k8s

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 11, 2018 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source
const (
	IssuerUrl                = "idp-issuer-url"
	ClientID                 = "client-id"
	ClientSecret             = "client-secret"
	CertificateAuthority     = "idp-certificate-authority"
	CertificateAuthorityData = "idp-certificate-authority-data"
	ExtraScopes              = "extra-scopes"
	IDToken                  = "id-token"
	RefreshToken             = "refresh-token"

	AccessToken = "access-token"
)

Variables

View Source
var DefaultKubeConfigPath = cfg.RecommendedHomeFile

Functions

This section is empty.

Types

type Cache

type Cache struct {
	// contains filtered or unexported fields
}

Cache is an cache for OIDC tokens that installs token inside k8s user config directory in `Users:` sections of yaml. It is convenient for initial install of token (and possibly refresh-token) for OIDC auth-provider. It stores config following set-credentials way of saving credentials:

users:

  • name: <k8sUsers[0]> user: auth-provider: config: client-id: <clientID> client-secret: <clientSecret> extra-scopes: groups id-token: <id-token> idp-issuer-url: <provider> refresh-token: <[optional] refresh-token) name: oidc

func NewCache

func NewCache(kubeConfigPath string, loginCfg login.OIDCConfig, k8sUsers ...string) *Cache

NewCache constructs cache that installs specified configuration and token under given k8s users inside kubeconfig.

func NewCacheFromUser

func NewCacheFromUser(kubeConfigPath string, k8sUser string) (*Cache, error)

NewCacheFromUser constructs cache that assumes that required configuration (and optionally refresh token) is already cached under given user inside kubeconfig. It returns error if configuration is not there.

func (*Cache) Config

func (c *Cache) Config() login.OIDCConfig

Config returns OIDC configuration.

func (*Cache) SaveToken

func (c *Cache) SaveToken(token *oidc.Token) error

SaveToken saves token as k8s user's credentials inside k8s config directory. It saves the same thing for ALL specified k8s users.

func (*Cache) Token

func (c *Cache) Token() (*oidc.Token, error)

Token retrieves the tokens from all of the registered users in kube config. It does not check if tokens are valid, however if the OIDC clients data are different than configured in login.Config or one of the tokens for all specified k8s users is different - it returns an error.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL