Documentation ¶
Overview ¶
Package auth contains structures, interfaces and utility functions useful for both server and client authentication agents.
Index ¶
Constants ¶
const ( // IdsURI is the path where to contact the Authentication Service to get the clusterID. IdsURI = "/ids" // IdentityURI is the path where to contact the Authentication Service // to have a ServiceAccont Identity. IdentityURI = "/identity" // CertIdentityURI is the path where to contact the Authentication Service // to have a Certificate Identity. CertIdentityURI = "/identity/certificate" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AWSIdentityInfo ¶ added in v0.3.0
type AWSIdentityInfo struct { AccessKeyID string `json:"accessKeyID"` SecretAccessKey string `json:"secretAccessKey"` Region string `json:"region"` EKSClusterID string `json:"eksClusterID"` IAMUserArn string `json:"iamUserArn"` }
AWSIdentityInfo contains the information required by a cluster to get a valied IAM-based identity.
type CertificateIdentityRequest ¶ added in v0.3.0
type CertificateIdentityRequest struct { ClusterID string `json:"clusterID"` Token string `json:"token"` CertificateSigningRequest string `json:"certificateSigningRequest"` }
CertificateIdentityRequest is the request for a new certificate validation.
func NewCertificateIdentityRequest ¶ added in v0.3.0
func NewCertificateIdentityRequest(clusterID, token string, certificateSigningRequest []byte) *CertificateIdentityRequest
NewCertificateIdentityRequest creates and returns a new CertificateIdentityRequest.
func (*CertificateIdentityRequest) GetClusterID ¶ added in v0.3.0
func (certIdentityRequest *CertificateIdentityRequest) GetClusterID() string
GetClusterID returns the clusterid.
func (*CertificateIdentityRequest) GetPath ¶ added in v0.3.0
func (certIdentityRequest *CertificateIdentityRequest) GetPath() string
GetPath returns the absolute path of the endpoint to contact to send a new CertificateIdentityRequest.
func (*CertificateIdentityRequest) GetToken ¶ added in v0.3.0
func (certIdentityRequest *CertificateIdentityRequest) GetToken() string
GetToken returns the token.
type CertificateIdentityResponse ¶ added in v0.3.0
type CertificateIdentityResponse struct { Namespace string `json:"namespace"` Certificate string `json:"certificate,omitempty"` APIServerURL string `json:"apiServerUrl"` APIServerCA string `json:"apiServerCA,omitempty"` AWSIdentityInfo AWSIdentityInfo `json:"aws,omitempty"` }
CertificateIdentityResponse is the response on a certificate identity request.
func NewCertificateIdentityResponse ¶ added in v0.3.0
func NewCertificateIdentityResponse( namespace string, identityResponse *responsetypes.SigningRequestResponse, apiServerConfigProvider utils.ApiServerConfigProvider, clientset kubernetes.Interface, restConfig *rest.Config) (*CertificateIdentityResponse, error)
NewCertificateIdentityResponse makes a new CertificateIdentityResponse.
func (*CertificateIdentityResponse) HasAWSValues ¶ added in v0.3.0
func (resp *CertificateIdentityResponse) HasAWSValues() bool
HasAWSValues checks if the response has all the required AWS fields set.
type ClusterInfo ¶
type ClusterInfo struct { ClusterID string `json:"clusterId"` ClusterName string `json:"clusterName,omitempty"` }
ClusterInfo contains the information to be shared to a remote cluster to make the peering possible.
type ConfigProvider ¶
type ConfigProvider interface { // GetAuthConfig retrieves the AuthConfiguration, such as the peering permission and the token authentication settings. GetAuthConfig() *configv1alpha1.AuthConfig // GetAPIServerConfig retrieves the ApiServerConfiguration (i.e. Address, Port and TrustedCA). GetAPIServerConfig() *configv1alpha1.APIServerConfig }
ConfigProvider is a provider for the Authentication Configuration.
type IdentityRequest ¶
IdentityRequest is the common interface for Certificate and ServiceAccount identity request.
type ServiceAccountIdentityRequest ¶ added in v0.3.0
type ServiceAccountIdentityRequest struct { ClusterID string `json:"clusterID"` Token string `json:"token"` }
ServiceAccountIdentityRequest is the request for a new ServiceAccount validation.
func (*ServiceAccountIdentityRequest) GetClusterID ¶ added in v0.3.0
func (saIdentityRequest *ServiceAccountIdentityRequest) GetClusterID() string
GetClusterID returns the clusterid.
func (*ServiceAccountIdentityRequest) GetPath ¶ added in v0.3.0
func (saIdentityRequest *ServiceAccountIdentityRequest) GetPath() string
GetPath returns the absolute path of the endpoint to contact to send a new ServiceAccountIdentityRequest.
func (*ServiceAccountIdentityRequest) GetToken ¶ added in v0.3.0
func (saIdentityRequest *ServiceAccountIdentityRequest) GetToken() string
GetToken returns the token.