k8sauthz

package
v0.5.0-rc2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 25, 2022 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultTimeout        = 60 * time.Second
	DefaultUsernamePrefix = "oidc:"

	AuthTypeBasic               = "basic"
	AuthTypeBasicSuffixUsername = ":basic:username"
	AuthTypeBasicSuffixPassword = ":basic:password"

	AuthTypeSSH                 = "ssh"
	AuthTypeSSHSuffixPrivateKey = ":ssh:privateKey"
	AuthTypeSSHSuffixPassword   = ":ssh:password"
)

Variables

View Source 
var (
	ErrIntervalIsRequired = errors.New("interval is required")
	ErrBranchIsRequired   = errors.New("branch is required")
)

Functions

This section is empty.

Types

type ClusterRoleMapping 

type ClusterRoleMapping struct {
	Scope       string
	Role        string
	ClusterRole string
}

type Config 

type Config struct {
	Repositories   []*GitRepository      `yaml:"repositories"`
	Mappings       []*ClusterRoleMapping `yaml:"mappings"`
	UsernamePrefix string                `yaml:"usernamePrefix"` // UsernamePrefix is prepended to usernames to prevent clashes with existing names (such as system: users). For example, the value oidc: will create usernames like oidc:jane.doe. Defaults to oidc:.
}

Config is the configuration for the GitRepoReconciler.

func NewConfigFromFile 

func NewConfigFromFile(data []byte) (*Config, error)

NewConfigFromFile creates a new GitRepoReconcilerConfig from a given yaml file

func NewConfigFromFilePath 

func NewConfigFromFilePath(name string) (*Config, error)

NewConfigFromFile creates a new GitRepoReconcilerConfig from a given yaml file path

type GitAuth 

type GitAuth struct {
	Type      string `yaml:"type"`
	EnvPrefix string `yaml:"envPrefix"`
}

type GitBasicAuth 

type GitBasicAuth struct {
	Username string `yaml:"username"`
	Password string `yaml:"password"`
}

GitBasicAuth is used to authenticate towards a Git repository over HTTPS using basic access authentication.

type GitRepoReconciler 

type GitRepoReconciler struct {
	// contains filtered or unexported fields
}

GitRepoReconciler reconciles the resources within the target repo to match the expected state.

func NewGitRepoReconciler 

func NewGitRepoReconciler(
	config *ReconcilerConfig,
	userRepo repositories.UserRepository,
	clusterAccessRepo repositories.ClusterAccessRepository,
	gitRepo *git.Repository,
) *GitRepoReconciler

NewGitRepoReconciler creates a new GitRepoReconciler configured via the given config.

func (*GitRepoReconciler) Reconcile 

func (r *GitRepoReconciler) Reconcile(ctx context.Context) error

func (*GitRepoReconciler) ReconcileUser 

func (r *GitRepoReconciler) ReconcileUser(ctx context.Context, user *projections.User) error

type GitRepository 

type GitRepository struct {
	// URL is a required field that specifies the HTTP/S or SSH address of the Git repository.
	URL string `yaml:"url"`
	// CA is an optional field to specify the Certificate Authority to trust while connecting with a git repository over HTTPS. If not specified OS CA's are used.
	CA string `yaml:"caCert"`
	// Branch is a required field that specifies the branch of the repository to use.
	Branch string `yaml:"branch"`
	// Internal is a required field that specifies the interval at which the Git repository must be fetched.
	Interval *time.Duration `yaml:"interval"`
	// Timeout is an optional field to specify a timeout for Git operations like cloning. Defaults to 60s.
	Timeout *time.Duration `yaml:"timeout"`
	// AllClusters is an optional field to specify if the RBAC for all clusters should be managed. Defaults to false.
	AllClusters bool `yaml:"allClusters"`
	// Clusters is an optional field to specify a list of clusters for which the RBAC should be managed.
	Clusters []string `yaml:"clusters"`
	// SubDir is the relative path within the repo where to reconcile yamls
	SubDir string  `yaml:"subdir"`
	Auth   GitAuth `yaml:"auth"`
	// contains filtered or unexported fields
}

GitRepository is configuration to connect to a git repository.

type GitSSHAuth 

type GitSSHAuth struct {
	PrivateKeyPath string `yaml:"privateKeyPath"`
	Password       string `yaml:"password"`
}

GitSSHAuth is used to authenticate towards a Git repository over SSH. With the respective private key of the SSH key pair, and the host keys of the Git repository.

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

func NewManager 

func NewManager(userRepository repositories.UserRepository, clusterAccessRepository repositories.ClusterAccessRepository) *Manager

func (*Manager) Close 

func (m *Manager) Close() error

func (*Manager) Notify 

func (m *Manager) Notify(ctx context.Context, u *projections.User)

func (*Manager) Run 

func (m *Manager) Run(ctx context.Context, conf *Config) error

type ReconcilerConfig 

type ReconcilerConfig struct {
	RootDirectory  string
	SubPath        string
	UsernamePrefix string
	Mappings       []*ClusterRoleMapping `yaml:"mappings"`
}

func NewReconcilerConfig 

func NewReconcilerConfig(rootDir, subPath, usernamePrefix string, mappings []*ClusterRoleMapping) *ReconcilerConfig

type TestEnv 

type TestEnv struct {
	// contains filtered or unexported fields
}

func NewTestEnv 

func NewTestEnv() (*TestEnv, error)

func (*TestEnv) Shutdown 

func (env *TestEnv) Shutdown() error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.