Documentation
¶
Index ¶
- Constants
- Variables
- type Cluster
- type ClusterExternal
- type Context
- type Project
- type ProjectExternal
- type RepoClient
- type RepoClientExternal
- type Role
- type RoleExternal
- type ServiceAccount
- type ServiceAccountAction
- type ServiceAccountActionExternal
- type ServiceAccountActionInfo
- type ServiceAccountAllActions
- type ServiceAccountCandidate
- type ServiceAccountCandidateExternal
- type ServiceAccountExternal
- type Session
- type TokenCache
- type User
- type UserExternal
Constants ¶
View Source
const ( ClusterCADataAction string = "upload-cluster-ca-data" ClientCertDataAction = "upload-client-cert-data" ClientKeyDataAction = "upload-client-key-data" OIDCIssuerDataAction = "upload-oidc-idp-issuer-ca-data" TokenDataAction = "upload-token-data" GCPKeyDataAction = "upload-gcp-key-data" AWSDataAction = "upload-aws-data" )
Action names
View Source
const ( RoleAdmin string = "admin" RoleViewer string = "viewer" )
The roles available for a project
View Source
const ( X509 string = "x509" Basic = "basic" Bearer = "bearerToken" OIDC = "oidc" GCP = "gcp-sa" AWS = "aws-sa" NotAvailable = "n/a" )
Supported auth mechanisms
View Source
const (
RepoClientGithub = "github"
)
The allowed repository clients
Variables ¶
View Source
var ServiceAccountActionInfos = map[string]ServiceAccountActionInfo{ "upload-cluster-ca-data": ServiceAccountActionInfo{ Name: ClusterCADataAction, Docs: "https://github.com/porter-dev/porter", Fields: "cluster_ca_data", }, "upload-client-cert-data": ServiceAccountActionInfo{ Name: ClientCertDataAction, Docs: "https://github.com/porter-dev/porter", Fields: "client_cert_data", }, "upload-client-key-data": ServiceAccountActionInfo{ Name: ClientKeyDataAction, Docs: "https://github.com/porter-dev/porter", Fields: "client_key_data", }, "upload-oidc-idp-issuer-ca-data": ServiceAccountActionInfo{ Name: OIDCIssuerDataAction, Docs: "https://github.com/porter-dev/porter", Fields: "oidc_idp_issuer_ca_data", }, "upload-token-data": ServiceAccountActionInfo{ Name: TokenDataAction, Docs: "https://github.com/porter-dev/porter", Fields: "token_data", }, "upload-gcp-key-data": ServiceAccountActionInfo{ Name: GCPKeyDataAction, Docs: "https://github.com/porter-dev/porter", Fields: "gcp_key_data", }, "upload-aws-data": ServiceAccountActionInfo{ Name: AWSDataAction, Docs: "https://github.com/porter-dev/porter", Fields: "aws_access_key_id,aws_secret_access_key,aws_cluster_id", }, }
ServiceAccountActionInfos contain the information for actions to be performed in order to initialize a ServiceAccount
Functions ¶
This section is empty.
Types ¶
type Cluster ¶
type Cluster struct {
gorm.Model
Name string `json:"name"`
ServiceAccountID uint `json:"service_account_id"`
LocationOfOrigin string `json:"location_of_origin"`
Server string `json:"server"`
TLSServerName string `json:"tls-server-name,omitempty"`
InsecureSkipTLSVerify bool `json:"insecure-skip-tls-verify,omitempty"`
ProxyURL string `json:"proxy-url,omitempty"`
// CertificateAuthorityData is encrypted at rest
CertificateAuthorityData []byte `json:"certificate-authority-data,omitempty"`
}
Cluster type that extends gorm.Model
func (*Cluster) Externalize ¶
func (c *Cluster) Externalize() *ClusterExternal
Externalize generates an external Cluster to be shared over REST
type ClusterExternal ¶
type ClusterExternal struct {
ID uint `json:"id"`
ServiceAccountID uint `json:"service_account_id"`
Name string `json:"name"`
Server string `json:"server"`
TLSServerName string `json:"tls-server-name,omitempty"`
InsecureSkipTLSVerify bool `json:"insecure-skip-tls-verify,omitempty"`
ProxyURL string `json:"proxy-url,omitempty"`
}
ClusterExternal is the external cluster type to be sent over REST
type Context ¶
type Context struct {
// Name is the name of the context
Name string `json:"name"`
// Server is the endpoint of the kube apiserver for a cluster
Server string `json:"server"`
// Cluster is the name of the cluster
Cluster string `json:"cluster"`
// User is the name of the user for a cluster
User string `json:"user"`
// Selected determines if the context has been selected for use in the
// dashboard
Selected bool `json:"selected"`
}
Context represents the configuration for a single cluster-user pair
type Project ¶
type Project struct {
gorm.Model
Name string `json:"name"`
Roles []Role `json:"roles"`
RepoClients []RepoClient `json:"repo_clients,omitempty"`
ServiceAccountCandidates []ServiceAccountCandidate `json:"sa_candidates"`
ServiceAccounts []ServiceAccount `json:"serviceaccounts"`
