controllers

package
v0.8.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 5, 2022 License: Apache-2.0 Imports: 36 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AuditLog added in v0.8.0 

func AuditLog(ctx context.Context) logr.Logger

AuditLog returns logger prepared with audit markers

func AuditLogWithTokenInfo added in v0.8.0 

func AuditLogWithTokenInfo(ctx context.Context, msg string, namespace string, token string, keysAndValues ...interface{})

AuditLogWithTokenInfo logs message related to particular SPIAccessToken into audit logger

func AugmentConfiguration added in v0.4.3 

func AugmentConfiguration(config *rest.Config)

AugmentConfiguration modifies the provided Kubernetes client configuration such that it uses bearer tokens stored in the context using the WithAuthFromRequestIntoContext or WithAuthIntoContext functions.

func CallbackErrorHandler added in v0.6.5 

func CallbackErrorHandler(w http.ResponseWriter, r *http.Request)

CallbackErrorHandler is a Handler implementation that responds with HTML page This page is a landing page after unsuccessfully completing the OAuth flow. Resource file location is prefixed with `../` to be compatible with tests running locally.

func CallbackSuccessHandler added in v0.6.5 

func CallbackSuccessHandler(w http.ResponseWriter, r *http.Request)

CallbackSuccessHandler is a Handler implementation that responds with HTML page This page is a landing page after successfully completing the OAuth flow. Resource file location is prefixed with `../` to be compatible with tests running locally.

func ExtractTokenFromAuthorizationHeader added in v0.4.3 

func ExtractTokenFromAuthorizationHeader(authHeader string) string

ExtractTokenFromAuthorizationHeader extracts the token value from the authorization header assumed to be formatted as a bearer token.

func HandleUpload added in v0.6.5 

func HandleUpload(uploader TokenUploader) func(http.ResponseWriter, *http.Request)

HandleUpload returns Handler implementation that is relied on provided TokenUploader to persist provided credentials for some concrete SPIAccessToken.

func LogDebugAndWriteResponse added in v0.6.5 

func LogDebugAndWriteResponse(ctx context.Context, w http.ResponseWriter, status int, msg string, keysAndValues ...interface{})

func LogErrorAndWriteResponse added in v0.6.5 

func LogErrorAndWriteResponse(ctx context.Context, w http.ResponseWriter, status int, msg string, err error)

func MiddlewareHandler added in v0.6.5 

func MiddlewareHandler(allowedOrigins []string, h http.Handler) http.Handler

MiddlewareHandler is a Handler that composed couple of different responsibilities. Like: - Request logging - CORS processing

func OkHandler added in v0.6.5 

func OkHandler(w http.ResponseWriter, _ *http.Request)

OkHandler is a Handler implementation that responds only with http.StatusOK. Typically, used for liveness and readiness probes

func WithAuthFromRequestIntoContext added in v0.4.3 

func WithAuthFromRequestIntoContext(r *http.Request, ctx context.Context) (context.Context, error)

WithAuthFromRequestIntoContext looks into the provided HTTP request and stores the bearer token from that request's Authorization header into the returned context which is based on the provided context. If used with a client constructed from configuration augmented using the AugmentConfiguration function, the requests to the Kubernetes API will be authenticated using this token.

To link the contexts, you can reuse the context of the provided request: WithAuthFromRequestIntoContext(req, req.Context())

func WithAuthIntoContext added in v0.4.3 

func WithAuthIntoContext(bearerToken string, ctx context.Context) context.Context

WithAuthIntoContext stores the provided bearer token into the returned context which is based on the provided context. If used with a client constructed from configuration augmented using the AugmentConfiguration function, the requests to the Kubernetes API will be authenticated using this token.

Types

type AuthenticatingClient added in v0.4.3 

type AuthenticatingClient client.Client

AuthenticatingClient is just a typedef that advertises that it is safe to use the WithAuthIntoContext or WithAuthFromRequestIntoContext functions with clients having this type.

func CreateClient added in v0.4.3 

func CreateClient(cfg *rest.Config, options client.Options) (AuthenticatingClient, error)

CreateClient creates a new client based on the provided configuration. Note that configuration is potentially modified during the call.

type Authenticator added in v0.5.2 

type Authenticator struct {
	K8sClient      AuthenticatingClient
	SessionManager *scs.SessionManager
}

func NewAuthenticator added in v0.5.2 

func NewAuthenticator(sessionManager *scs.SessionManager, cl AuthenticatingClient) *Authenticator

func (*Authenticator) GetToken added in v0.5.2 

func (a *Authenticator) GetToken(r *http.Request) (string, error)

func (Authenticator) Login added in v0.5.2 

func (a Authenticator) Login(w http.ResponseWriter, r *http.Request)

type Controller 

type Controller interface {
	// Authenticate handles the initial OAuth request. It should validate that the request is authenticated in Kubernetes
	// compose the authenticated OAuth state and return a redirect to the service-provider OAuth endpoint with the state.
	Authenticate(w http.ResponseWriter, r *http.Request)

	// Callback finishes the OAuth flow. It handles the final redirect from the OAuth flow of the service provider.
	Callback(ctx context.Context, w http.ResponseWriter, r *http.Request)
}

Controller implements the OAuth flow. There are specific implementations for each service provider type. These are usually instances of the commonController with service-provider-specific configuration.

func FromConfiguration 

func FromConfiguration(fullConfig OAuthServiceConfiguration, spConfig config.ServiceProviderConfiguration, authenticator *Authenticator, stateStorage *StateStorage, cl AuthenticatingClient, storage tokenstorage.TokenStorage, redirectTemplate *template.Template) (Controller, error)

FromConfiguration is a factory function to create instances of the Controller based on the service provider configuration.

type OAuthServiceCliArgs added in v0.7.3 

type OAuthServiceCliArgs struct {
	config.CommonCliArgs
	config.LoggingCliArgs
	tokenstorage.VaultCliArgs
	ServiceAddr     string `arg:"--service-addr, env" default:"0.0.0.0:8000" help:"Service address to listen on"`
	AllowedOrigins  string `` /* 175-byte string literal not displayed */
	KubeConfig      string `arg:"--kubeconfig, env" default:"" help:""`
	KubeInsecureTLS bool   `arg:"--kube-insecure-tls, env" default:"false" help:"Whether is allowed or not insecure kubernetes tls connection."`
	ApiServer       string `` /* 126-byte string literal not displayed */
	ApiServerCAPath string `` /* 140-byte string literal not displayed */
}

type OAuthServiceConfiguration added in v0.7.3 

type OAuthServiceConfiguration struct {
	config.SharedConfiguration
}

func LoadOAuthServiceConfiguration added in v0.7.3 

func LoadOAuthServiceConfiguration(args OAuthServiceCliArgs) (OAuthServiceConfiguration, error)

type SpiTokenUploader added in v0.6.5 

type SpiTokenUploader struct {
	K8sClient client.Client
	Storage   tokenstorage.TokenStorage
}

func (*SpiTokenUploader) Upload added in v0.6.5 

func (u *SpiTokenUploader) Upload(ctx context.Context, tokenObjectName string, tokenObjectNamespace string, data *api.Token) error

type StateStorage added in v0.6.8 

type StateStorage struct {
	// contains filtered or unexported fields
}

func NewStateStorage added in v0.6.8 

func NewStateStorage(sessionManager *scs.SessionManager) *StateStorage

func (StateStorage) UnveilState added in v0.6.8 

func (s StateStorage) UnveilState(ctx context.Context, req *http.Request) (string, error)

func (StateStorage) VeilRealState added in v0.6.8 

func (s StateStorage) VeilRealState(req *http.Request) (string, error)

type TokenUploader added in v0.4.4 

type TokenUploader interface {
	Upload(ctx context.Context, tokenObjectName string, tokenObjectNamespace string, data *api.Token) error
}

TokenUploader is used to permanently persist credentials for the given token.

type UploadFunc added in v0.6.5 

type UploadFunc func(ctx context.Context, tokenObjectName string, tokenObjectNamespace string, data *api.Token) error

UploadFunc used to provide anonymous implementation of TokenUploader. Example: 

 uploader := UploadFunc(func(ctx context.Context, tokenObjectName string, tokenObjectNamespace string, data *api.Token) error {
		return fmt.Errorf("failed to store the token data into storage")
	})

func (UploadFunc) Upload added in v0.6.5 

func (u UploadFunc) Upload(ctx context.Context, tokenObjectName string, tokenObjectNamespace string, data *api.Token) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.