client

package
v2.8.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 9, 2022 License: BSD-3-Clause Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// AzureProviderName is the constant string value for the azure provider
	AzureProviderName = "azure"
)
View Source 
const OspreyProviderName = "osprey"

OspreyProviderName is the constant string value for the osprey provider

Variables

This section is empty.

Functions

func SaveConfig 

func SaveConfig(config *Config, path string) error

SaveConfig writes the osprey config to the specified path.

Types

type AzureConfig 

type AzureConfig struct {
	// ServerApplicationID is the oidc-client-id used on the apiserver configuration
	ServerApplicationID string `yaml:"server-application-id,omitempty"`
	// ClientID is the oidc client id used for osprey
	ClientID string `yaml:"client-id,omitempty"`
	// ClientSecret is the oidc client secret used for osprey
	ClientSecret string `yaml:"client-secret,omitempty"`
	// CertificateAuthority is the filesystem path from which to read the CA certificate
	CertificateAuthority string `yaml:"certificate-authority,omitempty"`
	// CertificateAuthorityData is base64-encoded CA cert data.
	// This will override any cert file specified in CertificateAuthority.
	// +optional
	CertificateAuthorityData string `yaml:"certificate-authority-data,omitempty"`
	// RedirectURI is the redirect URI that the oidc application is configured to call back to
	RedirectURI string `yaml:"redirect-uri,omitempty"`
	// Scopes is the list of scopes to request when performing the oidc login request
	Scopes []string `yaml:"scopes"`
	// AzureTenantID is the Azure Tenant ID assigned to your organisation
	AzureTenantID string `yaml:"tenant-id,omitempty"`
	// IssuerURL is the URL of the OpenID server. This is mainly used for testing.
	// +optional
	IssuerURL string `yaml:"issuer-url,omitempty"`
	// Targets contains a map of strings to osprey targets
	Targets map[string]*TargetEntry `yaml:"targets"`
}

AzureConfig holds the configuration for Azure

func (*AzureConfig) ValidateConfig 

func (ac *AzureConfig) ValidateConfig() error

ValidateConfig checks that the required configuration has been provided for Azure

type Config 

type Config struct {
	// Kubeconfig specifies the path to read/write the kubeconfig file.
	// +optional
	Kubeconfig string `yaml:"kubeconfig,omitempty"`
	// DefaultGroup specifies the group to log in to if none provided.
	// +optional
	DefaultGroup string `yaml:"default-group,omitempty"`
	// Providers is a map of OIDC provider config
	Providers *Providers `yaml:"providers,omitempty"`
}

Config holds the information needed to connect to remote OIDC providers

func LoadConfig 

func LoadConfig(path string) (*Config, error)

LoadConfig reads and parses the Config file

func NewConfig 

func NewConfig() *Config

NewConfig is a convenience function that returns a new Config object with non-nil maps

func (*Config) GetRetrievers 

func (c *Config) GetRetrievers(options RetrieverOptions) (map[string]Retriever, error)

GetRetrievers returns a map of providers to retrievers

func (*Config) GroupOrDefault 

func (c *Config) GroupOrDefault(group string) string

GroupOrDefault returns the group if it is not empty, or the Config.DefaultGroup if it is.

func (*Config) Snapshot 

func (c *Config) Snapshot() *ConfigSnapshot

Snapshot creates or returns a ConfigSnapshot

type ConfigSnapshot 

type ConfigSnapshot struct {
	// contains filtered or unexported fields
}

ConfigSnapshot is a snapshot view of the configuration to organize the targets per group. It does not reflect changes to the configuration after it has been taken.

func (*ConfigSnapshot) DefaultGroup 

func (t *ConfigSnapshot) DefaultGroup() Group

DefaultGroup returns the default group in the configuration. If no specific group is set as default, it will return the special ungrouped ("") group

func (*ConfigSnapshot) GetGroup 

func (t *ConfigSnapshot) GetGroup(name string) (Group, bool)

GetGroup returns a valid group and true if it exists, an empty group and false if it doesn't.

func (*ConfigSnapshot) Groups 

func (t *ConfigSnapshot) Groups() []Group

Groups returns all defined groups sorted alphabetically by name.

func (*ConfigSnapshot) HaveGroups 

func (t *ConfigSnapshot) HaveGroups() bool

HaveGroups returns true if there is at least one defined group.

func (*ConfigSnapshot) Targets 

func (t *ConfigSnapshot) Targets() []Target

Targets returns all the targets in the configuration in alphabetical order.

type Group 

type Group struct {
	// contains filtered or unexported fields
}

Group organizes the targetEntry targets

func (*Group) Contains 

func (g *Group) Contains(target Target) bool

Contains returns true if it contains the target

func (*Group) IsDefault 

func (g *Group) IsDefault() bool

IsDefault returns true if this is the default group in the configuration

func (*Group) Name 

func (g *Group) Name() string

Name returns the name of the group

func (*Group) Targets 

func (g *Group) Targets() map[string][]Target

Targets returns the list of targets belonging to this group

type LoginCredentials 

type LoginCredentials struct {
	// Username username of user intending to login
	Username string
	// Password the password for user
	Password string
}

LoginCredentials represents user credentials

func GetCredentials 

func GetCredentials(partialLoginCredentials *LoginCredentials) (*LoginCredentials, error)

GetCredentials loads the credentials from the terminal or stdin.

type OspreyConfig 

type OspreyConfig struct {
	// CertificateAuthority is the path to a cert file for the certificate authority.
	// +optional
	CertificateAuthority string `yaml:"certificate-authority,omitempty"`
	// CertificateAuthorityData is base64-encoded CA cert data.
	// This will override any cert file specified in CertificateAuthority.
	// +optional
	CertificateAuthorityData string `yaml:"certificate-authority-data,omitempty"`
	// AzureTenantID is the Azure Tenant ID assigned to your organisation
	Targets map[string]*TargetEntry `yaml:"targets"`
}

OspreyConfig holds the configuration for Osprey

func (*OspreyConfig) ValidateConfig 

func (oc *OspreyConfig) ValidateConfig() error

ValidateConfig checks that the required configuration has been provided for Osprey

type Providers 

type Providers struct {
	Azure  *AzureConfig  `yaml:"azure,omitempty"`
	Osprey *OspreyConfig `yaml:"osprey,omitempty"`
}

Providers holds the configuration structs for the supported providers

type Retriever 

type Retriever interface {
	// GetAuthInfo returns the AuthInfo from the kubeconfig for a given target. Returns an AuthInfo if the user is logged in.
	GetAuthInfo(*clientgo.Config, Target) *clientgo.AuthInfo
	// RetrieveClusterDetailsAndAuthTokens returns an access token that is required to authenticate user access against a kubernetes cluster.
	RetrieveClusterDetailsAndAuthTokens(Target) (*TargetInfo, error)
	// RetrieveUserDetails returns the user email address and groups, if available.
	RetrieveUserDetails(Target, clientgo.AuthInfo) (*UserInfo, error)
	// SetUseDeviceCode is a flag that when set to false, creates non-interactive login requests to auth providers (e.g. device flow)
	SetUseDeviceCode(bool)
}

Retriever is used to authenticate and generate the configuration

func NewAzureRetriever 

func NewAzureRetriever(provider *AzureConfig, options RetrieverOptions) (Retriever, error)

NewAzureRetriever creates new Azure oAuth client

func NewOspreyRetriever 

func NewOspreyRetriever(provider *OspreyConfig, options RetrieverOptions) Retriever

NewOspreyRetriever creates new osprey client

type RetrieverOptions 

type RetrieverOptions struct {
	UseDeviceCode       bool
	LoginTimeout        time.Duration
	DisableBrowserPopup bool
	Username            string
	Password            string
}

RetrieverOptions is used to hold command line arguments that change the behaviour of logins

type Target 

type Target struct {
	// contains filtered or unexported fields
}

Target has the information of an TargetEntry target server

func CreateTarget 

func CreateTarget(name string, targetEntry TargetEntry, providerType string) Target

CreateTarget returns an initiliased Target object

func (*Target) APIServer 

func (m *Target) APIServer() string

APIServer returns the API server of the Target

func (*Target) Aliases 

func (m *Target) Aliases() []string

Aliases returns the list of aliases of the Target alphabetically sorted

func (*Target) CertificateAuthorityData 

func (m *Target) CertificateAuthorityData() string

CertificateAuthorityData returns the CertificateAuthorityData of the Target

func (*Target) HasAliases 

func (m *Target) HasAliases() bool

HasAliases returns true if the Target has at least one alias

func (*Target) Name 

func (m *Target) Name() string

Name returns the main name of the Target

func (*Target) ProviderType 

func (m *Target) ProviderType() string

ProviderType returns the authentication provider of the Target

func (*Target) Server 

func (m *Target) Server() string

Server returns the server of the Target

func (*Target) ShouldConfigureForGKE 

func (m *Target) ShouldConfigureForGKE() bool

ShouldConfigureForGKE returns true iff the API server URL and CA should be fetched from the kube-public ClientConfig provided by GKE clusters instead of the other methods (e.g. inline in Osprey config file or from Osprey server)

func (*Target) ShouldFetchCAFromAPIServer 

func (m *Target) ShouldFetchCAFromAPIServer() bool

ShouldFetchCAFromAPIServer returns true iff the CA should be fetched from the kube-public ConfigMap instead of the other methods (e.g. inline in Osprey config file or from Osprey server)

type TargetEntry 

type TargetEntry struct {
	// Server is the address of the osprey server (hostname:port).
	// +optional
	Server string `yaml:"server,omitempty"`
	// APIServer is the address of the API server (hostname:port).
	// +optional
	APIServer string `yaml:"api-server,omitempty"`
	// UseGKEClientConfig true if Osprey should fetch the CA cert and server URL from the
	//kube-public/ClientConfig resource provided by the OIDC Identity Service in GKE clusters.
	// +optional
	UseGKEClientConfig bool `yaml:"use-gke-clientconfig,omitempty"`
	// CertificateAuthority is the path to a cert file for the certificate authority.
	// +optional
	CertificateAuthority string `yaml:"certificate-authority,omitempty"`
	// CertificateAuthorityData is base64-encoded CA cert data.
	// This will override any cert file specified in CertificateAuthority.
	// +optional
	CertificateAuthorityData string `yaml:"certificate-authority-data,omitempty"`
	// Aliases is a list of names that the osprey server can be called.
	// +optional
	Aliases []string `yaml:"aliases,omitempty"`
	// Groups is a list of names that can be used to group different osprey servers.
	// +optional
	Groups []string `yaml:"groups,omitempty"`
}

TargetEntry contains information about how to communicate with an osprey server

type TargetInfo 

type TargetInfo struct {
	// Username the identifier of the logged in user
	Username string
	// IDToken the JWT token for the user
	IDToken string
	// ClientID the id of the client requesting the authentication
	ClientID string
	// ClientSecret a secret to identify the client requesting the authentication
	ClientSecret string
	// IssuerURL the URL of the OIDC provider
	IssuerURL string
	// IssuerCA base64 encoded CA used to validate the Issuers certificate
	IssuerCA string
	// ClusterName name of the cluster that can be accessed with the IDToken
	ClusterName string
	// ClusterAPIServerURL URL of the apiserver of the cluster that can be accessed with the IDToken
	ClusterAPIServerURL string
	// ClusterCA base64 encoded CA of the cluster that can be accessed with the IDToken
	ClusterCA string
	// AccessToken is the JWT token for the user when using a cloud IDP
	AccessToken string
}

TargetInfo contains the data required to configure an OIDC authenticator for kubectl

type UserInfo 

type UserInfo struct {
	// Username the identifier of the logged in user
	Username string
	// Roles group memberships for the user
	Roles []string
}

UserInfo contains data about a user

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.