secrets

package
v1.38.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 17, 2021 License: Apache-2.0, BSD-2-Clause, MIT, + 1 more Imports: 30 Imported by: 85

Documentation

Index

Constants

View Source
const (
	// BasicAuthFormatNormal indicates that the data map should be rendered the normal way (dedicated keys for
	// username and password.
	BasicAuthFormatNormal formatType = "normal"
	// BasicAuthFormatCSV indicates that the data map should be rendered in the CSV-format.
	BasicAuthFormatCSV formatType = "csv"

	// DataKeyCSV is the key in a secret data holding the CSV format of a secret.
	DataKeyCSV = "basic_auth.csv"
	// DataKeyUserName is the key in a secret data holding the username.
	DataKeyUserName = "username"
	// DataKeyPassword is the key in a secret data holding the password.
	DataKeyPassword = "password"
)
View Source
const (
	// CACert indicates that the certificate should be a certificate authority.
	CACert CertType = "ca"
	// ServerCert indicates that the certificate should have the ExtKeyUsageServerAuth usage.
	ServerCert CertType = "server"
	// ClientCert indicates that the certificate should have the ExtKeyUsageClientAuth usage.
	ClientCert CertType = "client"
	// ServerClientCert indicates that the certificate should have both the ExtKeyUsageServerAuth and ExtKeyUsageClientAuth usage.
	ServerClientCert CertType = "both"

	// DataKeyCertificate is the key in a secret data holding the certificate.
	DataKeyCertificate = "tls.crt"
	// DataKeyPrivateKey is the key in a secret data holding the private key.
	DataKeyPrivateKey = "tls.key"
	// DataKeyCertificateCA is the key in a secret data holding the CA certificate.
	DataKeyCertificateCA = "ca.crt"
	// DataKeyPrivateKeyCA is the key in a secret data holding the CA private key.
	DataKeyPrivateKeyCA = "ca.key"
)
View Source
const (
	// PKCS1 certificate format
	PKCS1 = iota
	// PKCS8 certificate format
	PKCS8
)
View Source
const (
	// DataKeyRSAPrivateKey is the key in a secret data holding the RSA private key.
	DataKeyRSAPrivateKey = "id_rsa"
	// DataKeySSHAuthorizedKeys is the key in a secret data holding the OpenSSH authorized keys.
	DataKeySSHAuthorizedKeys = "id_rsa.pub"
)
View Source
const (
	// DataKeyStaticTokenCSV is the key in a secret data holding the CSV format of a secret.
	DataKeyStaticTokenCSV = "static_tokens.csv"
	// DataKeyUserID is the key in a secret data holding the userID.
	DataKeyUserID = "userID"
	// DataKeyGroups is the key in a secret data holding the groups.
	DataKeyGroups = "groups"
	// DataKeyToken is the key in a secret data holding the token.
	DataKeyToken = "token"
)
View Source
const BasicAuthDataType = infodata.TypeVersion("basicAuth")

BasicAuthDataType is the type used to denote an BasicAuthJSONData structure in the ShootState

View Source
const CertificateDataType = infodata.TypeVersion("certificate")

CertificateDataType is the type used to denote an CertificateJSONData structure in the ShootState

View Source
const (
	// DataKeyKubeconfig is the key in a secret data holding the kubeconfig.
	DataKeyKubeconfig = "kubeconfig"
)
View Source
const DataKeyVPNTLSAuth = "vpn.tlsauth"

DataKeyVPNTLSAuth is the key in a secret data holding the vpn tlsauth key.

View Source
const PrivateKeyDataType = infodata.TypeVersion("privateKey")

PrivateKeyDataType is the type used to denote an PrivateKeyJSONData structure in the ShootState

View Source
const StaticTokenDataType = infodata.TypeVersion("staticToken")

StaticTokenDataType is the type used to denote an StaticTokenJSONData structure in the ShootState

View Source
const TemporaryDirectoryForSelfGeneratedTLSCertificatesPattern = "self-generated-server-certificates-"

TemporaryDirectoryForSelfGeneratedTLSCertificatesPattern is a constant for the pattern used when creating a temporary directory for self-generated certificates.

Variables

View Source
var NowFunc = time.Now

NowFunc is a function returning the current time. Exposed for testing.

Functions

func CertificateIsExpired added in v1.34.0

func CertificateIsExpired(cert []byte, renewalWindow time.Duration) (bool, error)

CertificateIsExpired returns `true` if the given certificate is expired. The given `renewalWindow` lets the certificate expire earlier.

func ControlPlaneSecretDataKeyCertificatePEM added in v1.10.0

func ControlPlaneSecretDataKeyCertificatePEM(name string) string

ControlPlaneSecretDataKeyCertificatePEM returns the data key inside a Secret of type ControlPlane whose value contains the certificate PEM.

func ControlPlaneSecretDataKeyPrivateKey added in v1.10.0

func ControlPlaneSecretDataKeyPrivateKey(name string) string

ControlPlaneSecretDataKeyPrivateKey returns the data key inside a Secret of type ControlPlane whose value contains the private key PEM.

func GenerateCertificateAuthorities

func GenerateCertificateAuthorities(ctx context.Context, c client.Client, existingSecretsMap map[string]*corev1.Secret, wantedCertificateAuthorities map[string]*CertificateSecretConfig, namespace string) (map[string]*corev1.Secret, map[string]*Certificate, error)

GenerateCertificateAuthorities get a map of wanted certificates and check If they exist in the existingSecretsMap based on the keys in the map. If they exist it get only the certificate from the corresponding existing secret and makes a certificate DataInterface from the existing secret. If there is no existing secret contaning the wanted certificate, we make one certificate and with it we deploy in K8s cluster a secret with that certificate and then return the newly existing secret. The function returns a map of secrets contaning the wanted CA, a map with the wanted CA certificate and an error.

func GenerateClusterSecrets

func GenerateClusterSecrets(ctx context.Context, c client.Client, existingSecretsMap map[string]*corev1.Secret, wantedSecretsList []ConfigInterface, namespace string) (map[string]*corev1.Secret, error)

GenerateClusterSecrets try to deploy in the k8s cluster each secret in the wantedSecretsList. If the secret already exist it jumps to the next one. The function returns a map with all of the successfully deployed wanted secrets plus those already deployed (only from the wantedSecretsList).

func GenerateClusterSecretsWithFunc added in v1.7.0

func GenerateClusterSecretsWithFunc(ctx context.Context, k8sClusterClient client.Client, existingSecretsMap map[string]*corev1.Secret, wantedSecretsList []ConfigInterface, namespace string, SecretsGeneratorFunc func(s ConfigInterface) (DataInterface, error)) (map[string]*corev1.Secret, error)

GenerateClusterSecretsWithFunc will try to deploy in the k8s cluster each secret in the wantedSecretsList. If the secret already exist it jumps to the next one. The function will used the SecretsGeneratorFunc to create the secret DataInterface from the wantedSecret configs.

func GenerateKubeconfig added in v1.36.0

func GenerateKubeconfig(secret *ControlPlaneSecretConfig, certificate *Certificate) ([]byte, error)

GenerateKubeconfig generates a Kubernetes Kubeconfig for communicating with the kube-apiserver by using a client certificate. If <basicAuthUser> and <basicAuthPass> are non-empty string, a second user object containing the Basic Authentication credentials is added to the Kubeconfig.

func NewBasicAuthInfoData added in v1.7.0

func NewBasicAuthInfoData(password string) infodata.InfoData

NewBasicAuthInfoData creates a new BasicAuthInfoData struct with the given password.

func SelfGenerateTLSServerCertificate added in v1.5.0

func SelfGenerateTLSServerCertificate(name string, dnsNames []string, ips []net.IP) (cert *Certificate, ca *Certificate, dir string, rErr error)

SelfGenerateTLSServerCertificate generates a new CA certificate and signs a server certificate with it. It'll store the generated CA + server certificate bytes into a temporary directory with the default filenames, e.g. `DataKeyCertificateCA`. The function will return the *Certificate object as well as the path of the temporary directory where the certificates are stored.

func UnmarshalBasicAuth added in v1.7.0

func UnmarshalBasicAuth(bytes []byte) (infodata.InfoData, error)

UnmarshalBasicAuth unmarshals an BasicAuthJSONData into a BasicAuthInfoData struct.

func UnmarshalCert added in v1.7.0

func UnmarshalCert(bytes []byte) (infodata.InfoData, error)

UnmarshalCert unmarshals an CertificateJSONData into a CertificateInfoData.

func UnmarshalPrivateKey added in v1.7.0

func UnmarshalPrivateKey(bytes []byte) (infodata.InfoData, error)

UnmarshalPrivateKey unmarshals an PrivateKeyJSONData into an PrivateKeyInfoData.

func UnmarshalStaticToken added in v1.7.0

func UnmarshalStaticToken(bytes []byte) (infodata.InfoData, error)

UnmarshalStaticToken unmarshals an StaticTokenJSONData into a StaticTokenInfoData.

Types

type BasicAuth

type BasicAuth struct {
	Name   string
	Format formatType

	Username string
	Password string
}

BasicAuth contains the username, the password, optionally hash of the password and the format for serializing the basic authentication

func LoadBasicAuthFromCSV

func LoadBasicAuthFromCSV(name string, data []byte) (*BasicAuth, error)

LoadBasicAuthFromCSV loads the basic auth username and the password from the given CSV-formatted <data>.

func (*BasicAuth) SecretData

func (b *BasicAuth) SecretData() map[string][]byte

SecretData computes the data map which can be used in a Kubernetes secret.

type BasicAuthInfoData added in v1.7.0

type BasicAuthInfoData struct {
	Password string
}

BasicAuthInfoData holds the password used for basic authentication.

func (*BasicAuthInfoData) Marshal added in v1.7.0

func (b *BasicAuthInfoData) Marshal() ([]byte, error)

Marshal implements InfoData

func (*BasicAuthInfoData) TypeVersion added in v1.7.0

func (b *BasicAuthInfoData) TypeVersion() infodata.TypeVersion

TypeVersion implements InfoData

type BasicAuthJSONData added in v1.7.0

type BasicAuthJSONData struct {
	Password string `json:"password"`
}

BasicAuthJSONData is the json representation of BasicAuthInfoData used to store BasicAuth metadata in the ShootState

type BasicAuthSecretConfig

type BasicAuthSecretConfig struct {
	Name   string
	Format formatType

	Username       string
	PasswordLength int
}

BasicAuthSecretConfig contains the specification for a to-be-generated basic authentication secret.

func (*BasicAuthSecretConfig) Generate

func (s *BasicAuthSecretConfig) Generate() (DataInterface, error)

Generate implements ConfigInterface.

func (*BasicAuthSecretConfig) GenerateBasicAuth

func (s *BasicAuthSecretConfig) GenerateBasicAuth() (*BasicAuth, error)

GenerateBasicAuth computes a username,password and the hash of the password keypair. It uses "admin" as username and generates a random password of length 32.

func (*BasicAuthSecretConfig) GenerateFromInfoData added in v1.7.0

func (s *BasicAuthSecretConfig) GenerateFromInfoData(infoData infodata.InfoData) (DataInterface, error)

GenerateFromInfoData implements ConfigInteface

func (*BasicAuthSecretConfig) GenerateInfoData added in v1.7.0

func (s *BasicAuthSecretConfig) GenerateInfoData() (infodata.InfoData, error)

GenerateInfoData implements ConfigInterface.

func (*BasicAuthSecretConfig) GetName

func (s *BasicAuthSecretConfig) GetName() string

GetName returns the name of the secret.

func (*BasicAuthSecretConfig) LoadFromSecretData added in v1.7.0

func (s *BasicAuthSecretConfig) LoadFromSecretData(secretData map[string][]byte) (infodata.InfoData, error)

LoadFromSecretData implements infodata.Loader

type CertType added in v1.32.0

type CertType string

CertType is a string alias for certificate types.

type Certificate

type Certificate struct {
	Name string

	CA *Certificate

	PrivateKey    *rsa.PrivateKey
	PrivateKeyPEM []byte

	Certificate    *x509.Certificate
	CertificatePEM []byte
}

Certificate contains the private key, and the certificate. It does also contain the CA certificate in case it is no CA. Otherwise, the <CA> field is nil.

