authenticator

package
v3.32.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 9, 2024 License: Apache-2.0 Imports: 10 Imported by: 0

README

Certificates generation for authenticator tests

Testing certificates where generated using cfssl tool.

Steps to generate new certificates

Install cfssl and generate configuration files as follows:

ca-config.json:

{
    "signing": {
        "default": {
            "expiry": "876000h"
        },
        "profiles": {
            "server": {
                "expiry": "876000h",
                "hosts": [
                    "localhost"
                ],
                "usages": [
                    "signing",
                    "key encipherment",
                    "server auth"
                ]
            },
            "client": {
                "expiry": "876000h",
                "usages": [
                    "signing",
                    "key encipherment",
                    "client auth"
                ]
            }
        }
    }
}

ca.csr.json:

{
    "CN": "my.own.ca",
    "hosts": [
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "ES",
            "ST": "BCN",
            "L": "Barcelona"
        }
    ]
}

server.json:

{
    "CN": "server",
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "hosts": ["localhost"]
}

client.json:

{
    "CN": "client",
    "key": {
        "algo": "rsa",
        "size": 2048
    }
}

Generate the CA certificate:

cfssl gencert -initca ca-csr.json | cfssljson -bare ca

Generate the server certificate:

 cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=server server.json | cfssljson -bare server

Generate the client certificate:

 cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=client client.json | cfssljson -bare client

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Authenticator

type Authenticator interface {
	// AuthenticatedTransport returns a RoundTripper with the required configuration
	// to connect to the endpoint.
	AuthenticatedTransport(endpoint config.Endpoint) (http.RoundTripper, error)
}

Authenticator provides an interface to generate a authorized round tripper.

type Config

type Config struct {
	SecretListerer  discovery.SecretListerer
	InClusterConfig *rest.Config
}

type K8sClientAuthenticator

type K8sClientAuthenticator struct {
	Config
	// contains filtered or unexported fields
}

func New

func New(config Config, opts ...OptionFunc) (*K8sClientAuthenticator, error)

New returns an K8sClientAuthenticator that supports plain, bearer token and mTLS.

func (K8sClientAuthenticator) AuthenticatedTransport

func (a K8sClientAuthenticator) AuthenticatedTransport(endpoint config.Endpoint) (http.RoundTripper, error)

AuthenticatedTransport returns a round tripper according to the endpoint config. For mTLS configuration it fetches the certificates from the secret.

type OptionFunc

type OptionFunc func(kca *K8sClientAuthenticator) error

func WithLogger

func WithLogger(logger *log.Logger) OptionFunc

WithLogger returns an OptionFunc to change the logger from the default noop logger.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL