy) KubeAuthProvider

InitGKEKubeAuth creates a GKEKubeAuth

func InitKubeConfigAuth 

func InitKubeConfigAuth(portalProxy interfaces.PortalProxy) KubeAuthProvider

InitKubeConfigAuth

func InitKubeTokenAuth 

func InitKubeTokenAuth(portalProxy interfaces.PortalProxy) KubeAuthProvider

InitKubeTokenAuth

type KubeBasicAuth 

type KubeBasicAuth struct {
	// contains filtered or unexported fields
}

KubeBasicAuth is HTTP Basic Authentication

func InitKubeBasicAuth 

func InitKubeBasicAuth(portalProxy interfaces.PortalProxy) *KubeBasicAuth

InitKubeBasicAuth creates a GKEKubeAuth

func (*KubeBasicAuth) AddAuthInfo 

func (c *KubeBasicAuth) AddAuthInfo(info *clientcmdapi.AuthInfo, tokenRec interfaces.TokenRecord) error

func (*KubeBasicAuth) FetchToken 

func (c *KubeBasicAuth) FetchToken(cnsiRecord interfaces.CNSIRecord, ec echo.Context) (*interfaces.TokenRecord, *interfaces.CNSIRecord, error)

func (*KubeBasicAuth) GetName 

func (c *KubeBasicAuth) GetName() string

GetName returns the provider name

func (*KubeBasicAuth) GetUserFromToken 

func (c *KubeBasicAuth) GetUserFromToken(cnsiGUID string, cfTokenRecord *interfaces.TokenRecord) (*interfaces.ConnectedUser, bool)

func (*KubeBasicAuth) RegisterJetstreamAuthType 

func (c *KubeBasicAuth) RegisterJetstreamAuthType(portal interfaces.PortalProxy)

type KubeCertificate 

type KubeCertificate struct {
	Certificate    string `json:"cert"`
	CertificateKey string `json:"certKey"`
	Token          string `json:"token,omitempty"`
}

KubeCertificate represents certificate infor for Kube Authentication

func (*KubeCertificate) GetCerticate 

func (k *KubeCertificate) GetCerticate() (tls.Certificate, error)

GetCerticate gets a certiciate from the info available

func (*KubeCertificate) GetJSON 

func (k *KubeCertificate) GetJSON() (string, error)

GetJSON persists the config to JSON

type KubeConfigAuth 

type KubeConfigAuth struct {
	OIDCKubeAuth
}

KubeConfigAuth is same as OIDC with different name

func (*KubeConfigAuth) AddAuthInfo 

func (c *KubeConfigAuth) AddAuthInfo(info *clientcmdapi.AuthInfo, tokenRec interfaces.TokenRecord) error

func (*KubeConfigAuth) FetchToken 

func (c *KubeConfigAuth) FetchToken(cnsiRecord interfaces.CNSIRecord, ec echo.Context) (*interfaces.TokenRecord, *interfaces.CNSIRecord, error)

func (*KubeConfigAuth) GetCertAuth 

func (c *KubeConfigAuth) GetCertAuth(cnsiRecord interfaces.CNSIRecord, user *config.KubeConfigUser) (*interfaces.TokenRecord, *interfaces.CNSIRecord, error)

func (*KubeConfigAuth) GetName 

func (c *KubeConfigAuth) GetName() string

func (*KubeConfigAuth) RegisterJetstreamAuthType 

func (c *KubeConfigAuth) RegisterJetstreamAuthType(portal interfaces.PortalProxy)

type KubeConfigAuthProviderOIDC 

type KubeConfigAuthProviderOIDC struct {
	ClientID     string `yaml:"client-id"`
	ClientSecret string `yaml:"client-secret"`
	IDToken      string `yaml:"id-token"`
	IdpIssuerURL string `yaml:"idp-issuer-url"`
	RefreshToken string `yaml:"refresh-token"`
	Expiry       time.Time
}

type KubeJetstreamAuthProvider 

type KubeJetstreamAuthProvider interface {
	DoFlowRequest(cnsiRequest *interfaces.CNSIRequest, req *http.Request) (*http.Response, error)
	GetUserFromToken(cnsiGUID string, tokenRecord *interfaces.TokenRecord) (*interfaces.ConnectedUser, bool)
}

KubeJetstreamAuthProvider is the optional interface that can be implemented if you want to control Jetstream Auth Registration

type KubeTokenAuth 

type KubeTokenAuth struct {
	// contains filtered or unexported fields
}

KubeTokenAuth uses a token (e.g. service account token)

func (*KubeTokenAuth) AddAuthInfo 

func (c *KubeTokenAuth) AddAuthInfo(info *clientcmdapi.AuthInfo, tokenRec interfaces.TokenRecord) error

func (*KubeTokenAuth) FetchToken 

func (c *KubeTokenAuth) FetchToken(cnsiRecord interfaces.CNSIRecord, ec echo.Context) (*interfaces.TokenRecord, *interfaces.CNSIRecord, error)

func (*KubeTokenAuth) GetName 

func (c *KubeTokenAuth) GetName() string

func (*KubeTokenAuth) GetUserFromToken 

func (c *KubeTokenAuth) GetUserFromToken(cnsiGUID string, tokenRecord *interfaces.TokenRecord) (*interfaces.ConnectedUser, bool)

func (*KubeTokenAuth) RegisterJetstreamAuthType 

func (c *KubeTokenAuth) RegisterJetstreamAuthType(portal interfaces.PortalProxy)

type OIDCKubeAuth 

type OIDCKubeAuth struct {
	// contains filtered or unexported fields
}

OIDCKubeAuth

func InitOIDCKubeAuth 

func InitOIDCKubeAuth(portalProxy interfaces.PortalProxy) *OIDCKubeAuth

InitOIDCKubeAuth

func (*OIDCKubeAuth) AddAuthInfo 

func (c *OIDCKubeAuth) AddAuthInfo(info *clientcmdapi.AuthInfo, tokenRec interfaces.TokenRecord) error

func (*OIDCKubeAuth) DoFlowRequest 

func (c *OIDCKubeAuth) DoFlowRequest(cnsiRequest *interfaces.CNSIRequest, req *http.Request) (*http.Response, error)

func (*OIDCKubeAuth) FetchToken 

func (c *OIDCKubeAuth) FetchToken(cnsiRecord interfaces.CNSIRecord, ec echo.Context) (*interfaces.TokenRecord, *interfaces.CNSIRecord, error)

func (*OIDCKubeAuth) GetName 

func (c *OIDCKubeAuth) GetName() string

GetName returns the provider name

func (*OIDCKubeAuth) GetOIDCConfig 

func (c *OIDCKubeAuth) GetOIDCConfig(k *config.KubeConfigUser) (*KubeConfigAuthProviderOIDC, error)

func (*OIDCKubeAuth) GetTokenFromKubeConfigUser 

func (c *OIDCKubeAuth) GetTokenFromKubeConfigUser(cnsiRecord interfaces.CNSIRecord, kubeConfigUser *config.KubeConfigUser) (*interfaces.TokenRecord, *interfaces.CNSIRecord, error)

func (*OIDCKubeAuth) GetUserFromToken 

func (c *OIDCKubeAuth) GetUserFromToken(cnsiGUID string, tokenRecord *interfaces.TokenRecord) (*interfaces.ConnectedUser, bool)

GetUserFromToken gets the username from the GKE Token

func (*OIDCKubeAuth) RegisterJetstreamAuthType 

func (c *OIDCKubeAuth) RegisterJetstreamAuthType(portal interfaces.PortalProxy)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.