utils

package

v1.0.0-rc.3 Latest Latest Go to latest Published: Dec 19, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/liqotech/liqo

Documentation ¶

Overview ¶

Package utils contains utility functions for the authentication module.

Index ¶

func EnsureNonceSecret(ctx context.Context, cl client.Client, remoteClusterID liqov1beta1.ClusterID, ...) error
func EnsureSignedNonceSecret(ctx context.Context, cl client.Client, remoteClusterID liqov1beta1.ClusterID, ...) error
func GenerateIdentityControlPlane(ctx context.Context, cl client.Client, remoteClusterID liqov1beta1.ClusterID, ...) (*authv1beta1.Identity, error)
func GenerateTenant(ctx context.Context, cl client.Client, localClusterID liqov1beta1.ClusterID, ...) (*authv1beta1.Tenant, error)
func RetrieveNonce(ctx context.Context, cl client.Client, remoteClusterID liqov1beta1.ClusterID) ([]byte, error)
func RetrieveSignedNonce(ctx context.Context, cl client.Client, remoteClusterID liqov1beta1.ClusterID) ([]byte, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func EnsureNonceSecret ¶

func EnsureNonceSecret(ctx context.Context, cl client.Client,
	remoteClusterID liqov1beta1.ClusterID, tenantNamespace string) error

EnsureNonceSecret ensures that a nonce secret exists in the tenant namespace.

func EnsureSignedNonceSecret ¶

func EnsureSignedNonceSecret(ctx context.Context, cl client.Client,
	remoteClusterID liqov1beta1.ClusterID, tenantNamespace string, nonce *string) error

EnsureSignedNonceSecret ensures that a signed nonce secret exists in the tenant namespace. If nonce is not provided, get it from the secret in the tenant namespace and raise an error if the secret does not exist. If nonce is provided, create nonce secret in the tenant namespace and wait for it to be signed. Raise an error if there is already a nonce secret in the tenant namespace.

func GenerateIdentityControlPlane ¶

func GenerateIdentityControlPlane(ctx context.Context, cl client.Client,
	remoteClusterID liqov1beta1.ClusterID, remoteTenantNamespace string,
	localClusterID liqov1beta1.ClusterID) (*authv1beta1.Identity, error)

GenerateIdentityControlPlane generates an Identity resource of type ControlPlane to be applied on the consumer cluster.

func GenerateTenant ¶

func GenerateTenant(ctx context.Context, cl client.Client,
	localClusterID liqov1beta1.ClusterID, liqoNamespace string,
	signature []byte, proxyURL *string) (*authv1beta1.Tenant, error)

GenerateTenant generates a Tenant resource to be applied on a remote cluster. Using the cluster keys it generates a CSR to obtain a ControlPlane Identity from the provider cluster. It needs the local cluster identity to get the authentication keys and the signature of the nonce given by the provider cluster to complete the authentication challenge.

func RetrieveNonce ¶

func RetrieveNonce(ctx context.Context, cl client.Client, remoteClusterID liqov1beta1.ClusterID) ([]byte, error)

RetrieveNonce retrieves the nonce from the secret in the tenant namespace.

func RetrieveSignedNonce ¶

func RetrieveSignedNonce(ctx context.Context, cl client.Client, remoteClusterID liqov1beta1.ClusterID) ([]byte, error)

RetrieveSignedNonce retrieves the signed nonce from the secret in the tenant namespace.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL