tkgauth

package

v1.5.0-dev Latest Latest Go to latest Published: Jul 18, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/vmware-tanzu/tanzu-cli

Documentation ¶

Overview ¶

Package tkgauth provides TKG authentication functions.

Index ¶

Constants
func GetClusterInfoFromCluster(clusterAPIServerURL, configmapName, endpointCACertPath string, ...) (*clientcmdapi.Cluster, error)
func GetPinnipedKubeconfig(cluster *clientcmdapi.Cluster, pinnipedInfo *PinnipedConfigMapInfo, ...) (*clientcmdapi.Config, error)
func GetServerKubernetesVersion(kubeconfigPath, context string) (string, error)
func GetTLSConfig(caCertPath string, skipTLSVerify bool) (*tls.Config, error)
func KubeconfigWithPinnipedAuthLoginPlugin(endpoint string, options *KubeConfigOptions, ...) (mergeFilePath, currentContext string, err error)
func MergeAndSaveKubeconfigBytes(kubeconfigBytes []byte, options *KubeConfigOptions) (mergeFilePath, currentContext string, err error)
type DiscoveryStrategy
type KubeConfigOptions
type PinnipedConfigMapInfo
- func GetPinnipedInfoFromCluster(clusterInfo *clientcmdapi.Cluster, discoveryPort *int) (*PinnipedConfigMapInfo, error)

Constants ¶

View Source

const (
	// ConciergeNamespace is the namespace where pinniped concierge is deployed
	ConciergeNamespace = "pinniped-concierge"

	// ConciergeAuthenticatorType is the pinniped concierge authenticator type
	ConciergeAuthenticatorType = "jwt"

	// ConciergeAuthenticatorName is the pinniped concierge authenticator object name
	ConciergeAuthenticatorName = "tkg-jwt-authenticator"

	// PinnipedOIDCScopes are the scopes of pinniped oidc
	PinnipedOIDCScopes = "offline_access,openid,pinniped:request-audience"

	// DefaultPinnipedLoginTimeout is the default login timeout
	DefaultPinnipedLoginTimeout = time.Minute

	// DefaultClusterInfoConfigMap is the default ConfigMap looked up in the kube-public namespace when generating a kubeconfig.
	DefaultClusterInfoConfigMap = "cluster-info"
)

View Source

const (
	KubePublicNamespace = "kube-public"
)

Variables ¶

This section is empty.

Functions ¶

func GetClusterInfoFromCluster ¶

func GetClusterInfoFromCluster(clusterAPIServerURL, configmapName, endpointCACertPath string, skipTLSVerify bool) (*clientcmdapi.Cluster, error)

GetClusterInfoFromCluster gets the cluster Info by accessing the cluster-info configMap in kube-public namespace

func GetPinnipedKubeconfig ¶

func GetPinnipedKubeconfig(cluster *clientcmdapi.Cluster, pinnipedInfo *PinnipedConfigMapInfo, clustername, audience string) (*clientcmdapi.Config, error)

GetPinnipedKubeconfig generate kubeconfig given cluster-info and pinniped-info and the requested audience

func GetServerKubernetesVersion ¶

func GetServerKubernetesVersion(kubeconfigPath, context string) (string, error)

GetServerKubernetesVersion uses the kubeconfig to get the server k8s version.

func GetTLSConfig ¶ added in v0.90.0

func GetTLSConfig(caCertPath string, skipTLSVerify bool) (*tls.Config, error)

func KubeconfigWithPinnipedAuthLoginPlugin ¶

func KubeconfigWithPinnipedAuthLoginPlugin(endpoint string, options *KubeConfigOptions, discoveryStrategy DiscoveryStrategy, endpointCACertPath string, skipTLSVerify bool) (mergeFilePath, currentContext string, err error)

KubeconfigWithPinnipedAuthLoginPlugin prepares the kubeconfig with tanzu pinniped-auth login as client-go exec plugin

func MergeAndSaveKubeconfigBytes ¶ added in v0.90.0

func MergeAndSaveKubeconfigBytes(kubeconfigBytes []byte, options *KubeConfigOptions) (mergeFilePath, currentContext string, err error)

Types ¶

type DiscoveryStrategy ¶

type DiscoveryStrategy struct {
	DiscoveryPort        *int
	ClusterInfoConfigMap string
}

A DiscoveryStrategy contains information about how various discovery information should be looked up from an endpoint when setting up a kubeconfig.

type KubeConfigOptions ¶

type KubeConfigOptions struct {
	MergeFilePath string
}

KubeConfigOptions contains the kubeconfig options

type PinnipedConfigMapInfo ¶

type PinnipedConfigMapInfo struct {
	Kind    string `json:"kind" yaml:"kind"`
	Version string `json:"apiVersion" yaml:"apiVersion"`
	Data    struct {
		ClusterName              string `json:"cluster_name" yaml:"cluster_name"`
		Issuer                   string `json:"issuer" yaml:"issuer"`
		IssuerCABundle           string `json:"issuer_ca_bundle_data" yaml:"issuer_ca_bundle_data"`
		ConciergeEndpoint        string `json:"concierge_endpoint" yaml:"concierge_endpoint"`
		ConciergeIsClusterScoped bool   `json:"concierge_is_cluster_scoped,string" yaml:"concierge_is_cluster_scoped"`
	}
}

PinnipedConfigMapInfo defines the fields of pinniped-info configMap

func GetPinnipedInfoFromCluster ¶

func GetPinnipedInfoFromCluster(clusterInfo *clientcmdapi.Cluster, discoveryPort *int) (*PinnipedConfigMapInfo, error)

GetPinnipedInfoFromCluster gets the Pinniped Info by accessing the pinniped-info configMap in kube-public namespace 'discoveryPort' is used to optionally override the port used for discovery. This may be needed on setups that expose discovery information to unauthenticated users on a different port (for instance, to avoid the need to anonymous auth on the apiserver). By default, the endpoint from the cluster-info is used.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL