tkgauth

package

v0.79.0 Latest Latest Go to latest Published: Mar 16, 2023 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/vmware-tanzu/tanzu-cli

Documentation ¶

Overview ¶

Package tkgauth provides TKG authentication functions.

Index ¶

Constants
func GetClusterInfoFromCluster(clusterAPIServerURL, configmapName string) (*clientcmdapi.Cluster, error)
func GetPinnipedKubeconfig(cluster *clientcmdapi.Cluster, pinnipedInfo *PinnipedConfigMapInfo, ...) (*clientcmdapi.Config, error)
func GetServerKubernetesVersion(kubeconfigPath, context string) (string, error)
func KubeconfigWithPinnipedAuthLoginPlugin(endpoint string, options *KubeConfigOptions, ...) (mergeFilePath, currentContext string, err error)
func TanzuLocalKubeConfigPath() (path string, err error)
type DiscoveryStrategy
type KubeConfigOptions
type PinnipedConfigMapInfo
- func GetPinnipedInfoFromCluster(clusterInfo *clientcmdapi.Cluster, discoveryPort *int) (*PinnipedConfigMapInfo, error)

Constants ¶

View Source

const (
	// ConciergeNamespace is the namespace where pinniped concierge is deployed
	ConciergeNamespace = "pinniped-concierge"

	// ConciergeAuthenticatorType is the pinniped concierge authenticator type
	ConciergeAuthenticatorType = "jwt"

	// ConciergeAuthenticatorName is the pinniped concierge authenticator object name
	ConciergeAuthenticatorName = "tkg-jwt-authenticator"

	// PinnipedOIDCScopes are the scopes of pinniped oidc
	PinnipedOIDCScopes = "offline_access,openid,pinniped:request-audience"

	// TanzuLocalKubeDir is the local config directory
	TanzuLocalKubeDir = ".kube-tanzu"

	// TanzuKubeconfigFile is the name the of the kubeconfig file
	TanzuKubeconfigFile = "config"

	// DefaultPinnipedLoginTimeout is the default login timeout
	DefaultPinnipedLoginTimeout = time.Minute

	// DefaultClusterInfoConfigMap is the default ConfigMap looked up in the kube-public namespace when generating a kubeconfig.
	DefaultClusterInfoConfigMap = "cluster-info"
)

View Source

const (
	KubePublicNamespace = "kube-public"
)

Variables ¶

This section is empty.

Functions ¶

func GetClusterInfoFromCluster ¶

func GetClusterInfoFromCluster(clusterAPIServerURL, configmapName string) (*clientcmdapi.Cluster, error)

GetClusterInfoFromCluster gets the cluster Info by accessing the cluster-info configMap in kube-public namespace

func GetPinnipedKubeconfig ¶

func GetPinnipedKubeconfig(cluster *clientcmdapi.Cluster, pinnipedInfo *PinnipedConfigMapInfo, clustername, audience string) (*clientcmdapi.Config, error)

GetPinnipedKubeconfig generate kubeconfig given cluster-info and pinniped-info and the requested audience

func GetServerKubernetesVersion ¶

func GetServerKubernetesVersion(kubeconfigPath, context string) (string, error)

GetServerKubernetesVersion uses the kubeconfig to get the server k8s version.

func KubeconfigWithPinnipedAuthLoginPlugin ¶

func KubeconfigWithPinnipedAuthLoginPlugin(endpoint string, options *KubeConfigOptions, discoveryStrategy DiscoveryStrategy) (mergeFilePath, currentContext string, err error)

KubeconfigWithPinnipedAuthLoginPlugin prepares the kubeconfig with tanzu pinniped-auth login as client-go exec plugin

func TanzuLocalKubeConfigPath ¶

func TanzuLocalKubeConfigPath() (path string, err error)

TanzuLocalKubeConfigPath returns the local tanzu kubeconfig path

Types ¶

type DiscoveryStrategy ¶

type DiscoveryStrategy struct {
	DiscoveryPort        *int
	ClusterInfoConfigMap string
}

A DiscoveryStrategy contains information about how various discovery information should be looked up from an endpoint when setting up a kubeconfig.

type KubeConfigOptions ¶

type KubeConfigOptions struct {
	MergeFilePath string
}

KubeConfigOptions contains the kubeconfig options

type PinnipedConfigMapInfo ¶

type PinnipedConfigMapInfo struct {
	Kind    string `json:"kind" yaml:"kind"`
	Version string `json:"apiVersion" yaml:"apiVersion"`
	Data    struct {
		ClusterName              string `json:"cluster_name" yaml:"cluster_name"`
		Issuer                   string `json:"issuer" yaml:"issuer"`
		IssuerCABundle           string `json:"issuer_ca_bundle_data" yaml:"issuer_ca_bundle_data"`
		ConciergeEndpoint        string `json:"concierge_endpoint" yaml:"concierge_endpoint"`
		ConciergeIsClusterScoped bool   `json:"concierge_is_cluster_scoped,string" yaml:"concierge_is_cluster_scoped"`
	}
}

PinnipedConfigMapInfo defines the fields of pinniped-info configMap

func GetPinnipedInfoFromCluster ¶

func GetPinnipedInfoFromCluster(clusterInfo *clientcmdapi.Cluster, discoveryPort *int) (*PinnipedConfigMapInfo, error)

GetPinnipedInfoFromCluster gets the Pinniped Info by accessing the pinniped-info configMap in kube-public namespace 'discoveryPort' is used to optionally override the port used for discovery. This may be needed on setups that expose discovery information to unauthenticated users on a different port (for instance, to avoid the need to anonymous auth on the apiserver). By default, the endpoint from the cluster-info is used.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL