Documentation ¶
Overview ¶
Package cloud provides functionality to parse information describing clouds, including regions, supported auth types etc.
Index ¶
- Constants
- func BuildHostCloudRegion(cloudType, region string) string
- func CloudIsCAAS(cloud Cloud) bool
- func CloudTypeIsCAAS(cloudType string) bool
- func DefaultCloudDescription(cloudType string) string
- func IsSameCloudMetadata(meta1, meta2 map[string]Cloud) (bool, error)
- func JujuPersonalCloudsPath() string
- func JujuPublicCloudsPath() string
- func MarshalCloud(cloud Cloud) ([]byte, error)
- func ParseCloudMetadata(data []byte) (map[string]Cloud, error)
- func ParseCloudMetadataFile(file string) (map[string]Cloud, error)
- func ParseCredentials(data []byte) (map[string]CloudCredential, error)
- func PersonalCloudMetadata() (map[string]Cloud, error)
- func PublicCloudMetadata(searchPath ...string) (result map[string]Cloud, fallbackUsed bool, err error)
- func RegionNames(regions []Region) []string
- func RegisterStructTags(vals ...interface{})
- func SplitHostCloudRegion(hostCloudRegion string) (string, string, error)
- func ValidateCloudSet(data []byte) error
- func ValidateFileAttrValue(path string) (string, error)
- func ValidateOneCloud(data []byte) error
- func WritePersonalCloudMetadata(cloudsMap map[string]Cloud) error
- func WritePublicCloudMetadata(cloudsMap map[string]Cloud) error
- type Attrs
- type AuthType
- type AuthTypes
- type Cloud
- type CloudCredential
- type Credential
- func ExpandFilePathsOfCredential(cred Credential, schemas map[AuthType]CredentialSchema) (Credential, error)
- func FinalizeCredential(credential Credential, schemas map[AuthType]CredentialSchema, ...) (*Credential, error)
- func NewCredential(authType AuthType, attributes map[string]string) Credential
- func NewEmptyCredential() Credential
- func NewNamedCredential(name string, authType AuthType, attributes map[string]string, revoked bool) Credential
- func RemoveSecrets(credential Credential, schemas map[AuthType]CredentialSchema) (*Credential, error)
- func (c Credential) Attributes() map[string]string
- func (c Credential) AuthType() AuthType
- func (c Credential) MarshalJSON() ([]byte, error)
- func (c Credential) MarshalYAML() (interface{}, error)
- func (c *Credential) UnmarshalJSON(b []byte) error
- func (c *Credential) UnmarshalYAML(unmarshal func(interface{}) error) error
- type CredentialAttr
- type CredentialCollection
- type CredentialSchema
- type NamedCredentialAttr
- type Region
- type RegionConfig
- type ValidationWarning
- type WhiteList
Constants ¶
const ( // AccessKeyAuthType is an authentication type using a key and secret. AccessKeyAuthType AuthType = "access-key" // InstanceRoleAuthType is an authentication type used by sourcing // credentials from within the machine's context in a given cloud provider. // You only get these credentials by running within that machine. InstanceRoleAuthType AuthType = "instance-role" // ManagedIdentityAuthType is an authentication type used by sourcing // credentials from a user managed identity from within the machine's context. // You only get these credentials by running within that machine. ManagedIdentityAuthType AuthType = "managed-identity" // UserPassAuthType is an authentication type using a username and password. UserPassAuthType AuthType = "userpass" // OAuth1AuthType is an authentication type using oauth1. OAuth1AuthType AuthType = "oauth1" // OAuth2AuthType is an authentication type using oauth2. OAuth2AuthType AuthType = "oauth2" // JSONFileAuthType is an authentication type that takes a path to // a JSON file. JSONFileAuthType AuthType = "jsonfile" // ClientCertificateAuthType is an authentication type using client // certificates. ClientCertificateAuthType AuthType = "clientcertificate" // HTTPSigAuthType is an authentication type that uses HTTP signatures: // https://tools.ietf.org/html/draft-cavage-http-signatures-06 HTTPSigAuthType AuthType = "httpsig" // InteractiveAuthType is a credential auth-type provided as an option to // "juju add-credential", which takes the user through the process of // adding credentials. e.g. for lxd: generating a certificate credential. // This authType should used in a CredentialSchema, not a CloudSchema. InteractiveAuthType = "interactive" // EmptyAuthType is the authentication type used for providers // that require no credentials, e.g. "lxd", and "manual". EmptyAuthType AuthType = "empty" // AuthTypesKey is the name of the key in a cloud config or cloud schema // that holds the cloud's auth types. AuthTypesKey = "auth-types" // EndpointKey is the name of the key in a cloud config or cloud schema // that holds the cloud's endpoint url. EndpointKey = "endpoint" // RegionsKey is the name of the key in a cloud schema that holds the list // of regions a cloud supports. RegionsKey = "regions" // CertFilenameKey is the name of the key in a cloud schema that holds // the filename of a CA Certificate to be used to access the cloud, in conjunction // with an auth type. CertFilenameKey = "certfilename" )
const (
// CloudTypeKubernetes is the kubernetes cloud type.
CloudTypeKubernetes = "kubernetes"
)
const DefaultCloudRegion = "default"
DefaultCloudRegion is the name of the default region that Juju creates for clouds that do not define a region.
Variables ¶
This section is empty.
Functions ¶
func BuildHostCloudRegion ¶
BuildHostCloudRegion combines cloudType with region to host cloud region.
func CloudTypeIsCAAS ¶
CloudTypeIsCAAS checks if a given cloud type is a CAAS cloud
func DefaultCloudDescription ¶
DefaultCloudDescription returns the description for the specified cloud type, or an empty string if the cloud type is unknown.
func IsSameCloudMetadata ¶
IsSameCloudMetadata returns true if both meta and meta2 contain the same cloud metadata.
func JujuPersonalCloudsPath ¶
func JujuPersonalCloudsPath() string
JujuPersonalCloudsPath is the location where personal cloud information is expected to be found. Requires JUJU_HOME to be set.
func JujuPublicCloudsPath ¶
func JujuPublicCloudsPath() string
JujuPublicCloudsPath is the location where public cloud information is expected to be found. Requires JUJU_HOME to be set.
func MarshalCloud ¶
MarshalCloud marshals a Cloud to an opaque byte array.
func ParseCloudMetadata ¶
ParseCloudMetadata parses the given yaml bytes into Clouds metadata.
The expected regular yaml formal is:
clouds:
garage-maas: type: maas auth-types: [oauth1] endpoint: "http://garagemaas" skip-tls-verify: true` ...
It also accepts a yaml format without the 'clouds' key at the top, e.g.
garage-maas:
type: maas auth-types: [oauth1] endpoint: "http://garagemaas" skip-tls-verify: true`
...
func ParseCloudMetadataFile ¶
ParseCloudMetadataFile loads any cloud metadata defined in the specified file.
func ParseCredentials ¶
func ParseCredentials(data []byte) (map[string]CloudCredential, error)
ParseCredentials parses the given yaml bytes into Credentials, but does not validate the credential attributes.
func PersonalCloudMetadata ¶
PersonalCloudMetadata loads any personal cloud metadata defined in the Juju Home directory. If not cloud metadata is found, that is not an error; nil is returned.
func PublicCloudMetadata ¶
func PublicCloudMetadata(searchPath ...string) (result map[string]Cloud, fallbackUsed bool, err error)
PublicCloudMetadata looks in searchPath for cloud metadata files and if none are found, returns the fallback public cloud metadata.
func RegionNames ¶
RegionNames returns a sorted list of the names of the given regions.
func RegisterStructTags ¶
func RegisterStructTags(vals ...interface{})
RegisterStructTags ensures the yaml tags for the given structs are able to be used when parsing cloud metadata.
func SplitHostCloudRegion ¶
SplitHostCloudRegion splits host cloud region to cloudType and region.
func ValidateCloudSet ¶
ValidateCloudSet reports any erroneous properties found in cloud metadata YAML. If there are no erroneous properties, then ValidateCloudSet returns nil otherwise it return an error listing all erroneous properties and possible suggestion.
func ValidateFileAttrValue ¶
ValidateFileAttrValue returns the normalised file path, so long as the specified path is valid and not a directory.
func ValidateOneCloud ¶
ValidateOneCloud is like ValidateCloudSet but validates the metadata for only one cloud and not multiple.
func WritePersonalCloudMetadata ¶
WritePersonalCloudMetadata marshals to YAML and writes the cloud metadata to the personal cloud file.
func WritePublicCloudMetadata ¶
WritePublicCloudMetadata marshals to YAML and writes the cloud metadata to the public cloud file.
Types ¶
type Attrs ¶
type Attrs map[string]interface{}
Attrs serves as a map to hold regions specific configuration attributes. This serves to reduce confusion over having a nested map, i.e. map[string]map[string]interface{}
type AuthType ¶
type AuthType string
AuthType is the type of authentication used by the cloud.
const ( // CertificateAuthType is an authentication type using certificates. // NOTE: This type should never be used in practice as it doesn't exist. We // maintain it here to maintain backwards functionality for Juju in a pre // 2.9 world. Consider using ClientCertificateAuthType instead. This note // applies to Kubernetes. // TODO: tlm update lxd to stop using this auth type CertificateAuthType AuthType = "certificate" // OAuth2WithCertAuthType is an authentication type using oauth2 and a client certificate // NOTE: This type should never be used in practice as it doesn't exist. We // maintain it here to maintain backwards functionality for Juju in a pre // 2.9 world. Consider using OAuth2AuthType instead. OAuth2WithCertAuthType AuthType = "oauth2withcert" )
Const legacy auth types. Their should be no reason to use these anymore in Juju. They are kept to maintain backwards compatibility.
type AuthTypes ¶
type AuthTypes []AuthType
AuthTypes is defined to allow sorting AuthType slices.
type Cloud ¶
type Cloud struct { // Name of the cloud. Name string // Type is the type of cloud, eg ec2, openstack etc. // This is one of the provider names registered with // environs.RegisterProvider. Type string // HostCloudRegion represents the k8s host cloud. The format is <cloudType>/<region>. HostCloudRegion string // Description describes the type of cloud. Description string // AuthTypes are the authentication modes supported by the cloud. AuthTypes AuthTypes // Endpoint is the default endpoint for the cloud regions, may be // overridden by a region. Endpoint string // IdentityEndpoint is the default identity endpoint for the cloud // regions, may be overridden by a region. IdentityEndpoint string // StorageEndpoint is the default storage endpoint for the cloud // regions, may be overridden by a region. StorageEndpoint string // Regions are the regions available in the cloud. // // Regions is a slice, and not a map, because order is important. // The first region in the slice is the default region for the // cloud. Regions []Region // Config contains optional cloud-specific configuration to use // when bootstrapping Juju in this cloud. The cloud configuration // will be combined with Juju-generated, and user-supplied values; // user-supplied values taking precedence. Config map[string]interface{} // RegionConfig contains optional region specific configuration. // Like Config above, this will be combined with Juju-generated and user // supplied values; with user supplied values taking precedence. RegionConfig RegionConfig // CACertificates contains an optional list of Certificate // Authority certificates to be used to validate certificates // of cloud infrastructure components // The contents are Base64 encoded x.509 certs. CACertificates []string // SkipTLSVerify is true if the client should be asked not to // validate certificates. It is not recommended for production clouds. // It is secure (false) by default. SkipTLSVerify bool // IsControllerCloud is true when this is the cloud used by the controller. IsControllerCloud bool }
Cloud is a cloud definition.
func CloudByName ¶
CloudByName returns the cloud with the specified name. If there exists no cloud with the specified name, an error satisfying errors.IsNotFound will be returned.
TODO(axw) write unit tests for this.
func ParseOneCloud ¶
ParseOneCloud parses the given yaml bytes into a single Cloud metadata.
func UnmarshalCloud ¶
UnmarshalCloud unmarshals a Cloud from a byte array produced by MarshalCloud.
type CloudCredential ¶
type CloudCredential struct { // DefaultCredential is the named credential to use by default. DefaultCredential string `yaml:"default-credential,omitempty"` // DefaultRegion is the cloud region to use by default. DefaultRegion string `yaml:"default-region,omitempty"` // AuthCredentials is the credentials for a cloud, keyed on name. AuthCredentials map[string]Credential `yaml:",omitempty,inline"` }
CloudCredential contains attributes used to define credentials for a cloud.
func NewEmptyCloudCredential ¶
func NewEmptyCloudCredential() *CloudCredential
NewEmptyCloudCredential returns a new CloudCredential with an empty default credential.
type Credential ¶
type Credential struct { // Revoked is true if the credential has been revoked. Revoked bool // Label is optionally set to describe the credentials to a user. Label string // Invalid is true if the credential is invalid. Invalid bool // InvalidReason contains the reason why a credential was flagged as invalid. // It is expected that this string will be empty when a credential is valid. InvalidReason string // contains filtered or unexported fields }
Credential instances represent cloud credentials.
func ExpandFilePathsOfCredential ¶
func ExpandFilePathsOfCredential( cred Credential, schemas map[AuthType]CredentialSchema, ) (Credential, error)
ExpandFilePathsOfCredential iterates over the credential schema attributes and checks if the credential attribute has the ExpandFilePath flag set. If so the value of the credential attribute will be interrupted as a file with it's contents replaced with that of the file.
func FinalizeCredential ¶
func FinalizeCredential( credential Credential, schemas map[AuthType]CredentialSchema, readFile func(string) ([]byte, error), ) (*Credential, error)
FinalizeCredential finalizes a credential by matching it with one of the provided credential schemas, and reading any file attributes into their corresponding non-file attributes. This will also validate the credential.
If there is no schema with the matching auth-type, an error satisfying errors.IsNotSupported will be returned.
func NewCredential ¶
func NewCredential(authType AuthType, attributes map[string]string) Credential
NewCredential returns a new, immutable, Credential with the supplied auth-type and attributes.
func NewEmptyCredential ¶
func NewEmptyCredential() Credential
NewEmptyCredential returns a new Credential with the EmptyAuthType auth-type.
func NewNamedCredential ¶
func NewNamedCredential(name string, authType AuthType, attributes map[string]string, revoked bool) Credential
NewNamedCredential returns an immutable Credential with the supplied properties.
func RemoveSecrets ¶
func RemoveSecrets( credential Credential, schemas map[AuthType]CredentialSchema, ) (*Credential, error)
RemoveSecrets returns a copy of the given credential with secret fields removed.
func (Credential) Attributes ¶
func (c Credential) Attributes() map[string]string
Attributes returns the credential attributes.
func (Credential) AuthType ¶
func (c Credential) AuthType() AuthType
AuthType returns the authentication type.
func (Credential) MarshalJSON ¶
func (c Credential) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface.
func (Credential) MarshalYAML ¶
func (c Credential) MarshalYAML() (interface{}, error)
MarshalYAML implements the yaml.Marshaler interface.
func (*Credential) UnmarshalJSON ¶
func (c *Credential) UnmarshalJSON(b []byte) error
UnmarshalJSON implements the json.Unmarshaler interface.
func (*Credential) UnmarshalYAML ¶
func (c *Credential) UnmarshalYAML(unmarshal func(interface{}) error) error
UnmarshalYAML implements the yaml.Marshaler interface.
type CredentialAttr ¶
type CredentialAttr struct { // Description is a human-readable description of the credential // attribute. Description string // Hidden controls whether or not the attribute value will be hidden // when being entered interactively. Regardless of this, all credential // attributes are provided only to the Juju controllers. Hidden bool // FileAttr is the name of an attribute that may be specified instead // of this one, which points to a file that will be read in and its // value used for this attribute. FileAttr string // FilePath is true if the value of this attribute is a file path. If // this is true, then the attribute value will be set to the contents // of the file when the credential is "finalized". FilePath bool // ExpandFilePath reads in the FilePath, validating the file path correctly. // If the file path is correct, it will then read and replace the path, // with the associated content. The contents of the file in "finalized" will // be the file contents, not the filepath. ExpandFilePath bool // Optional controls whether the attribute is required to have a non-empty // value or not. Attributes default to mandatory. Optional bool // Options, if set, define the allowed values for this field. Options []interface{} }
CredentialAttr describes the properties of a credential attribute.
type CredentialCollection ¶
type CredentialCollection struct {
Credentials map[string]interface{} `yaml:"credentials"`
}
CredentialCollection holds CloudCredential(s) that are lazily validated.
func ParseCredentialCollection ¶
func ParseCredentialCollection(data []byte) (*CredentialCollection, error)
ParseCredentialCollection parses YAML bytes for the credential
func (*CredentialCollection) CloudCredential ¶
func (c *CredentialCollection) CloudCredential(cloudName string) (*CloudCredential, error)
CloudCredential returns a copy of the CloudCredential for the specified cloud or an error when the CloudCredential was not found or failed to pass validation.
func (*CredentialCollection) CloudNames ¶
func (c *CredentialCollection) CloudNames() []string
CloudNames returns the cloud names to which credentials inside the CredentialCollection belong.
func (*CredentialCollection) UpdateCloudCredential ¶
func (c *CredentialCollection) UpdateCloudCredential(cloudName string, details CloudCredential)
UpdateCloudCredential stores a CloudCredential for a specific cloud.
type CredentialSchema ¶
type CredentialSchema []NamedCredentialAttr
CredentialSchema describes the schema of a credential. Credential schemas are specific to cloud providers.
func (CredentialSchema) Attribute ¶
func (s CredentialSchema) Attribute(name string) (*CredentialAttr, bool)
Attribute returns the named CredentialAttr value.
func (CredentialSchema) Finalize ¶
func (s CredentialSchema) Finalize( attrs map[string]string, readFile func(string) ([]byte, error), ) (map[string]string, error)
Finalize finalizes the given credential attributes against the credential schema. If the attributes are invalid, Finalize will return an error.
An updated attribute map will be returned, having any file attributes deleted, and replaced by their non-file counterparts with the values set to the contents of the files.
type NamedCredentialAttr ¶
type NamedCredentialAttr struct { // Name is the name of the credential value. Name string // CredentialAttr holds the properties of the credential value. CredentialAttr }
NamedCredentialAttr describes the properties of a named credential attribute.
type Region ¶
type Region struct { // Name is the name of the region. Name string // Endpoint is the region's primary endpoint URL. Endpoint string // IdentityEndpoint is the region's identity endpoint URL. // If the cloud/region does not have an identity-specific // endpoint URL, this will be empty. IdentityEndpoint string // StorageEndpoint is the region's storage endpoint URL. // If the cloud/region does not have a storage-specific // endpoint URL, this will be empty. StorageEndpoint string }
Region is a cloud region.
func RegionByName ¶
RegionByName finds the region in the given slice with the specified name, with case folding.
type RegionConfig ¶
RegionConfig holds a map of regions and the attributes that serve as the region specific configuration options. This allows model inheritance to function, providing a place to store configuration for a specific region which is passed down to other models under the same controller.
type ValidationWarning ¶
type ValidationWarning struct {
Messages []string
}
ValidationWarning are JSON schema validation errors used to warn users about potential schema violations
func (*ValidationWarning) Error ¶
func (e *ValidationWarning) Error() string
type WhiteList ¶
type WhiteList struct {
// contains filtered or unexported fields
}
WhiteList contains a cloud compatibility matrix: if controller was bootstrapped on a particular cloud type, what other cloud types can be added to it.
func CurrentWhiteList ¶
func CurrentWhiteList() *WhiteList
CurrentWhiteList returns current clouds whitelist supported by Juju.