func LoadCAFromSecret

func LoadCAFromSecret(ctx context.Context, k8sClient client.Client, namespace, name string) (*corev1.Secret, *Certificate, error)

LoadCAFromSecret loads a CA certificate from an existing Kubernetes secret object. It returns the secret, the Certificate and an error.

func LoadCertificate

func LoadCertificate(name string, privateKeyPEM, certificatePEM []byte) (*Certificate, error)

LoadCertificate takes a byte slice representation of a certificate and the corresponding private key, and returns its de-serialized private key, certificate template and PEM certificate which can be used to sign other x509 certificates.

func (*Certificate) SecretData

func (c *Certificate) SecretData() map[string][]byte

SecretData computes the data map which can be used in a Kubernetes secret.

type CertificateInfoData added in v1.7.0

type CertificateInfoData struct {
	PrivateKey  []byte
	Certificate []byte
}

CertificateInfoData holds a certificate's private key data and certificate data.

func NewCertificateInfoData added in v1.7.0

func NewCertificateInfoData(privateKey, certificate []byte) *CertificateInfoData

NewCertificateInfoData creates a new CertificateInfoData struct

func (*CertificateInfoData) Marshal added in v1.7.0

func (c *CertificateInfoData) Marshal() ([]byte, error)

Marshal implements InfoData

func (*CertificateInfoData) TypeVersion added in v1.7.0

func (c *CertificateInfoData) TypeVersion() infodata.TypeVersion

TypeVersion implements InfoData

type CertificateJSONData added in v1.7.0

type CertificateJSONData struct {
	PrivateKey  []byte `json:"privateKey"`
	Certificate []byte `json:"certificate"`
}

CertificateJSONData is the json representation of CertificateInfoData used to store Certificate metadata in the ShootState

type CertificateSecretConfig

type CertificateSecretConfig struct {
	Name string

	CommonName   string
	Organization []string
	DNSNames     []string
	IPAddresses  []net.IP

	CertType  CertType
	SigningCA *Certificate
	PKCS      int

	Validity *time.Duration

	// Now should only be set in tests.
	// Defaults to time.Now
	Now func() time.Time
}

CertificateSecretConfig contains the specification a to-be-generated CA, server, or client certificate. It always contains a 2048-bit RSA private key.

func (*CertificateSecretConfig) Generate

func (s *CertificateSecretConfig) Generate() (DataInterface, error)

Generate implements ConfigInterface.

func (*CertificateSecretConfig) GenerateCertificate

func (s *CertificateSecretConfig) GenerateCertificate() (*Certificate, error)

GenerateCertificate computes a CA, server, or client certificate based on the configuration.

func (*CertificateSecretConfig) GenerateFromInfoData added in v1.7.0

func (s *CertificateSecretConfig) GenerateFromInfoData(infoData infodata.InfoData) (DataInterface, error)

GenerateFromInfoData implements ConfigInterface

func (*CertificateSecretConfig) GenerateInfoData added in v1.7.0

func (s *CertificateSecretConfig) GenerateInfoData() (infodata.InfoData, error)

GenerateInfoData implements ConfigInterface

func (*CertificateSecretConfig) GetName

func (s *CertificateSecretConfig) GetName() string

GetName returns the name of the secret.

func (*CertificateSecretConfig) LoadFromSecretData added in v1.7.0

func (s *CertificateSecretConfig) LoadFromSecretData(secretData map[string][]byte) (infodata.InfoData, error)

LoadFromSecretData implements infodata.Loader

type ConfigInterface

type ConfigInterface interface {
	// GetName returns the name of the configuration.
	GetName() string
	// Generate generates a secret interface
	Generate() (DataInterface, error)
	// GenerateInfoData generates only the InfoData (metadata) which can later be used to generate a secret.
	GenerateInfoData() (infodata.InfoData, error)
	// GenerateFromInfoData combines the configuration and the provided InfoData (metadata) and generates a secret.
	GenerateFromInfoData(infoData infodata.InfoData) (DataInterface, error)
}

ConfigInterface define functions needed for generating a specific secret.

type ControlPlane

type ControlPlane struct {
	Name string

	Certificate *Certificate
	BasicAuth   *BasicAuth
	Token       *Token
	Kubeconfig  []byte
}

