auth

package
v0.3.0-rc.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 25, 2021 License: Apache-2.0 Imports: 9 Imported by: 2

Documentation

Overview

Package auth contains structures, interfaces and utility functions useful for both server and client authentication agents.

Index

Constants

View Source
const (
	// IdsURI is the path where to contact the Authentication Service to get the clusterID.
	IdsURI = "/ids"
	// IdentityURI is the path where to contact the Authentication Service
	// to have a ServiceAccont Identity.
	IdentityURI = "/identity"
	// CertIdentityURI is the path where to contact the Authentication Service
	// to have a Certificate Identity.
	CertIdentityURI = "/identity/certificate"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AWSIdentityInfo added in v0.3.0

type AWSIdentityInfo struct {
	AccessKeyID     string `json:"accessKeyID"`
	SecretAccessKey string `json:"secretAccessKey"`
	Region          string `json:"region"`
	EKSClusterID    string `json:"eksClusterID"`
	IAMUserArn      string `json:"iamUserArn"`
}

AWSIdentityInfo contains the information required by a cluster to get a valied IAM-based identity.

type CertificateIdentityRequest added in v0.3.0

type CertificateIdentityRequest struct {
	ClusterID                 string `json:"clusterID"`
	Token                     string `json:"token"`
	CertificateSigningRequest string `json:"certificateSigningRequest"`
}

CertificateIdentityRequest is the request for a new certificate validation.

func NewCertificateIdentityRequest added in v0.3.0

func NewCertificateIdentityRequest(clusterID, token string, certificateSigningRequest []byte) *CertificateIdentityRequest

NewCertificateIdentityRequest creates and returns a new CertificateIdentityRequest.

func (*CertificateIdentityRequest) GetClusterID added in v0.3.0

func (certIdentityRequest *CertificateIdentityRequest) GetClusterID() string

GetClusterID returns the clusterid.

func (*CertificateIdentityRequest) GetPath added in v0.3.0

func (certIdentityRequest *CertificateIdentityRequest) GetPath() string

GetPath returns the absolute path of the endpoint to contact to send a new CertificateIdentityRequest.

func (*CertificateIdentityRequest) GetToken added in v0.3.0

func (certIdentityRequest *CertificateIdentityRequest) GetToken() string

GetToken returns the token.

type CertificateIdentityResponse added in v0.3.0

type CertificateIdentityResponse struct {
	Namespace    string `json:"namespace"`
	Certificate  string `json:"certificate,omitempty"`
	APIServerURL string `json:"apiServerUrl"`
	APIServerCA  string `json:"apiServerCA,omitempty"`

	AWSIdentityInfo AWSIdentityInfo `json:"aws,omitempty"`
}

CertificateIdentityResponse is the response on a certificate identity request.

func NewCertificateIdentityResponse added in v0.3.0

func NewCertificateIdentityResponse(
	namespace string, identityResponse *responsetypes.SigningRequestResponse,
	apiServerConfigProvider utils.ApiServerConfigProvider,
	clientset kubernetes.Interface, restConfig *rest.Config) (*CertificateIdentityResponse, error)

NewCertificateIdentityResponse makes a new CertificateIdentityResponse.

func (*CertificateIdentityResponse) HasAWSValues added in v0.3.0

func (resp *CertificateIdentityResponse) HasAWSValues() bool

HasAWSValues checks if the response has all the required AWS fields set.

type ClusterInfo

type ClusterInfo struct {
	ClusterID   string `json:"clusterId"`
	ClusterName string `json:"clusterName,omitempty"`
}

ClusterInfo contains the information to be shared to a remote cluster to make the peering possible.

type ConfigProvider

type ConfigProvider interface {
	// GetAuthConfig retrieves the AuthConfiguration, such as the peering permission and the token authentication settings.
	GetAuthConfig() *configv1alpha1.AuthConfig
	// GetAPIServerConfig retrieves the ApiServerConfiguration (i.e. Address, Port and TrustedCA).
	GetAPIServerConfig() *configv1alpha1.APIServerConfig
}

ConfigProvider is a provider for the Authentication Configuration.

type IdentityRequest

type IdentityRequest interface {
	GetClusterID() string
	GetToken() string
	GetPath() string
}

IdentityRequest is the common interface for Certificate and ServiceAccount identity request.

type ServiceAccountIdentityRequest added in v0.3.0

type ServiceAccountIdentityRequest struct {
	ClusterID string `json:"clusterID"`
	Token     string `json:"token"`
}

ServiceAccountIdentityRequest is the request for a new ServiceAccount validation.

func (*ServiceAccountIdentityRequest) GetClusterID added in v0.3.0

func (saIdentityRequest *ServiceAccountIdentityRequest) GetClusterID() string

GetClusterID returns the clusterid.

func (*ServiceAccountIdentityRequest) GetPath added in v0.3.0

func (saIdentityRequest *ServiceAccountIdentityRequest) GetPath() string

GetPath returns the absolute path of the endpoint to contact to send a new ServiceAccountIdentityRequest.

func (*ServiceAccountIdentityRequest) GetToken added in v0.3.0

func (saIdentityRequest *ServiceAccountIdentityRequest) GetToken() string

GetToken returns the token.

Directories

Path Synopsis
Package errors contains error types definition and related functions used by the Liqo Auth package.
Package errors contains error types definition and related functions used by the Liqo Auth package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL