Documentation
¶
Index ¶
- Constants
- func GCPProjectIDFromJSON(jsonData []byte) (string, error)
- type AWSIntegration
- func (a *AWSIntegration) GetBearerToken(getTokenCache GetTokenCacheFunc, setTokenCache SetTokenCacheFunc) (string, error)
- func (a *AWSIntegration) GetSession() (*session.Session, error)
- func (a *AWSIntegration) PopulateAWSArn() error
- func (a *AWSIntegration) ToAWSIntegrationType() *types.AWSIntegration
- type BasicIntegration
- type ClusterTokenCache
- type GCPIntegration
- type GetTokenCacheFunc
- type GithubAppInstallation
- type GithubAppOAuthIntegration
- type HelmRepoTokenCache
- type KubeIntegration
- type KubeIntegrationName
- type OAuthIntegration
- type OIDCIntegration
- type OIDCIntegrationClient
- type RegTokenCache
- type SetTokenCacheFunc
- type SharedOAuthModel
- type SlackIntegration
- type TokenCache
Constants ¶
const ( KubeX509 KubeIntegrationName = "x509" KubeBasic = "basic" KubeBearer = "bearer" KubeLocal = "local" )
The supported kube auth mechanisms
Variables ¶
This section is empty.
Functions ¶
func GCPProjectIDFromJSON ¶
Types ¶
type AWSIntegration ¶
type AWSIntegration struct {
gorm.Model
// The id of the user that linked this auth mechanism
UserID uint `json:"user_id"`
// The project that this integration belongs to
ProjectID uint `json:"project_id"`
// The AWS arn this is integration is linked to
AWSArn string `json:"aws_arn"`
// The optional AWS region (required by some session configurations)
AWSRegion string `json:"aws_region"`
// The AWS cluster ID
// See https://github.com/kubernetes-sigs/aws-iam-authenticator#what-is-a-cluster-id
AWSClusterID []byte `json:"aws_cluster_id"`
// The AWS access key for this IAM user
AWSAccessKeyID []byte `json:"aws_access_key_id"`
// The AWS secret key for this IAM user
AWSSecretAccessKey []byte `json:"aws_secret_access_key"`
// An optional session token, if the user is assuming a role
AWSSessionToken []byte `json:"aws_session_token"`
}
AWSIntegration is an auth mechanism that uses a AWS IAM user to authenticate
func (*AWSIntegration) GetBearerToken ¶
func (a *AWSIntegration) GetBearerToken( getTokenCache GetTokenCacheFunc, setTokenCache SetTokenCacheFunc, ) (string, error)
GetBearerToken retrieves a bearer token for an AWS account
func (*AWSIntegration) GetSession ¶
func (a *AWSIntegration) GetSession() (*session.Session, error)
GetSession retrieves an AWS session to use based on the access key and secret access key
func (*AWSIntegration) PopulateAWSArn ¶
func (a *AWSIntegration) PopulateAWSArn() error
PopulateAWSArn uses the access key/secret to get the caller identity, and attaches it to the AWS integration
func (*AWSIntegration) ToAWSIntegrationType ¶ added in v0.10.0
func (a *AWSIntegration) ToAWSIntegrationType() *types.AWSIntegration
type BasicIntegration ¶
type BasicIntegration struct {
gorm.Model
// The id of the user that linked this auth mechanism
UserID uint `json:"user_id"`
// The project that this integration belongs to
ProjectID uint `json:"project_id"`
// Username/Password for basic authentication to a cluster
Username []byte `json:"username,omitempty"`
Password []byte `json:"password,omitempty"`
}
BasicIntegration represents a basic auth mechanism via username/password
func (*BasicIntegration) ToBasicIntegrationType ¶ added in v0.10.0
func (b *BasicIntegration) ToBasicIntegrationType() *types.BasicIntegration
type ClusterTokenCache ¶
type ClusterTokenCache struct {
TokenCache
ClusterID uint `json:"cluster_id"`
}
ClusterTokenCache is a token cache that clusters can use; a foreign key constraint between a Cluster and ClusterTokenCache is created
type GCPIntegration ¶
type GCPIntegration struct {
gorm.Model
// The id of the user that linked this auth mechanism
UserID uint `json:"user_id"`
// The project that this integration belongs to
ProjectID uint `json:"project_id"`
// The GCP project id where the service account for this auth mechanism persists
GCPProjectID string `json:"gcp_project_id"`
// The GCP user email that linked this service account
GCPUserEmail string `json:"gcp-user-email"`
// The GCP region, which may or may not be used by the integration
GCPRegion string `json:"gcp_region"`
// KeyData for a service account for GCP connectors
GCPKeyData []byte `json:"gcp_key_data"`
}
GCPIntegration is an auth mechanism that uses a GCP service account to authenticate
func (*GCPIntegration) GetBearerToken ¶
func (g *GCPIntegration) GetBearerToken( getTokenCache GetTokenCacheFunc, setTokenCache SetTokenCacheFunc, scopes ...string, ) (*oauth2.Token, error)
GetBearerToken retrieves a bearer token for a GCP account
func (*GCPIntegration) ToGCPIntegrationType ¶ added in v0.10.0
func (g *GCPIntegration) ToGCPIntegrationType() *types.GCPIntegration
type GetTokenCacheFunc ¶
type GetTokenCacheFunc func() (tok *TokenCache, err error)
GetTokenCacheFunc is a function that retrieves the token and expiry time from the db
type GithubAppInstallation ¶ added in v0.5.0
type GithubAppInstallation struct {
gorm.Model
// Can belong to either a user or an organization
AccountID int64 `json:"account_id" gorm:"unique"`
// Installation ID (used for authentication)
InstallationID int64 `json:"installation_id"`
}
GithubAppInstallation is an instance of the porter github app we need to store account/installation id pairs in order to authenticate as the installation
func (*GithubAppInstallation) ToGitInstallationType ¶ added in v0.10.0
func (r *GithubAppInstallation) ToGitInstallationType() *types.GitInstallation
type GithubAppOAuthIntegration ¶ added in v0.5.0
type GithubAppOAuthIntegration struct {
gorm.Model
// The id of the user that linked this auth mechanism
UserID uint `json:"user_id"`
}
GithubAppOAuthIntegration is the model used for storing github app oauth data Unlike the above, this model is tied to a specific user, not a project
type HelmRepoTokenCache ¶
type HelmRepoTokenCache struct {
TokenCache
HelmRepoID uint `json:"helm_repo_id"`
}
HelmRepoTokenCache is a token cache that helm repos can use; a foreign key constraint between a HelmRepo and HelmRepoTokenCache is created
type KubeIntegration ¶
type KubeIntegration struct {
gorm.Model
// The name of the auth mechanism
Mechanism KubeIntegrationName `json:"mechanism"`
// The id of the user that linked this auth mechanism
UserID uint `json:"user_id"`
// The project that this integration belongs to
ProjectID uint `json:"project_id"`
// Certificate data is used by x509 auth mechanisms over TLS
ClientCertificateData []byte `json:"client-certificate-data,omitempty"`
ClientKeyData []byte `json:"client-key-data,omitempty"`
// Token is used for bearer-token auth mechanisms
Token []byte `json:"token,omitempty"`
// Username/Password for basic authentication to a cluster
Username []byte `json:"username,omitempty"`
Password []byte `json:"password,omitempty"`
// The raw kubeconfig, used by local auth mechanisms
Kubeconfig []byte `json:"kubeconfig"`
}
KubeIntegration represents the kube-native auth mechanisms: using x509 certs, basic (username/password), bearer tokens, or local (using local kubeconfig)
type KubeIntegrationName ¶
type KubeIntegrationName string
KubeIntegrationName is the name of a kube auth mechanism
type OAuthIntegration ¶
type OAuthIntegration struct {
gorm.Model
// The name of the auth mechanism
Client types.OAuthIntegrationClient `json:"client"`
// The id of the user that linked this auth mechanism
UserID uint `json:"user_id"`
// The project that this integration belongs to
ProjectID uint `json:"project_id"`
}
OAuthIntegration is an auth mechanism that uses oauth https://tools.ietf.org/html/rfc6749
func (*OAuthIntegration) ToOAuthIntegrationType ¶ added in v0.10.0
func (o *OAuthIntegration) ToOAuthIntegrationType() *types.OAuthIntegration
ToOAuthIntegrationType generates an external OAuthIntegration to be shared over REST
type OIDCIntegration ¶
type OIDCIntegration struct {
gorm.Model
// The name of the auth mechanism
Client OIDCIntegrationClient `json:"client"`
// The id of the user that linked this auth mechanism
UserID uint `json:"user_id"`
// The project that this integration belongs to
ProjectID uint `json:"project_id"`
// The "Issuer Identifier" of the OIDC spec (16.15)
IssuerURL []byte `json:"idp-issuer-url"`
// The ID issued to the Relying Party
ClientID []byte `json:"client-id"`
// The secret issued to the Relying Party
//
// This is present because it used to be a required field in a kubeconfig.
// However, because the kube apiserver acts as a Relying Party, the client
// secret is not necessary.
ClientSecret []byte `json:"client-secret"`
// The CA data -- certificate check must be performed (16.17)
CertificateAuthorityData []byte `json:"idp-certificate-authority-data"`
// The user's JWT id token
IDToken []byte `json:"id-token"`
// The user's refresh token
RefreshToken []byte `json:"refresh-token"`
}
OIDCIntegration is an auth mechanism that uses oidc. Spec: https://openid.net/specs/openid-connect-core-1_0.html
type OIDCIntegrationClient ¶
type OIDCIntegrationClient string
OIDCIntegrationClient is the name of an OIDC auth mechanism client
const (
OIDCKube OIDCIntegrationClient = "kube"
)
The supported OIDC auth mechanism clients
type RegTokenCache ¶
type RegTokenCache struct {
TokenCache
RegistryID uint `json:"registry_id"`
}
RegTokenCache stores a token and an expiration for the JWT token for a Docker registry. This will never be shared over REST, so no need to externalize.
type SetTokenCacheFunc ¶
SetTokenCacheFunc is a function that updates the token cache with a new token and expiry time
type SharedOAuthModel ¶ added in v0.5.0
type SharedOAuthModel struct {
ClientID []byte `json:"client-id"`
AccessToken []byte `json:"access-token"`
RefreshToken []byte `json:"refresh-token"`
// If 0, token will never refresh
Expiry time.Time
}
SharedOAuthModel stores general fields needed for OAuth Integration
type SlackIntegration ¶ added in v0.7.2
type SlackIntegration struct {
gorm.Model
// The name of the auth mechanism
Client types.OAuthIntegrationClient `json:"client"`
// The id of the user that linked this auth mechanism
UserID uint `json:"user_id"`
// The project that this integration belongs to
ProjectID uint `json:"project_id"`
// The ID for the Slack team
TeamID string
// The name of the Slack team
TeamName string
// The icon url for the Slack team
TeamIconURL string
// The channel name that the Slack app is installed in
Channel string
// The channel id that the Slack app is installed in
ChannelID string
// The URL for configuring the workspace app instance
ConfigurationURL string
// The webhook to call
Webhook []byte
}
SlackIntegration is a webhook notifier to a specific channel in a Slack workspace.
func (*SlackIntegration) ToSlackIntegraionType ¶ added in v0.10.0
func (s *SlackIntegration) ToSlackIntegraionType() *types.SlackIntegration
type TokenCache ¶
type TokenCache struct {
gorm.Model
Expiry time.Time `json:"expiry,omitempty"`
Token []byte `json:"access_token"`
}
TokenCache stores a token and an expiration for the token for a service account. This will never be shared over REST, so no need to externalize.
func (*TokenCache) IsExpired ¶
func (t *TokenCache) IsExpired() bool
IsExpired returns true if a token is expired, false otherwise
Source Files