Documentation
¶
Index ¶
Constants ¶
const ( // Resource information that are used as encryption key storage. Can be accessible by multiple dashboard replicas. EncryptionKeyHolderName = "kubernetes-dashboard-key-holder" EncryptionKeyHolderNamespace = "kube-system" // Expiration time (in seconds) of tokens generated by dashboard. Default: 15 min. DefaultTokenTTL = 900 )
Variables ¶
This section is empty.
Functions ¶
func ShouldRejectRequest ¶
ShouldRejectRequest returns true if url contains name and namespace of resource that should be filtered out from dashboard.
Types ¶
type AuthManager ¶
type AuthManager interface {
// Login authenticates user based on provided LoginSpec and returns AuthResponse. AuthResponse contains
// generated token and list of non-critical errors such as 'Failed authentication'.
Login(*LoginSpec) (*AuthResponse, error)
// Refresh takes valid token that hasn't expired yet and returns a new one with expiration time set to TokenTTL. In
// case provided token has expired, token expiration error is returned.
Refresh(string) (string, error)
// AuthenticationModes returns array of auth modes supported by dashboard.
AuthenticationModes() []AuthenticationMode
}
AuthManager is used for user authentication management.
type AuthResponse ¶
type AuthResponse struct {
// JWEToken is a token generated during login request that contains AuthInfo data in the payload.
JWEToken string `json:"jweToken"`
// Errors are a list of non-critical errors that happened during login request.
Errors []error `json:"errors"`
}
AuthResponse is returned from our backend as a response for login/refresh requests. It contains generated JWEToken and a list of non-critical errors such as 'Failed authentication'.
type AuthenticationMode ¶
type AuthenticationMode string
AuthenticationMode represents auth mode supported by dashboard, i.e. basic.
const ( Token AuthenticationMode = "token" Basic AuthenticationMode = "basic" )
Authentication modes supported by dashboard should be defined below.
func (AuthenticationMode) String ¶
func (self AuthenticationMode) String() string
String returns string representation of auth mode.
type AuthenticationModes ¶
type AuthenticationModes map[AuthenticationMode]bool
AuthenticationModes represents auth modes supported by dashboard.
func ToAuthenticationModes ¶
func ToAuthenticationModes(modes []string) AuthenticationModes
ToAuthenticationModes transforms array of authentication mode strings to valid AuthenticationModes type.
func (AuthenticationModes) Add ¶
func (self AuthenticationModes) Add(mode AuthenticationMode)
Add adds given auth mode to AuthenticationModes map
func (AuthenticationModes) Array ¶
func (self AuthenticationModes) Array() []AuthenticationMode
Array returns array of auth modes supported by dashboard.
func (AuthenticationModes) IsEnabled ¶
func (self AuthenticationModes) IsEnabled(mode AuthenticationMode) bool
IsEnabled returns true if given auth mode is supported, false otherwise.
type Authenticator ¶
type Authenticator interface {
// GetAuthInfo returns filled AuthInfo structure that can be used for K8S api client creation.
GetAuthInfo() (api.AuthInfo, error)
}
Authenticator represents authentication methods supported by Dashboard. Currently supported types are:
- Token based - Any bearer token accepted by apiserver
- Basic - Username and password based authentication. Requires that apiserver has basic auth enabled also
- Kubeconfig based - Authenticates user based on kubeconfig file. Only tokne/basic modes are supported within the kubeconfig file.
type LoginModesResponse ¶
type LoginModesResponse struct {
Modes []AuthenticationMode `json:"modes"`
}
LoginModesResponse contains list of auth modes supported by dashboard.
type LoginSpec ¶
type LoginSpec struct {
// Username is the username for basic authentication to the kubernetes cluster.
Username string `json:"username"`
// Password is the password for basic authentication to the kubernetes cluster.
Password string `json:"password"`
// Token is the bearer token for authentication to the kubernetes cluster.
Token string `json:"token"`
// KubeConfig is the content of users' kubeconfig file. It will be parsed and auth data will be extracted.
// Kubeconfig can not contain any paths. All data has to be provided within the file.
KubeConfig string `json:"kubeConfig"`
}
LoginSpec is extracted from request coming from Dashboard frontend during login request. It contains all the information required to authenticate user.
type TokenManager ¶
type TokenManager interface {
// Generate secure token based on AuthInfo structure and save it it tokens' payload.
Generate(api.AuthInfo) (string, error)
// Decrypt generated token and return AuthInfo structure that will be used for K8S api client creation.
Decrypt(string) (*api.AuthInfo, error)
// Refresh returns refreshed token based on provided token. In case provided token has expired, token expiration
// error is returned.
Refresh(string) (string, error)
// SetTokenTTL sets expiration time (in seconds) of generated tokens.
SetTokenTTL(time.Duration)
}
TokenManager is responsible for generating and decrypting tokens used for authorization. Authorization is handled by K8S apiserver. Token contains AuthInfo structure used to create K8S api client.
type TokenRefreshSpec ¶
type TokenRefreshSpec struct {
// JWEToken is a token generated during login request that contains AuthInfo data in the payload.
JWEToken string `json:"jweToken"`
}
TokenRefreshSpec contains token that is required by token refresh operation.
Source Files