Documentation
¶
Overview ¶
Package identitymanager provides an interface, and its implementation, to handle the creation and the issue process of an identity for a remote cluster.
Index ¶
Constants ¶
View Source
const ( // APIServerURLSecretKey key used for the api server url inside the secret. APIServerURLSecretKey = "apiServerUrl" // AwsAccessKeyIDSecretKey is the key used for the AWS access key ID inside the secret. AwsAccessKeyIDSecretKey = "awsAccessKeyID" // AwsSecretAccessKeySecretKey is the key used for the AWS secret access key inside the secret. AwsSecretAccessKeySecretKey = "awsSecretAccessKey" // AwsRegionSecretKey is the key used for the AWS region inside the secret. AwsRegionSecretKey = "awsRegion" // AwsEKSClusterIDSecretKey is the key used for the AWS EKS cluster ID inside the secret. AwsEKSClusterIDSecretKey = "awsEksClusterID" //nolint:gosec // not a credential // AwsIAMUserArnSecretKey is the key used for the AWS IAM user ARN inside the secret. AwsIAMUserArnSecretKey = "awsIamUserArn" //nolint:gosec // not a credential )
View Source
const (
// CertificateAvailableLabel is the label used to identify the secrets containing a certificate.
CertificateAvailableLabel = "liqo.io/certificate-available"
)
Variables ¶
This section is empty.
Functions ¶
func EnsureCertificate ¶
func EnsureCertificate(ctx context.Context, idp IdentityProvider, options *SigningRequestOptions) (*responsetypes.SigningRequestResponse, error)
EnsureCertificate ensures that the certificate is present with the identity provider.
Types ¶
type IdentityManager ¶
type IdentityManager interface {
IdentityReader
StoreIdentity(ctx context.Context, remoteCluster liqov1alpha1.ClusterID, namespace string, key []byte,
remoteProxyURL string, identityResponse *auth.CertificateIdentityResponse) error
}
IdentityManager interface provides the methods to manage identities for the remote clusters.
func NewCertificateIdentityManager ¶
func NewCertificateIdentityManager(ctx context.Context, cl client.Client, k8sClient kubernetes.Interface, cnf *rest.Config, localCluster liqov1alpha1.ClusterID, namespaceManager tenantnamespace.Manager) IdentityManager
NewCertificateIdentityManager gets a new certificate identity manager.
type IdentityProvider ¶ added in v0.3.0
type IdentityProvider interface {
// deprecated
GetRemoteCertificate(ctx context.Context, options *SigningRequestOptions) (response *responsetypes.SigningRequestResponse, err error)
// deprecated
ApproveSigningRequest(ctx context.Context, options *SigningRequestOptions) (response *responsetypes.SigningRequestResponse, err error)
ForgeAuthParams(ctx context.Context, options *SigningRequestOptions) (*authv1alpha1.AuthParams, error)
}
IdentityProvider provides the interface to retrieve and approve remote cluster identities.
func NewCertificateIdentityProvider ¶ added in v0.3.0
func NewCertificateIdentityProvider(ctx context.Context, cl client.Client, k8sClient kubernetes.Interface, cnf *rest.Config, localCluster liqov1alpha1.ClusterID, namespaceManager tenantnamespace.Manager) IdentityProvider
NewCertificateIdentityProvider gets a new certificate identity approver.
func NewIAMIdentityProvider ¶ added in v0.3.0
func NewIAMIdentityProvider(ctx context.Context, cl client.Client, k8sClient kubernetes.Interface, localCluster liqov1alpha1.ClusterID, localAwsConfig *LocalAwsConfig, namespaceManager tenantnamespace.Manager) IdentityProvider
NewIAMIdentityProvider gets a new identity approver to handle IAM identities.
type IdentityReader ¶ added in v0.3.0
type IdentityReader interface {
GetConfig(remoteCluster liqov1alpha1.ClusterID, namespace string) (*rest.Config, error)
GetConfigFromSecret(remoteCluster liqov1alpha1.ClusterID, secret *corev1.Secret) (*rest.Config, error)
GetRemoteTenantNamespace(remoteCluster liqov1alpha1.ClusterID, namespace string) (string, error)
GetSecretNamespacedName(remoteCluster liqov1alpha1.ClusterID, namespace string) (types.NamespacedName, error)
}
IdentityReader provides the interface to retrieve the identities for the remote clusters.
func NewCertificateIdentityReader ¶ added in v0.3.0
func NewCertificateIdentityReader(ctx context.Context, cl client.Client, k8sClient kubernetes.Interface, cnf *rest.Config, localCluster liqov1alpha1.ClusterID, namespaceManager tenantnamespace.Manager) IdentityReader
NewCertificateIdentityReader gets a new certificate identity reader.
type LocalAwsConfig ¶
type LocalAwsConfig struct {
AwsAccessKeyID string
AwsSecretAccessKey string
AwsRegion string
AwsClusterName string
// these ones are filled at runtime in the init function
AwsClusterEndpoint string
AwsClusterCA []byte
}
LocalAwsConfig contains the AWS configuration and access key for the Liqo user and the current EKS cluster.
func (*LocalAwsConfig) IsEmpty ¶
func (ac *LocalAwsConfig) IsEmpty() bool
IsEmpty indicates that some of the required values is not set.
type SigningRequestOptions ¶
type SigningRequestOptions struct {
Cluster liqov1alpha1.ClusterID
TenantNamespace string
IdentityType authv1alpha1.IdentityType
Name string
SigningRequest []byte
// optional
APIServerAddressOverride string
CAOverride []byte
TrustedCA bool
ResourceSlice *authv1alpha1.ResourceSlice
}
SigningRequestOptions contains the options to handle a signing request.
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Package fake implements mock Identity interfaces for test purposes.
|
Package fake implements mock Identity interfaces for test purposes. |
|
Package responsetypes contains utils for methods responses.
|
Package responsetypes contains utils for methods responses. |
|
Package identitymanagertestutils provides utility funcition for identity manager testing.
|
Package identitymanagertestutils provides utility funcition for identity manager testing. |
Click to show internal directories.
Click to hide internal directories.