integrations

package
v0.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 30, 2021 License: MIT Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	KubeX509   KubeIntegrationName = "x509"
	KubeBasic                      = "basic"
	KubeBearer                     = "bearer"
	KubeLocal                      = "local"
)

The supported kube auth mechanisms

Variables

This section is empty.

Functions

func GCPProjectIDFromJSON 

func GCPProjectIDFromJSON(jsonData []byte) (string, error)

Types

type AWSIntegration 

type AWSIntegration struct {
	gorm.Model

	// The id of the user that linked this auth mechanism
	UserID uint `json:"user_id"`

	// The project that this integration belongs to
	ProjectID uint `json:"project_id"`

	// The AWS arn this is integration is linked to
	AWSArn string `json:"aws_arn"`

	// The optional AWS region (required by some session configurations)
	AWSRegion string `json:"aws_region"`

	// The AWS cluster ID
	// See https://github.com/kubernetes-sigs/aws-iam-authenticator#what-is-a-cluster-id
	AWSClusterID []byte `json:"aws_cluster_id"`

	// The AWS access key for this IAM user
	AWSAccessKeyID []byte `json:"aws_access_key_id"`

	// The AWS secret key for this IAM user
	AWSSecretAccessKey []byte `json:"aws_secret_access_key"`

	// An optional session token, if the user is assuming a role
	AWSSessionToken []byte `json:"aws_session_token"`
}

AWSIntegration is an auth mechanism that uses a AWS IAM user to authenticate

func (*AWSIntegration) GetBearerToken 

func (a *AWSIntegration) GetBearerToken(
	getTokenCache GetTokenCacheFunc,
	setTokenCache SetTokenCacheFunc,
) (string, error)

GetBearerToken retrieves a bearer token for an AWS account

func (*AWSIntegration) GetSession 

func (a *AWSIntegration) GetSession() (*session.Session, error)

GetSession retrieves an AWS session to use based on the access key and secret access key

func (*AWSIntegration) PopulateAWSArn 

func (a *AWSIntegration) PopulateAWSArn() error

PopulateAWSArn uses the access key/secret to get the caller identity, and attaches it to the AWS integration

func (*AWSIntegration) ToAWSIntegrationType added in v0.10.0 

func (a *AWSIntegration) ToAWSIntegrationType() *types.AWSIntegration

type BasicIntegration 

type BasicIntegration struct {
	gorm.Model

	// The id of the user that linked this auth mechanism
	UserID uint `json:"user_id"`

	// The project that this integration belongs to
	ProjectID uint `json:"project_id"`

	// Username/Password for basic authentication to a cluster
	Username []byte `json:"username,omitempty"`
	Password []byte `json:"password,omitempty"`
}

BasicIntegration represents a basic auth mechanism via username/password

func (*BasicIntegration) ToBasicIntegrationType added in v0.10.0 

func (b *BasicIntegration) ToBasicIntegrationType() *types.BasicIntegration

type ClusterTokenCache 

type ClusterTokenCache struct {
	TokenCache

	ClusterID uint `json:"cluster_id"`
}

ClusterTokenCache is a token cache that clusters can use; a foreign key constraint between a Cluster and ClusterTokenCache is created

type GCPIntegration 

type GCPIntegration struct {
	gorm.Model

	// The id of the user that linked this auth mechanism
	UserID uint `json:"user_id"`

	// The project that this integration belongs to
	ProjectID uint `json:"project_id"`

	// The GCP project id where the service account for this auth mechanism persists
	GCPProjectID string `json:"gcp_project_id"`

	// The GCP user email that linked this service account
	GCPUserEmail string `json:"gcp-user-email"`

	// The GCP region, which may or may not be used by the integration
	GCPRegion string `json:"gcp_region"`

	// KeyData for a service account for GCP connectors
	GCPKeyData []byte `json:"gcp_key_data"`
}

GCPIntegration is an auth mechanism that uses a GCP service account to authenticate

func (*GCPIntegration) GetBearerToken 

func (g *GCPIntegration) GetBearerToken(
	getTokenCache GetTokenCacheFunc,
	setTokenCache SetTokenCacheFunc,
	scopes ...string,
) (*oauth2.Token, error)

GetBearerToken retrieves a bearer token for a GCP account

func (*GCPIntegration) ToGCPIntegrationType added in v0.10.0 

func (g *GCPIntegration) ToGCPIntegrationType() *types.GCPIntegration

type GetTokenCacheFunc 

type GetTokenCacheFunc func() (tok *TokenCache, err error)

GetTokenCacheFunc is a function that retrieves the token and expiry time from the db

type GithubAppInstallation added in v0.5.0 

type GithubAppInstallation struct {
	gorm.Model

	// Can belong to either a user or an organization
	AccountID int64 `json:"account_id" gorm:"unique"`

	// Installation ID (used for authentication)
	InstallationID int64 `json:"installation_id"`
}

GithubAppInstallation is an instance of the porter github app we need to store account/installation id pairs in order to authenticate as the installation

func (*GithubAppInstallation) ToGitInstallationType added in v0.10.0 

func (r *GithubAppInstallation) ToGitInstallationType() *types.GitInstallation

type GithubAppOAuthIntegration added in v0.5.0 

type GithubAppOAuthIntegration struct {
	gorm.Model
	SharedOAuthModel

	// The id of the user that linked this auth mechanism
	UserID uint `json:"user_id"`
}

GithubAppOAuthIntegration is the model used for storing github app oauth data Unlike the above, this model is tied to a specific user, not a project

type HelmRepoTokenCache 

type HelmRepoTokenCache struct {
	TokenCache

	HelmRepoID uint `json:"helm_repo_id"`
}

HelmRepoTokenCache is a token cache that helm repos can use; a foreign key constraint between a HelmRepo and HelmRepoTokenCache is created

type KubeIntegration 

type KubeIntegration struct {
	gorm.Model

	// The name of the auth mechanism
	Mechanism KubeIntegrationName `json:"mechanism"`

	// The id of the user that linked this auth mechanism
	UserID uint `json:"user_id"`

	// The project that this integration belongs to
	ProjectID uint `json:"project_id"`

	// Certificate data is used by x509 auth mechanisms over TLS
	ClientCertificateData []byte `json:"client-certificate-data,omitempty"`
	ClientKeyData         []byte `json:"client-key-data,omitempty"`

	// Token is used for bearer-token auth mechanisms
	Token []byte `json:"token,omitempty"`

	// Username/Password for basic authentication to a cluster
	Username []byte `json:"username,omitempty"`
	Password []byte `json:"password,omitempty"`

	// The raw kubeconfig, used by local auth mechanisms
	Kubeconfig []byte `json:"kubeconfig"`
}

KubeIntegration represents the kube-native auth mechanisms: using x509 certs, basic (username/password), bearer tokens, or local (using local kubeconfig)

type KubeIntegrationName 

type KubeIntegrationName string

KubeIntegrationName is the name of a kube auth mechanism

type OAuthIntegration 

type OAuthIntegration struct {
	gorm.Model
	SharedOAuthModel

	// The name of the auth mechanism
	Client types.OAuthIntegrationClient `json:"client"`

	// The id of the user that linked this auth mechanism
	UserID uint `json:"user_id"`

	// The project that this integration belongs to
	ProjectID uint `json:"project_id"`
}

OAuthIntegration is an auth mechanism that uses oauth https://tools.ietf.org/html/rfc6749

func (*OAuthIntegration) ToOAuthIntegrationType added in v0.10.0 

func (o *OAuthIntegration) ToOAuthIntegrationType() *types.OAuthIntegration

ToOAuthIntegrationType generates an external OAuthIntegration to be shared over REST

type OIDCIntegration 

type OIDCIntegration struct {
	gorm.Model

	// The name of the auth mechanism
	Client OIDCIntegrationClient `json:"client"`

	// The id of the user that linked this auth mechanism
	UserID uint `json:"user_id"`

	// The project that this integration belongs to
	ProjectID uint `json:"project_id"`

	// The "Issuer Identifier" of the OIDC spec (16.15)
	IssuerURL []byte `json:"idp-issuer-url"`

	// The ID issued to the Relying Party
	ClientID []byte `json:"client-id"`

	// The secret issued to the Relying Party
	//
	// This is present because it used to be a required field in a kubeconfig.
	// However, because the kube apiserver acts as a Relying Party, the client
	// secret is not necessary.
	ClientSecret []byte `json:"client-secret"`

	// The CA data -- certificate check must be performed (16.17)
	CertificateAuthorityData []byte `json:"idp-certificate-authority-data"`

	// The user's JWT id token
	IDToken []byte `json:"id-token"`

	// The user's refresh token
	RefreshToken []byte `json:"refresh-token"`
}

OIDCIntegration is an auth mechanism that uses oidc. Spec: https://openid.net/specs/openid-connect-core-1_0.html

type OIDCIntegrationClient 

type OIDCIntegrationClient string

OIDCIntegrationClient is the name of an OIDC auth mechanism client 

const (
	OIDCKube OIDCIntegrationClient = "kube"
)

The supported OIDC auth mechanism clients

type RegTokenCache 

type RegTokenCache struct {
	TokenCache

	RegistryID uint `json:"registry_id"`
}

RegTokenCache stores a token and an expiration for the JWT token for a Docker registry. This will never be shared over REST, so no need to externalize.

type SetTokenCacheFunc 

type SetTokenCacheFunc func(token string, expiry time.Time) error

SetTokenCacheFunc is a function that updates the token cache with a new token and expiry time

type SharedOAuthModel added in v0.5.0 

type SharedOAuthModel struct {
	// The ID issued to the client
	ClientID []byte `json:"client-id"`

	// The end-users's access token
	AccessToken []byte `json:"access-token"`

	// The end-user's refresh token
	RefreshToken []byte `json:"refresh-token"`

	// Time token expires and needs to be refreshed.
	// If 0, token will never refresh
	Expiry time.Time
}

SharedOAuthModel stores general fields needed for OAuth Integration

type SlackIntegration added in v0.7.2 

type SlackIntegration struct {
	gorm.Model
	SharedOAuthModel

	// The name of the auth mechanism
	Client types.OAuthIntegrationClient `json:"client"`

	// The id of the user that linked this auth mechanism
	UserID uint `json:"user_id"`

	// The project that this integration belongs to
	ProjectID uint `json:"project_id"`

	// The ID for the Slack team
	TeamID string

	// The name of the Slack team
	TeamName string

	// The icon url for the Slack team
	TeamIconURL string

	// The channel name that the Slack app is installed in
	Channel string

	// The channel id that the Slack app is installed in
	ChannelID string

	// The URL for configuring the workspace app instance
	ConfigurationURL string

	// The webhook to call
	Webhook []byte
}

SlackIntegration is a webhook notifier to a specific channel in a Slack workspace.

func (*SlackIntegration) ToSlackIntegraionType added in v0.10.0 

func (s *SlackIntegration) ToSlackIntegraionType() *types.SlackIntegration

type TokenCache 

type TokenCache struct {
	gorm.Model

	Expiry time.Time `json:"expiry,omitempty"`

	Token []byte `json:"access_token"`
}

TokenCache stores a token and an expiration for the token for a service account. This will never be shared over REST, so no need to externalize.

func (*TokenCache) IsExpired 

func (t *TokenCache) IsExpired() bool

IsExpired returns true if a token is expired, false otherwise

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.