ControlPlane contains the certificate, and optionally the basic auth. information as well as a Kubeconfig.

func (*ControlPlane) SecretData

func (c *ControlPlane) SecretData() map[string][]byte

SecretData computes the data map which can be used in a Kubernetes secret.

type ControlPlaneSecretConfig

type ControlPlaneSecretConfig struct {
	*CertificateSecretConfig

	BasicAuth *BasicAuth
	Token     *Token

	KubeConfigRequests []KubeConfigRequest
}

ControlPlaneSecretConfig is a struct which inherits from CertificateSecretConfig and is extended with a couple of additional properties. A control plane secret will always contain a server/client certificate and optionally a kubeconfig.

func (*ControlPlaneSecretConfig) Generate

func (s *ControlPlaneSecretConfig) Generate() (DataInterface, error)

Generate implements ConfigInterface.

func (*ControlPlaneSecretConfig) GenerateControlPlane

func (s *ControlPlaneSecretConfig) GenerateControlPlane() (*ControlPlane, error)

GenerateControlPlane computes a secret for a control plane component of the clusters managed by Gardener. It may include a Kubeconfig.

func (*ControlPlaneSecretConfig) GenerateFromInfoData added in v1.7.0

func (s *ControlPlaneSecretConfig) GenerateFromInfoData(infoData infodata.InfoData) (DataInterface, error)

GenerateFromInfoData implements ConfigInterface

func (*ControlPlaneSecretConfig) GenerateInfoData added in v1.7.0

func (s *ControlPlaneSecretConfig) GenerateInfoData() (infodata.InfoData, error)

GenerateInfoData implements ConfigInterface

func (*ControlPlaneSecretConfig) GetName

func (s *ControlPlaneSecretConfig) GetName() string

GetName returns the name of the secret.

func (*ControlPlaneSecretConfig) LoadFromSecretData added in v1.7.0

func (s *ControlPlaneSecretConfig) LoadFromSecretData(secretData map[string][]byte) (infodata.InfoData, error)

LoadFromSecretData implements infodata.Loader

type DataInterface added in v1.8.0

type DataInterface interface {
	// SecretData computes the data map which can be used in a Kubernetes secret.
	SecretData() map[string][]byte
}

DataInterface defines functions needed for defining the data map of a Kubernetes secret.

type Interface

type Interface interface {
	// Deploy generates and deploys the secrets into the given namespace, taking into account existing secrets.
	Deploy(context.Context, kubernetes.Interface, gardenerkubernetes.Interface, string) (map[string]*corev1.Secret, error)
	// Delete deletes the secrets from the given namespace.
	Delete(context.Context, kubernetes.Interface, string) error
}

Interface represents a set of secrets that can be deployed and deleted.

type KubeConfigRequest

type KubeConfigRequest struct {
	ClusterName   string
	APIServerHost string
}

KubeConfigRequest is a struct which holds information about a Kubeconfig to be generated.

type PrivateKeyInfoData added in v1.7.0

type PrivateKeyInfoData struct {
	PrivateKey []byte
}

PrivateKeyInfoData holds the data of a private key.

func NewPrivateKeyInfoData added in v1.7.0

func NewPrivateKeyInfoData(privateKey []byte) *PrivateKeyInfoData

NewPrivateKeyInfoData creates a new PrivateKeyInfoData struct

func (*PrivateKeyInfoData) Marshal added in v1.7.0

func (r *PrivateKeyInfoData) Marshal() ([]byte, error)

Marshal implements InfoData

func (*PrivateKeyInfoData) TypeVersion added in v1.7.0

func (r *PrivateKeyInfoData) TypeVersion() infodata.TypeVersion

TypeVersion implements InfoData

type PrivateKeyJSONData added in v1.7.0

type PrivateKeyJSONData struct {
	PrivateKey []byte `json:"privateKey"`
}

PrivateKeyJSONData is the json representation of PrivateKeyInfoData used to store private key in the ShootState

type RSAKeys

type RSAKeys struct {
	Name string

	PrivateKey *rsa.PrivateKey
	PublicKey  *rsa.PublicKey

	OpenSSHAuthorizedKey []byte
}

RSAKeys contains the private key, the public key, and optionally the OpenSSH-formatted authorized keys file data.

func (*RSAKeys) SecretData

func (r *RSAKeys) SecretData() map[string][]byte

SecretData computes the data map which can be used in a Kubernetes secret.

type RSASecretConfig

type RSASecretConfig struct {
	Name string

	Bits       int
	UsedForSSH bool
}

RSASecretConfig containing information about the number of bits which should be used for the to-be-created RSA private key.

func (*RSASecretConfig) Generate

func (s *RSASecretConfig) Generate() (DataInterface, error)

Generate implements ConfigInterface.

func (*RSASecretConfig) GenerateFromInfoData added in v1.7.0

func (s *RSASecretConfig) GenerateFromInfoData(infoData infodata.InfoData) (DataInterface, error)

GenerateFromInfoData implements ConfigInterface

func (*RSASecretConfig) GenerateInfoData added in v1.7.0

func (s *RSASecretConfig) GenerateInfoData() (infodata.InfoData, error)

GenerateInfoData implements ConfigInterface.

func (*RSASecretConfig) GenerateRSAKeys

func (s *RSASecretConfig) GenerateRSAKeys() (*RSAKeys, error)

GenerateRSAKeys computes a RSA private key based on the configured number of bits.

func (*RSASecretConfig) GetName

func (s *RSASecretConfig) GetName() string

GetName returns the name of the secret.

func (*RSASecretConfig) LoadFromSecretData added in v1.7.0

func (s *RSASecretConfig) LoadFromSecretData(secretData map[string][]byte) (infodata.InfoData, error)

LoadFromSecretData implements infodata.Loader

type Secrets

type Secrets struct {
	CertificateSecretConfigs map[string]*CertificateSecretConfig
	SecretConfigsFunc        func(map[string]*Certificate, string) []ConfigInterface
}

Secrets represents a set of secrets that can be deployed and deleted.

func (*Secrets) Delete

func (s *Secrets) Delete(ctx context.Context, cs kubernetes.Interface, namespace string) error

Delete deletes the secrets from the given namespace.

func (*Secrets) Deploy

func (s *Secrets) Deploy(
	ctx context.Context,
	cs kubernetes.Interface,
	gcs gardenerkubernetes.Interface,
	namespace string,
) (
	map[string]*corev1.Secret,
	error,
)

Deploy generates and deploys the secrets into the given namespace, taking into account existing secrets.

type StaticToken

type StaticToken struct {
	Name string

	Tokens []Token
}

StaticToken contains the username, the password, optionally hash of the password and the format for serializing the static token

func LoadStaticTokenFromCSV

func LoadStaticTokenFromCSV(name string, data []byte) (*StaticToken, error)

LoadStaticTokenFromCSV loads the static token data from the given CSV-formatted <data>.

func (*StaticToken) GetTokenForUsername

func (b *StaticToken) GetTokenForUsername(username string) (*Token, error)

GetTokenForUsername returns the token for the given username.

func (*StaticToken) SecretData

func (b *StaticToken) SecretData() map[string][]byte

SecretData computes the data map which can be used in a Kubernetes secret.

type StaticTokenInfoData added in v1.7.0

type StaticTokenInfoData struct {
	Tokens map[string]string
}

StaticTokenInfoData holds an array of TokenInfoData.

func NewStaticTokenInfoData added in v1.7.0

func NewStaticTokenInfoData(tokens map[string]string) *StaticTokenInfoData

NewStaticTokenInfoData creates a new StaticTokenInfoData with the provided tokens.

func (*StaticTokenInfoData) Append added in v1.7.0

func (s *StaticTokenInfoData) Append(staticTokenInfoData *StaticTokenInfoData)

Append appends the tokens from the provided StaticTokenInfoData to this StaticTokenInfoData.

func (*StaticTokenInfoData) Marshal added in v1.7.0

func (s *StaticTokenInfoData) Marshal() ([]byte, error)

Marshal implements InfoData

func (*StaticTokenInfoData) RemoveTokens added in v1.7.0

func (s *StaticTokenInfoData) RemoveTokens(usernames ...string)

RemoveTokens removes tokens with the provided usernames from this StaticTokenInfoData.

func (*StaticTokenInfoData) TypeVersion added in v1.7.0

func (s *StaticTokenInfoData) TypeVersion() infodata.TypeVersion

TypeVersion implements InfoData.

type StaticTokenJSONData added in v1.7.0

type StaticTokenJSONData struct {
	Tokens map[string]string `json:"tokens"`
}

StaticTokenJSONData is the json representation of a StaticTokenInfoData

type StaticTokenSecretConfig

type StaticTokenSecretConfig struct {
	Name string

	Tokens map[string]TokenConfig
}

StaticTokenSecretConfig contains the specification a to-be-generated static token secret.

func (*StaticTokenSecretConfig) Generate

func (s *StaticTokenSecretConfig) Generate() (DataInterface, error)

Generate implements ConfigInterface.

func (*StaticTokenSecretConfig) GenerateFromInfoData added in v1.7.0

func (s *StaticTokenSecretConfig) GenerateFromInfoData(infoData infodata.InfoData) (DataInterface, error)

GenerateFromInfoData implements ConfigInterface.

func (*StaticTokenSecretConfig) GenerateInfoData added in v1.7.0

func (s *StaticTokenSecretConfig) GenerateInfoData() (infodata.InfoData, error)

GenerateInfoData implements ConfigInterface.

func (*StaticTokenSecretConfig) GenerateStaticToken

func (s *StaticTokenSecretConfig) GenerateStaticToken() (*StaticToken, error)

GenerateStaticToken computes a random token of length 128.

func (*StaticTokenSecretConfig) GetName

func (s *StaticTokenSecretConfig) GetName() string

GetName returns the name of the secret.

func (*StaticTokenSecretConfig) LoadFromSecretData added in v1.7.0

func (s *StaticTokenSecretConfig) LoadFromSecretData(secretData map[string][]byte) (infodata.InfoData, error)

LoadFromSecretData implements infodata.Loader.

type Token

type Token struct {
	Username string
	UserID   string
	Groups   []string
	Token    string
}

Token contains fields of a generated token.

type TokenConfig

type TokenConfig struct {
	Username string
	UserID   string
	Groups   []string
}

TokenConfig contains configuration for a token.

type VPNTLSAuth added in v1.7.0

type VPNTLSAuth struct {
	Name       string
	TLSAuthKey []byte
}

VPNTLSAuth contains the name and the generated vpn tls authentication key.

func (*VPNTLSAuth) SecretData added in v1.7.0

func (v *VPNTLSAuth) SecretData() map[string][]byte

SecretData computes the data map which can be used in a Kubernetes secret.

type VPNTLSAuthConfig added in v1.7.0

type VPNTLSAuthConfig struct {
	Name                   string
	VPNTLSAuthKeyGenerator func() ([]byte, error)
}

VPNTLSAuthConfig contains the specification for a to-be-generated vpn tls authentication secret. The key will be generated by the provided VPNTLSAuthKeyGenerator. By default the openvpn command is used to generate the key if no generator function is specified.

func (*VPNTLSAuthConfig) Generate added in v1.7.0

func (s *VPNTLSAuthConfig) Generate() (DataInterface, error)

Generate implements ConfigInterface.

func (*VPNTLSAuthConfig) GenerateFromInfoData added in v1.7.0

func (s *VPNTLSAuthConfig) GenerateFromInfoData(infoData infodata.InfoData) (DataInterface, error)

GenerateFromInfoData implements ConfigInteface

func (*VPNTLSAuthConfig) GenerateInfoData added in v1.7.0

func (s *VPNTLSAuthConfig) GenerateInfoData() (infodata.InfoData, error)

GenerateInfoData implements ConfigInterface.

func (*VPNTLSAuthConfig) GetName added in v1.7.0

func (s *VPNTLSAuthConfig) GetName() string

GetName returns the name of the secret.

func (*VPNTLSAuthConfig) LoadFromSecretData added in v1.7.0

func (s *VPNTLSAuthConfig) LoadFromSecretData(secretData map[string][]byte) (infodata.InfoData, error)

LoadFromSecretData implements infodata.Loader

Directories

Path Synopsis
Package mock is a generated GoMock package.
Package mock is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL