Documentation ¶
Index ¶
- Constants
- Variables
- func GCPProjectIDFromJSON(jsonData []byte) (string, error)
- type AWSIntegration
- func (a *AWSIntegration) Externalize() *AWSIntegrationExternal
- func (a *AWSIntegration) GetBearerToken(getTokenCache GetTokenCacheFunc, setTokenCache SetTokenCacheFunc) (string, error)
- func (a *AWSIntegration) GetSession() (*session.Session, error)
- func (a *AWSIntegration) PopulateAWSArn() error
- func (a *AWSIntegration) ToProjectIntegration(category string, service IntegrationService) *ProjectIntegration
- type AWSIntegrationExternal
- type BasicIntegration
- type BasicIntegrationExternal
- type ClusterTokenCache
- type GCPIntegration
- func (g *GCPIntegration) Externalize() *GCPIntegrationExternal
- func (g *GCPIntegration) GetBearerToken(getTokenCache GetTokenCacheFunc, setTokenCache SetTokenCacheFunc, ...) (string, error)
- func (g *GCPIntegration) ToProjectIntegration(category string, service IntegrationService) *ProjectIntegration
- type GCPIntegrationExternal
- type GetTokenCacheFunc
- type GithubAppInstallation
- type GithubAppInstallationExternal
- type GithubAppOAuthIntegration
- type HelmRepoTokenCache
- type IntegrationService
- type KubeIntegration
- type KubeIntegrationExternal
- type KubeIntegrationName
- type OAuthIntegration
- type OAuthIntegrationClient
- type OAuthIntegrationExternal
- type OIDCIntegration
- type OIDCIntegrationClient
- type OIDCIntegrationExternal
- type PorterIntegration
- type ProjectIntegration
- type RegTokenCache
- type SetTokenCacheFunc
- type SharedOAuthModel
- type SlackIntegration
- type SlackIntegrationExternal
- type TokenCache
Constants ¶
const ( KubeX509 KubeIntegrationName = "x509" KubeBasic = "basic" KubeBearer = "bearer" KubeLocal = "local" )
The supported kube auth mechanisms
Variables ¶
var PorterClusterIntegrations = []PorterIntegration{ PorterIntegration{ AuthMechanism: "gcp", Category: "cluster", Service: GKE, }, PorterIntegration{ AuthMechanism: "aws", Category: "cluster", Service: EKS, }, PorterIntegration{ AuthMechanism: "kube", Category: "cluster", Service: Kube, }, }
PorterClusterIntegrations are the supported cluster integrations
var PorterGitRepoIntegrations = []PorterIntegration{ PorterIntegration{ AuthMechanism: "oauth", Category: "repo", Service: Github, }, }
PorterGitRepoIntegrations are the supported git repo integrations
var PorterHelmRepoIntegrations = []PorterIntegration{ PorterIntegration{ AuthMechanism: "basic", Category: "helm", Service: HelmRepo, }, PorterIntegration{ AuthMechanism: "gcp", Category: "helm", Service: GCS, }, PorterIntegration{ AuthMechanism: "aws", Category: "helm", Service: S3, }, }
PorterHelmRepoIntegrations are the supported helm repo integrations
var PorterRegistryIntegrations = []PorterIntegration{ PorterIntegration{ AuthMechanism: "gcp", Category: "registry", Service: GCR, }, PorterIntegration{ AuthMechanism: "aws", Category: "registry", Service: ECR, }, PorterIntegration{ AuthMechanism: "oauth", Category: "registry", Service: Docker, }, }
PorterRegistryIntegrations are the supported registry integrations
Functions ¶
func GCPProjectIDFromJSON ¶
Types ¶
type AWSIntegration ¶
type AWSIntegration struct { gorm.Model // The id of the user that linked this auth mechanism UserID uint `json:"user_id"` // The project that this integration belongs to ProjectID uint `json:"project_id"` // The AWS arn this is integration is linked to AWSArn string `json:"aws_arn"` // The optional AWS region (required by some session configurations) AWSRegion string `json:"aws_region"` // The AWS cluster ID // See https://github.com/kubernetes-sigs/aws-iam-authenticator#what-is-a-cluster-id AWSClusterID []byte `json:"aws_cluster_id"` // The AWS access key for this IAM user AWSAccessKeyID []byte `json:"aws_access_key_id"` // The AWS secret key for this IAM user AWSSecretAccessKey []byte `json:"aws_secret_access_key"` // An optional session token, if the user is assuming a role AWSSessionToken []byte `json:"aws_session_token"` }
AWSIntegration is an auth mechanism that uses a AWS IAM user to authenticate
func (*AWSIntegration) Externalize ¶
func (a *AWSIntegration) Externalize() *AWSIntegrationExternal
Externalize generates an external KubeIntegration to be shared over REST
func (*AWSIntegration) GetBearerToken ¶
func (a *AWSIntegration) GetBearerToken( getTokenCache GetTokenCacheFunc, setTokenCache SetTokenCacheFunc, ) (string, error)
GetBearerToken retrieves a bearer token for an AWS account
func (*AWSIntegration) GetSession ¶
func (a *AWSIntegration) GetSession() (*session.Session, error)
GetSession retrieves an AWS session to use based on the access key and secret access key
func (*AWSIntegration) PopulateAWSArn ¶
func (a *AWSIntegration) PopulateAWSArn() error
PopulateAWSArn uses the access key/secret to get the caller identity, and attaches it to the AWS integration
func (*AWSIntegration) ToProjectIntegration ¶
func (a *AWSIntegration) ToProjectIntegration( category string, service IntegrationService, ) *ProjectIntegration
ToProjectIntegration converts an aws integration to a project integration
type AWSIntegrationExternal ¶
type AWSIntegrationExternal struct { ID uint `json:"id"` // The id of the user that linked this auth mechanism UserID uint `json:"user_id"` // The project that this integration belongs to ProjectID uint `json:"project_id"` // The AWS arn this is integration is linked to AWSArn string `json:"aws_arn"` }
AWSIntegrationExternal is a AWSIntegration to be shared over REST
type BasicIntegration ¶
type BasicIntegration struct { gorm.Model // The id of the user that linked this auth mechanism UserID uint `json:"user_id"` // The project that this integration belongs to ProjectID uint `json:"project_id"` // Username/Password for basic authentication to a cluster Username []byte `json:"username,omitempty"` Password []byte `json:"password,omitempty"` }
BasicIntegration represents a basic auth mechanism via username/password
func (*BasicIntegration) Externalize ¶
func (b *BasicIntegration) Externalize() *BasicIntegrationExternal
Externalize generates an external BasicIntegration to be shared over REST
func (*BasicIntegration) ToProjectIntegration ¶
func (b *BasicIntegration) ToProjectIntegration( category string, service IntegrationService, ) *ProjectIntegration
ToProjectIntegration converts an oauth integration to a project integration
type BasicIntegrationExternal ¶
type BasicIntegrationExternal struct { ID uint `json:"id"` // The id of the user that linked this auth mechanism UserID uint `json:"user_id"` // The project that this integration belongs to ProjectID uint `json:"project_id"` }
BasicIntegrationExternal is a BasicIntegration to be shared over REST
type ClusterTokenCache ¶
type ClusterTokenCache struct { TokenCache ClusterID uint `json:"cluster_id"` }
ClusterTokenCache is a token cache that clusters can use; a foreign key constraint between a Cluster and ClusterTokenCache is created
type GCPIntegration ¶
type GCPIntegration struct { gorm.Model // The id of the user that linked this auth mechanism UserID uint `json:"user_id"` // The project that this integration belongs to ProjectID uint `json:"project_id"` // The GCP project id where the service account for this auth mechanism persists GCPProjectID string `json:"gcp_project_id"` // The GCP user email that linked this service account GCPUserEmail string `json:"gcp-user-email"` // The GCP region, which may or may not be used by the integration GCPRegion string `json:"gcp_region"` // KeyData for a service account for GCP connectors GCPKeyData []byte `json:"gcp_key_data"` }
GCPIntegration is an auth mechanism that uses a GCP service account to authenticate
func (*GCPIntegration) Externalize ¶
func (g *GCPIntegration) Externalize() *GCPIntegrationExternal
Externalize generates an external KubeIntegration to be shared over REST
func (*GCPIntegration) GetBearerToken ¶
func (g *GCPIntegration) GetBearerToken( getTokenCache GetTokenCacheFunc, setTokenCache SetTokenCacheFunc, scopes ...string, ) (string, error)
GetBearerToken retrieves a bearer token for a GCP account
func (*GCPIntegration) ToProjectIntegration ¶
func (g *GCPIntegration) ToProjectIntegration( category string, service IntegrationService, ) *ProjectIntegration
ToProjectIntegration converts a gcp integration to a project integration
type GCPIntegrationExternal ¶
type GCPIntegrationExternal struct { ID uint `json:"id"` // The id of the user that linked this auth mechanism UserID uint `json:"user_id"` // The project that this integration belongs to ProjectID uint `json:"project_id"` // The GCP project id where the service account for this auth mechanism persists GCPProjectID string `json:"gcp-project-id"` // The GCP user email that linked this service account GCPUserEmail string `json:"gcp-user-email"` }
GCPIntegrationExternal is a GCPIntegration to be shared over REST
type GetTokenCacheFunc ¶
type GetTokenCacheFunc func() (tok *TokenCache, err error)
GetTokenCacheFunc is a function that retrieves the token and expiry time from the db
type GithubAppInstallation ¶ added in v0.5.0
type GithubAppInstallation struct { gorm.Model // Can belong to either a user or an organization AccountID int64 `json:"account_id" gorm:"unique"` // Installation ID (used for authentication) InstallationID int64 `json:"installation_id"` }
GithubAppInstallation is an instance of the porter github app we need to store account/installation id pairs in order to authenticate as the installation
func (*GithubAppInstallation) Externalize ¶ added in v0.5.0
func (r *GithubAppInstallation) Externalize() *GithubAppInstallationExternal
type GithubAppInstallationExternal ¶ added in v0.5.0
type GithubAppOAuthIntegration ¶ added in v0.5.0
type GithubAppOAuthIntegration struct { gorm.Model // The id of the user that linked this auth mechanism UserID uint `json:"user_id"` }
GithubAppOAuthIntegration is the model used for storing github app oauth data Unlike the above, this model is tied to a specific user, not a project
type HelmRepoTokenCache ¶
type HelmRepoTokenCache struct { TokenCache HelmRepoID uint `json:"helm_repo_id"` }
HelmRepoTokenCache is a token cache that helm repos can use; a foreign key constraint between a HelmRepo and HelmRepoTokenCache is created
type IntegrationService ¶
type IntegrationService string
IntegrationService is the name of a third-party service
const ( GKE IntegrationService = "gke" DOKS IntegrationService = "doks" GCS IntegrationService = "gcs" S3 IntegrationService = "s3" HelmRepo IntegrationService = "helm" EKS IntegrationService = "eks" Kube IntegrationService = "kube" GCR IntegrationService = "gcr" ECR IntegrationService = "ecr" DOCR IntegrationService = "docr" Github IntegrationService = "github" DockerHub IntegrationService = "dockerhub" Docker IntegrationService = "docker" )
The list of supported third-party services
type KubeIntegration ¶
type KubeIntegration struct { gorm.Model // The name of the auth mechanism Mechanism KubeIntegrationName `json:"mechanism"` // The id of the user that linked this auth mechanism UserID uint `json:"user_id"` // The project that this integration belongs to ProjectID uint `json:"project_id"` // Certificate data is used by x509 auth mechanisms over TLS ClientCertificateData []byte `json:"client-certificate-data,omitempty"` ClientKeyData []byte `json:"client-key-data,omitempty"` // Token is used for bearer-token auth mechanisms Token []byte `json:"token,omitempty"` // Username/Password for basic authentication to a cluster Username []byte `json:"username,omitempty"` Password []byte `json:"password,omitempty"` // The raw kubeconfig, used by local auth mechanisms Kubeconfig []byte `json:"kubeconfig"` }
KubeIntegration represents the kube-native auth mechanisms: using x509 certs, basic (username/password), bearer tokens, or local (using local kubeconfig)
func (*KubeIntegration) Externalize ¶
func (k *KubeIntegration) Externalize() *KubeIntegrationExternal
Externalize generates an external KubeIntegration to be shared over REST
func (*KubeIntegration) ToProjectIntegration ¶
func (k *KubeIntegration) ToProjectIntegration( category string, service IntegrationService, ) *ProjectIntegration
ToProjectIntegration converts a gcp integration to a project integration
type KubeIntegrationExternal ¶
type KubeIntegrationExternal struct { ID uint `json:"id"` // The name of the auth mechanism Mechanism KubeIntegrationName `json:"mechanism"` // The id of the user that linked this auth mechanism UserID uint `json:"user_id"` // The project that this integration belongs to ProjectID uint `json:"project_id"` }
KubeIntegrationExternal is a KubeIntegration to be shared over REST
type KubeIntegrationName ¶
type KubeIntegrationName string
KubeIntegrationName is the name of a kube auth mechanism
type OAuthIntegration ¶
type OAuthIntegration struct { gorm.Model // The name of the auth mechanism Client OAuthIntegrationClient `json:"client"` // The id of the user that linked this auth mechanism UserID uint `json:"user_id"` // The project that this integration belongs to ProjectID uint `json:"project_id"` }
OAuthIntegration is an auth mechanism that uses oauth https://tools.ietf.org/html/rfc6749
func (*OAuthIntegration) Externalize ¶
func (o *OAuthIntegration) Externalize() *OAuthIntegrationExternal
Externalize generates an external KubeIntegration to be shared over REST
func (*OAuthIntegration) ToProjectIntegration ¶
func (o *OAuthIntegration) ToProjectIntegration( category string, service IntegrationService, ) *ProjectIntegration
ToProjectIntegration converts an oauth integration to a project integration
type OAuthIntegrationClient ¶
type OAuthIntegrationClient string
OAuthIntegrationClient is the name of an OAuth mechanism client
const ( OAuthGithub OAuthIntegrationClient = "github" OAuthDigitalOcean OAuthIntegrationClient = "do" OAuthGoogle OAuthIntegrationClient = "google" )
The supported oauth mechanism clients
type OAuthIntegrationExternal ¶
type OAuthIntegrationExternal struct { ID uint `json:"id"` // The name of the auth mechanism Client OAuthIntegrationClient `json:"client"` // The id of the user that linked this auth mechanism UserID uint `json:"user_id"` // The project that this integration belongs to ProjectID uint `json:"project_id"` }
OAuthIntegrationExternal is an OAuthIntegration to be shared over REST
type OIDCIntegration ¶
type OIDCIntegration struct { gorm.Model // The name of the auth mechanism Client OIDCIntegrationClient `json:"client"` // The id of the user that linked this auth mechanism UserID uint `json:"user_id"` // The project that this integration belongs to ProjectID uint `json:"project_id"` // The "Issuer Identifier" of the OIDC spec (16.15) IssuerURL []byte `json:"idp-issuer-url"` // The ID issued to the Relying Party ClientID []byte `json:"client-id"` // The secret issued to the Relying Party // // This is present because it used to be a required field in a kubeconfig. // However, because the kube apiserver acts as a Relying Party, the client // secret is not necessary. ClientSecret []byte `json:"client-secret"` // The CA data -- certificate check must be performed (16.17) CertificateAuthorityData []byte `json:"idp-certificate-authority-data"` // The user's JWT id token IDToken []byte `json:"id-token"` // The user's refresh token RefreshToken []byte `json:"refresh-token"` }
OIDCIntegration is an auth mechanism that uses oidc. Spec: https://openid.net/specs/openid-connect-core-1_0.html
func (*OIDCIntegration) Externalize ¶
func (o *OIDCIntegration) Externalize() *OIDCIntegrationExternal
Externalize generates an external KubeIntegration to be shared over REST
func (*OIDCIntegration) ToProjectIntegration ¶
func (o *OIDCIntegration) ToProjectIntegration( category string, service IntegrationService, ) *ProjectIntegration
ToProjectIntegration converts a gcp integration to a project integration
type OIDCIntegrationClient ¶
type OIDCIntegrationClient string
OIDCIntegrationClient is the name of an OIDC auth mechanism client
const (
OIDCKube OIDCIntegrationClient = "kube"
)
The supported OIDC auth mechanism clients
type OIDCIntegrationExternal ¶
type OIDCIntegrationExternal struct { ID uint `json:"id"` // The name of the auth mechanism Client OIDCIntegrationClient `json:"client"` // The id of the user that linked this auth mechanism UserID uint `json:"user_id"` // The project that this integration belongs to ProjectID uint `json:"project_id"` }
OIDCIntegrationExternal is a OIDCIntegration to be shared over REST
type PorterIntegration ¶
type PorterIntegration struct { AuthMechanism string `json:"auth_mechanism"` Category string `json:"category"` Service IntegrationService `json:"service"` }
PorterIntegration is a supported integration service, specifying an auth mechanism and the category of integration. A single service can have multiple auth mechanisms. For example, a GKE integration can have both an "oauth" mechanism and a "gcp" mechanism:
PorterIntegration{ AuthMechanism: "oauth", Category: "cluster", Service: GKE, }
PorterIntegration{ AuthMechanism: "gcp", Category: "cluster", Service: GKE, }
type ProjectIntegration ¶
type ProjectIntegration struct { ID uint `json:"id"` ProjectID uint `json:"project_id"` AuthMechanism string `json:"auth_mechanism"` Category string `json:"category"` Service IntegrationService `json:"service"` }
ProjectIntegration is the top-level integration object for various integrations. Although the integrations are stored in the DB by auth mechanism, the integrations are cast to a ProjectIntegration for consolidation before passing on to the client.
type RegTokenCache ¶
type RegTokenCache struct { TokenCache RegistryID uint `json:"registry_id"` }
RegTokenCache stores a token and an expiration for the JWT token for a Docker registry. This will never be shared over REST, so no need to externalize.
type SetTokenCacheFunc ¶
SetTokenCacheFunc is a function that updates the token cache with a new token and expiry time
type SharedOAuthModel ¶ added in v0.5.0
type SharedOAuthModel struct { byte `json:"client-id"` AccessToken []byte `json:"access-token"` RefreshToken []byte `json:"refresh-token"` // If 0, token will never refresh Expiry time.Time }ClientID []
SharedOAuthModel stores general fields needed for OAuth Integration
type SlackIntegration ¶ added in v0.7.2
type SlackIntegration struct { gorm.Model // The name of the auth mechanism Client OAuthIntegrationClient `json:"client"` // The id of the user that linked this auth mechanism UserID uint `json:"user_id"` // The project that this integration belongs to ProjectID uint `json:"project_id"` // The ID for the Slack team TeamID string // The name of the Slack team TeamName string // The icon url for the Slack team TeamIconURL string // The channel name that the Slack app is installed in Channel string // The channel id that the Slack app is installed in ChannelID string // The URL for configuring the workspace app instance ConfigurationURL string // The webhook to call Webhook []byte }
SlackIntegration is a webhook notifier to a specific channel in a Slack workspace.
func (*SlackIntegration) Externalize ¶ added in v0.7.2
func (s *SlackIntegration) Externalize() *SlackIntegrationExternal
Externalize generates an external SlackIntegration to be shared over rest
type SlackIntegrationExternal ¶ added in v0.7.2
type SlackIntegrationExternal struct { ID uint `json:"id"` ProjectID uint `json:"project_id"` // The ID for the Slack team TeamID string `json:"team_id"` // The name of the Slack team TeamName string `json:"team_name"` // The icon url for the Slack team TeamIconURL string `json:"team_icon_url"` // The channel name that the Slack app is installed in Channel string `json:"channel"` // The URL for configuring the workspace app instance ConfigurationURL string `json:"configuration_url"` }
SlackIntegrationExternal is an external SlackIntegration to be shared over rest
type TokenCache ¶
type TokenCache struct { gorm.Model Expiry time.Time `json:"expiry,omitempty"` Token []byte `json:"access_token"` }
TokenCache stores a token and an expiration for the token for a service account. This will never be shared over REST, so no need to externalize.
func (*TokenCache) IsExpired ¶
func (t *TokenCache) IsExpired() bool
IsExpired returns true if a token is expired, false otherwise