Documentation ¶
Index ¶
- Constants
- Variables
- func AddContext(cfg map[interface{}]interface{}, contextName string, clusterName string, ...) error
- func AddUser(kubecfg map[interface{}]interface{}, authCtx AuthContext) error
- func AddUserConfigMap(kubecfg map[interface{}]interface{}, userName string, ...) error
- func CreateFromTemplate(cfg *map[interface{}]interface{}) error
- func EncodeKubeconfig(kubeconfig map[interface{}]interface{}) (bytes.Buffer, error)
- func ExtractEMail(tokenInfo TokenInfo) string
- func ExtractName(tokenInfo TokenInfo) string
- func GetClusterNames(cfg map[interface{}]interface{}) ([]string, error)
- func HomeDir() string
- func LoadKubeConfig(kubeConfig string) (content map[interface{}]interface{}, filename string, isDefaultLocation bool, ...)
- func OIDCFlow(config Config) error
- func SetCurrentContext(cfg map[interface{}]interface{}, contextName string)
- func UpdateKubeConfig(kubeConfig string, tokenInfo TokenInfo, userIDExtractor UserIDExtractor) (string, error)deprecated
- func UpdateKubeConfigContext(kubeConfig string, tokenInfo TokenInfo, userIDExtractor UserIDExtractor, ...) (string, error)
- type AuthContext
- type Claims
- type Config
- type IssuerConfig
- type KubeConfigHandlerOption
- type TokenHandlerFunc
- type TokenInfo
- type UserIDExtractor
Constants ¶
const ( RecommendedConfigPathEnvVar = "KUBECONFIG" RecommendedHomeDir = ".kube" RecommendedFileName = "config" )
Variables ¶
var ( RecommendedConfigDir = path.Join(HomeDir(), RecommendedHomeDir) RecommendedHomeFile = path.Join(RecommendedConfigDir, RecommendedFileName) )
var DexScopes = []string{"groups", "openid", "profile", "email", "federated:id"}
var GenericScopes = []string{"openid", "profile", "email"}
Functions ¶
func AddContext ¶
func AddContext(cfg map[interface{}]interface{}, contextName string, clusterName string, userName string) error
AddContext adds or replaces the given context with given clusterName and userName.
func AddUser ¶
func AddUser(kubecfg map[interface{}]interface{}, authCtx AuthContext) error
AddUser adds the given user-authconfig to the kubecfg or replaces an already existing user
func AddUserConfigMap ¶
func AddUserConfigMap(kubecfg map[interface{}]interface{}, userName string, configMap map[string]string) error
AddUserConfigMap adds the given user-auth-configMap to the kubecfg or replaces an already existing user
func CreateFromTemplate ¶
func CreateFromTemplate(cfg *map[interface{}]interface{}) error
CreateFromTemplate returns a minimal kubeconfig
func EncodeKubeconfig ¶
EncodeKubeconfig serializes the given kubeconfig
func ExtractEMail ¶
func ExtractName ¶
func GetClusterNames ¶
GetClusterNames returns all clusternames
func LoadKubeConfig ¶
func LoadKubeConfig(kubeConfig string) (content map[interface{}]interface{}, filename string, isDefaultLocation bool, e error)
LoadKubeConfig loads the kube-config from the given location, if kubeConfig is "" the default location will be used. If kubeconfig is explicitly given and no file exists at the location, an error is returned. If the default location is used and no file exists, the contents of the kubeconfigTemplate are returned. returns map, filename, isDefaultLocation and error
func OIDCFlow ¶
OIDCFlow validates the given config and starts the OIDC-Flow "response_type=code" (see https://medium.com/@darutk/diagrams-of-all-the-openid-connect-flows-6968e3990660 or https://connect2id.com/learn/openid-connect).
A local webserver is started to receive the callbacks from the oidc-endpoint.
1. OpenID Discovery --> gather info about OIDC Provider 2. open browser for login --> build url with scopes --> redirect to OIDC-Login-Flow (oidc-provider: auth with ldap, read groups, return signed jwt) 3. receive Callback, extract token and redirect to Success-Page 4. call TokenHandler
func SetCurrentContext ¶
func SetCurrentContext(cfg map[interface{}]interface{}, contextName string)
SetCurrentContext sets the current context to the given name
func UpdateKubeConfig
deprecated
func UpdateKubeConfig(kubeConfig string, tokenInfo TokenInfo, userIDExtractor UserIDExtractor) (string, error)
UpdateKubeConfig saves the given tokenInfo in the given kubeConfig. The given path to kubeconfig is preferred, otherwise the location of the kubeconfig is determined from env KUBECONFIG or default location.
we modify/append a user with auth-provider from given tokenInfo. we modify/append a context with name cloudctl that references the user.
returns filename the config got written to or error if any
Deprecated: use UpdateKubeConfigContext instead
func UpdateKubeConfigContext ¶ added in v0.4.0
func UpdateKubeConfigContext(kubeConfig string, tokenInfo TokenInfo, userIDExtractor UserIDExtractor, contextName string) (string, error)
UpdateKubeConfig saves the given tokenInfo in the given kubeConfig. The given path to kubeconfig is preferred, otherwise the location of the kubeconfig is determined from env KUBECONFIG or default location.
we modify/append a user with auth-provider from given tokenInfo. we modify/append the given context that references the user.
returns filename the config got written to or error if any
Types ¶
type AuthContext ¶
type AuthContext struct { // Name of the context for metalctl auth Ctx string // Name of the user in the active context User string // Name of the authProvider in the active context AuthProviderName string // Flag if the AuthProvider is oidc, i.e. valid for our usecases AuthProviderOidc bool // IDToken, only if AuthProviderOidc is true IDToken string // RefreshToken RefreshToken string IssuerConfig }
AuthContext models the data in the kubeconfig user/auth-provider/config/oidc-config-map
func CurrentAuthContext ¶
func CurrentAuthContext(kubeConfig string) (AuthContext, error)
returns the AuthContext for the default contextName Deprecated: use GetAuthContext instead
func GetAuthContext ¶ added in v0.4.0
func GetAuthContext(kubeConfig string, contextName string) (AuthContext, error)
GetAuthContext returns the AuthContext for the given contextName from the given kubeConfig
type Claims ¶ added in v0.7.1
type Claims struct { Id string `json:"jti,omitempty"` ExpiresAt int64 `json:"exp,omitempty"` IssuedAt int64 `json:"iat,omitempty"` NotBefore int64 `json:"nbf,omitempty"` Issuer string `json:"iss,omitempty"` Subject string `json:"sub,omitempty"` Audience interface{} `json:"aud,omitempty"` Groups []string `json:"groups"` EMail string `json:"email"` Name string `json:"name"` FederatedClaims map[string]string `json:"federated_claims"` PreferredUsername string `json:"preferred_username"` // added for parsing of "new" style tokens Roles []string `json:"roles"` }
type Config ¶
type Config struct { // url of the oidc endpoint IssuerURL string `required:"true"` SkipTLSVerify bool IssuerRootCA string // client identification ClientID string `required:"true"` ClientSecret string `required:"true"` // requested scopes Scopes []string TLSCert string TLSKey string // should a refresh token be requested if the server supports it? RequestRefreshToken bool TokenHandler TokenHandlerFunc `required:"true"` // Message shown on the success page after login flow SuccessMessage string Log *zap.Logger // Console if you want the library to write messages, may be nil Console io.Writer Debug bool }
Config for parametrization
type IssuerConfig ¶
type IssuerConfig struct { // Client-ID ClientID string // ClientSecret ClientSecret string // Issuer-URL IssuerURL string // IssuerCA if any IssuerCA string }
IssuerConfig holds the config for openID connect issuer
type KubeConfigHandlerOption ¶ added in v0.4.0
type KubeConfigHandlerOption func(c *updateKubeConfig)
KubeConfigHandlerOption func for specifying options
func WithContextName ¶ added in v0.4.0
func WithContextName(contextName string) KubeConfigHandlerOption
WithContextName sets the context-name
type TokenHandlerFunc ¶
TokenHandlerFunc function to handle the received token, e.g. write to file
func NewUpdateKubeConfigHandler ¶
func NewUpdateKubeConfigHandler(kubeConfig string, writer io.Writer, opts ...KubeConfigHandlerOption) TokenHandlerFunc
NewUpdateKubeConfigHandler writes the TokenInfo to file and prints a message to the given writer, may be nil
type TokenInfo ¶
type TokenInfo struct { IDToken string RefreshToken string TokenClaims Claims IssuerConfig }
type UserIDExtractor ¶
UserIDExtractor extractor to make the source of the "userid" customizable