authentication

package
v1.0.0-rc.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 19, 2024 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Overview

Package authentication contains the logic to authenticate foreign clusters.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckCSRForControlPlane 

func CheckCSRForControlPlane(csr, publicKey []byte, remoteClusterID liqov1beta1.ClusterID) error

CheckCSRForControlPlane checks a CSR for a control plane.

func CheckCSRForResourceSlice 

func CheckCSRForResourceSlice(publicKey []byte, resourceSlice *authv1beta1.ResourceSlice, checkPublicKey bool) error

CheckCSRForResourceSlice checks a CSR for a resource slice.

func CommonNameControlPlaneCSR 

func CommonNameControlPlaneCSR(clusterID liqov1beta1.ClusterID) string

CommonNameControlPlaneCSR returns the common name for a control plane CSR.

func CommonNameResourceSliceCSR 

func CommonNameResourceSliceCSR(resourceSlice *authv1beta1.ResourceSlice) string

CommonNameResourceSliceCSR returns the common name for a resource slice CSR.

func EnsureCondition 

func EnsureCondition(resourceSlice *authv1beta1.ResourceSlice,
	conditionType authv1beta1.ResourceSliceConditionType, status authv1beta1.ResourceSliceConditionStatus,
	reason, message string) controllerutil.OperationResult

EnsureCondition ensures the condition with the given type, status, reason, and message.

func GenerateCSRForControlPlane 

func GenerateCSRForControlPlane(key ed25519.PrivateKey, clusterID liqov1beta1.ClusterID) (csrBytes []byte, err error)

GenerateCSRForControlPlane generates a new CSR given a private key and a subject.

func GenerateCSRForResourceSlice 

func GenerateCSRForResourceSlice(key ed25519.PrivateKey,
	resourceSlice *authv1beta1.ResourceSlice) (csrBytes []byte, err error)

GenerateCSRForResourceSlice generates a new CSR given a private key and a resource slice.

func GenerateEd25519Keys 

func GenerateEd25519Keys() (privateKey, publicKey []byte, err error)

GenerateEd25519Keys returns a new pair of private and public keys in PEM format. Keys are generated using the Ed25519 signature algorithm and encoded in PEM format.

func GetClusterKeys 

func GetClusterKeys(ctx context.Context, cl client.Client, liqoNamespace string) (ed25519.PrivateKey, ed25519.PublicKey, error)

GetClusterKeys retrieves the private and public keys of the cluster from the secret.

func GetClusterKeysPEM 

func GetClusterKeysPEM(ctx context.Context, cl client.Client, liqoNamespace string) (privateKey, publicKey []byte, err error)

GetClusterKeysPEM retrieves the private and public keys of the cluster from the secret and encoded in PEM format.

func GetCondition 

func GetCondition(resourceSlice *authv1beta1.ResourceSlice,
	conditionType authv1beta1.ResourceSliceConditionType) *authv1beta1.ResourceSliceCondition

GetCondition returns the condition with the given type.

func InitClusterKeys 

func InitClusterKeys(ctx context.Context, cl client.Client, liqoNamespace string) error

InitClusterKeys initializes the authentication keys for the cluster. If the secret containing the keys does not exist, it generates a new pair of keys and stores them in a secret.

func IsControlPlaneUser 

func IsControlPlaneUser(groups []string) bool

IsControlPlaneUser checks if a user is a control plane user.

func OrganizationControlPlaneCSR 

func OrganizationControlPlaneCSR() string

OrganizationControlPlaneCSR returns the organization for a control plane CSR.

func OrganizationResourceSliceCSR 

func OrganizationResourceSliceCSR(resourceSlice *authv1beta1.ResourceSlice) string

OrganizationResourceSliceCSR returns the organization for a resource slice CSR.

func SignNonce 

func SignNonce(priv ed25519.PrivateKey, nonce []byte) []byte

SignNonce signs a nonce using the provided private key.

func VerifyNonce 

func VerifyNonce(pubKey ed25519.PublicKey, nonce, signature []byte) bool

VerifyNonce verifies the signature of a nonce using the public key of the cluster.

Types

type CSRChecker 

type CSRChecker func(*x509.CertificateRequest) error

CSRChecker is a function that checks a CSR.

Source Files

View all Source files

Directories

Path Synopsis
Package forge contains utility functions to forge resources of the authentication module.
 Package forge contains utility functions to forge resources of the authentication module.
Package getters contains utility functions to get resources of the authentication module.
 Package getters contains utility functions to get resources of the authentication module.
Package identitycontroller contains the controller managing Identity resources.
 Package identitycontroller contains the controller managing Identity resources.
Package identitycreatorcontroller contains the logic to create Identities from ResourceSlices resources.
 Package identitycreatorcontroller contains the logic to create Identities from ResourceSlices resources.
Package localresourceslicecontroller contains the logic to manage the local ResourceSlice.
 Package localresourceslicecontroller contains the logic to manage the local ResourceSlice.
Package noncecreatorcontroller contains the logic to manage Nonces.
 Package noncecreatorcontroller contains the logic to manage Nonces.
Package noncesignercontroller contains the controller to sign Nonce secrets.
 Package noncesignercontroller contains the controller to sign Nonce secrets.
Package remoteresourceslicecontroller contains the logic to manage the remote ResourceSlice.
 Package remoteresourceslicecontroller contains the logic to manage the remote ResourceSlice.
Package tenantcontroller contains the controller to manage Tenant resources.
 Package tenantcontroller contains the controller to manage Tenant resources.
Package utils contains utility functions for the authentication module.
 Package utils contains utility functions for the authentication module.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.