}
Project type that extends gorm.Model
func (*Project) Externalize ¶
func (p *Project) Externalize() *ProjectExternal
Externalize generates an external Project to be shared over REST
type ProjectExternal ¶
type ProjectExternal struct {
ID uint `json:"id"`
Name string `json:"name"`
Roles []RoleExternal `json:"roles"`
RepoClients []RepoClientExternal `json:"repo_clients,omitempty"`
}
ProjectExternal represents the Project type that is sent over REST
type RepoClient ¶
type RepoClient struct {
gorm.Model
ProjectID uint `json:"project_id"`
UserID uint `json:"user_id"`
RepoUserID uint `json:"repo_id"`
// the kind can be one of the predefined repo kinds
Kind string `json:"kind"`
AccessToken []byte `json:"access_token"`
RefreshToken []byte `json:"refresh_token"`
}
RepoClient is a client for a set of repositories that has been added via a project OAuth flow
func (*RepoClient) Externalize ¶
func (r *RepoClient) Externalize() *RepoClientExternal
Externalize generates an external RepoClient to be shared over REST
type RepoClientExternal ¶
type RepoClientExternal struct {
ID uint `json:"id"`
ProjectID uint `json:"project_id"`
UserID uint `json:"user_id"`
RepoUserID uint `json:"repo_id"`
Kind string `json:"kind"`
}
RepoClientExternal is a RepoClient scrubbed of sensitive information to be shared over REST
type Role ¶
type Role struct {
gorm.Model
Kind string `json:"kind"`
UserID uint `json:"user_id"`
ProjectID uint `json:"project_id"`
}
Role type that extends gorm.Model
func (*Role) Externalize ¶
func (r *Role) Externalize() *RoleExternal
Externalize generates an external Role to be shared over REST
type RoleExternal ¶
type RoleExternal struct {
ID uint `json:"id"`
Kind string `json:"kind"`
UserID uint `json:"user_id"`
ProjectID uint `json:"project_id"`
}
RoleExternal represents the Role type that is sent over REST
type ServiceAccount ¶
type ServiceAccount struct {
gorm.Model
ProjectID uint `json:"project_id"`
// Kind can either be "connector" or "provisioner"
Kind string `json:"kind"`
// Clusters is a list of clusters that this ServiceAccount can connect
// to or has provisioned
Clusters []Cluster `json:"clusters"`
// AuthMechanism is the strategy used for either connecting to or provisioning
// the cluster. Supported mechanisms are: basic,x509,bearerToken,oidc,gcp-sa,aws-sa
AuthMechanism string `json:"auth_mechanism"`
// These fields are used by all auth mechanisms
LocationOfOrigin string
Impersonate string `json:"act-as,omitempty"`
ImpersonateGroups string `json:"act-as-groups,omitempty"`
// Certificate data is used by x509 auth mechanisms over TLS
ClientCertificateData []byte `json:"client-certificate-data,omitempty"`
ClientKeyData []byte `json:"client-key-data,omitempty"`
// Token is used for bearer-token auth mechanisms
Token []byte `json:"token,omitempty"`
// Username/Password for basic authentication to a cluster
Username []byte `json:"username,omitempty"`
Password []byte `json:"password,omitempty"`
// TokenCache is a cache for bearer tokens with an expiry time
// Used by GCP and AWS mechanisms
TokenCache TokenCache `json:"token_cache"`
// KeyData for a service account for GCP connectors
GCPKeyData []byte `json:"gcp_key_data"`
// AWS data
AWSAccessKeyID []byte `json:"aws_access_key_id"`
AWSSecretAccessKey []byte `json:"aws_secret_access_key"`
AWSClusterID []byte `json:"aws_cluster_id"`
// OIDC-related fields
OIDCIssuerURL []byte `json:"idp-issuer-url"`
OIDCClientID []byte `json:"client-id"`
OIDCClientSecret []byte `json:"client-secret"`
OIDCCertificateAuthorityData []byte `json:"idp-certificate-authority-data"`
OIDCIDToken []byte `json:"id-token"`
OIDCRefreshToken []byte `json:"refresh-token"`
}
ServiceAccount type that extends gorm.Model
func (*ServiceAccount) Externalize ¶
func (s *ServiceAccount) Externalize() *ServiceAccountExternal
Externalize generates an external ServiceAccount to be shared over REST
type ServiceAccountAction ¶
type ServiceAccountAction struct {
gorm.Model
ServiceAccountCandidateID uint
// One of the constant action names
Name string `json:"name"`
Resolved bool `json:"resolved"`
// Filename is an optional filename, if the action requires
// data populated from a local file
Filename string `json:"filename,omitempty"`
}
ServiceAccountAction is an action that must be resolved to set up a ServiceAccount
func (*ServiceAccountAction) Externalize ¶
func (u *ServiceAccountAction) Externalize() *ServiceAccountActionExternal
Externalize generates an external ServiceAccount to be shared over REST
type ServiceAccountActionExternal ¶
type ServiceAccountActionExternal struct {
Name string `json:"name"`
Docs string `json:"docs"`
Resolved bool `json:"resolved"`
Fields string `json:"fields"`
Filename string `json:"filename,omitempty"`
}
ServiceAccountActionExternal is an external ServiceAccountAction to be sent over REST
type ServiceAccountActionInfo ¶
type ServiceAccountActionInfo struct {
Name string `json:"name"`
Docs string `json:"docs"`
// a comma-separated list of required fields to send in an action request
Fields string `json:"fields"`
}
ServiceAccountActionInfo contains the information for actions to be performed in order to initialize a ServiceAccount
type ServiceAccountAllActions ¶
type ServiceAccountAllActions struct {
Name string `json:"name"`
ClusterCAData string `json:"cluster_ca_data,omitempty"`
ClientCertData string `json:"client_cert_data,omitempty"`
ClientKeyData string `json:"client_key_data,omitempty"`
OIDCIssuerCAData string `json:"oidc_idp_issuer_ca_data,omitempty"`
TokenData string `json:"token_data,omitempty"`
GCPKeyData string `json:"gcp_key_data,omitempty"`
AWSAccessKeyID string `json:"aws_access_key_id"`
AWSSecretAccessKey string `json:"aws_secret_access_key"`
AWSClusterID string `json:"aws_cluster_id"`
}
ServiceAccountAllActions is a helper type that contains the fields for all possible actions, so that raw bytes can be unmarshaled in a single read
type ServiceAccountCandidate ¶
type ServiceAccountCandidate struct {
gorm.Model
ProjectID uint `json:"project_id"`
Kind string `json:"kind"`
Actions []ServiceAccountAction `json:"actions"`
ContextName string `json:"context_name"`
ClusterName string `json:"cluster_name"`
ClusterEndpoint string `json:"cluster_endpoint"`
AuthMechanism string `json:"auth_mechanism"`
// CreatedServiceAccountID is the ID of the service account that's eventually
// created
CreatedServiceAccountID uint `json:"create_sa_id"`
// The best-guess for the AWSClusterID, which is required by aws auth mechanisms
// See https://github.com/kubernetes-sigs/aws-iam-authenticator#what-is-a-cluster-id
AWSClusterIDGuess string `json:"aws_cluster_id_guess"`
Kubeconfig []byte `json:"kubeconfig"`
}
ServiceAccountCandidate is a service account that requires an action from the user to set up.
func (*ServiceAccountCandidate) Externalize ¶
func (s *ServiceAccountCandidate) Externalize() *ServiceAccountCandidateExternal
Externalize generates an external ServiceAccountCandidate to be shared over REST
type ServiceAccountCandidateExternal ¶
type ServiceAccountCandidateExternal struct {
ID uint `json:"id"`
Actions []ServiceAccountActionExternal `json:"actions"`
ProjectID uint `json:"project_id"`
Kind string `json:"kind"`
ContextName string `json:"context_name"`
ClusterName string `json:"cluster_name"`
ClusterEndpoint string `json:"cluster_endpoint"`
AuthMechanism string `json:"auth_mechanism"`
CreatedServiceAccountID uint `json:"created_sa_id"`
AWSClusterIDGuess string `json:"aws_cluster_id_guess"`
}
ServiceAccountCandidateExternal represents the ServiceAccountCandidate type that is sent over REST
type ServiceAccountExternal ¶
type ServiceAccountExternal struct {
ID uint `json:"id"`
ProjectID uint `json:"project_id"`
Kind string `json:"kind"`
Clusters []ClusterExternal `json:"clusters"`
AuthMechanism string `json:"auth_mechanism"`
}
ServiceAccountExternal is an external ServiceAccount to be shared over REST
type Session ¶
type Session struct {
gorm.Model
// Session ID
Key string `gorm:"unique"`
// encrypted cookie
Data []byte
// Time the session will expire
ExpiresAt time.Time
}
Session type that extends gorm.Model.
type TokenCache ¶
type TokenCache struct {
gorm.Model
ServiceAccountID uint `json:"service_account_id"`
Expiry time.Time `json:"expiry,omitempty"`
Token []byte `json:"access_token"`
}
TokenCache stores a token and an expiration for the token for a service account. This will never be shared over REST, so no need to externalize.
func (*TokenCache) IsExpired ¶
func (t *TokenCache) IsExpired() bool
IsExpired returns true if a token is expired, false otherwise
type User ¶
type User struct {
gorm.Model
Email string `json:"email" gorm:"unique"`
Password string `json:"password"`
}
User type that extends gorm.Model
func (*User) Externalize ¶
func (u *User) Externalize() *UserExternal
Externalize generates an external User to be shared over REST
type UserExternal ¶
UserExternal represents the User type that is sent over REST
Source Files
Click to show internal directories.
Click to hide internal directories.