server

package
v1.19.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 12, 2021 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// Version is the server version
	Version = "v0.0.4"
)

Variables

View Source
var (
	// CheckRegistration indicates we should validate the node is not regestered
	CheckRegistration = "verify-registration"
)

Functions

This section is empty.

Types

type Authorizer

type Authorizer interface {
	// Admit is responsible for checking if the request is permitted
	Authorize(context.Context, *NodeRegistration) error
	// Close provides a signal to close of resources
	Close() error
	// Name returns the name of the authorizer
	Name() string
}

Authorizer is the generic means to authorize the incoming node request

type Config

type Config struct {
	// AuthorizationTimeout is the max duration for a authorization
	AuthorizationTimeout time.Duration
	// ClusterTag is the cloud tag key used to identity the cluster
	ClusterTag string
	// Features is arbitrary feature set for a authorizer
	Features []string
	// EnableVerbose indicate verbose logging
	EnableVerbose bool
	// ClientCommonName is the common name on the client certificate if mutual tls is enabled
	ClientCommonName string
	// ClusterName is the name of the kubernetes cluster
	ClusterName string
	// Listen is the interacted to bind to
	Listen string
	// TokenDuration is the expiration of a bootstrap token
	TokenDuration time.Duration
	// TLSCertPath is the path to the server TLS certificate
	TLSCertPath string
	// TLSClientCAPath is the path to a certificate authority
	TLSClientCAPath string
	// TLSPrivateKeyPath is the path to the private key
	TLSPrivateKeyPath string
}

Config is the configuration for the service

func (*Config) IsValid

func (c *Config) IsValid() error

IsValid checks the configuration options

func (*Config) UseFeature

func (c *Config) UseFeature(name string) bool

UseFeature indicates a feature is in use

type NodeAuthorizer

type NodeAuthorizer struct {
	// contains filtered or unexported fields
}

NodeAuthorizer retains the authorizer state

func New

func New(config *Config, authorizer Authorizer) (*NodeAuthorizer, error)

New creates and returns a node authorizer

func (*NodeAuthorizer) Run

func (n *NodeAuthorizer) Run() error

Run is responsible for starting the node authorizer service

type NodeRegistration

type NodeRegistration struct {
	// Spec is the request specification
	Spec NodeRegistrationSpec
	// Status is the result of a admission
	Status NodeRegistrationStatus
}

NodeRegistration is an incoming request

func (*NodeRegistration) Deny

func (n *NodeRegistration) Deny(reason string)

Deny marks the request as denied and adds the reason why

func (*NodeRegistration) IsAllowed

func (n *NodeRegistration) IsAllowed() bool

IsAllowed checks if the request if allowed

type NodeRegistrationSpec

type NodeRegistrationSpec struct {
	// NodeName is the name of the node
	NodeName string
	// RemoteAddr is the address of the requester
	RemoteAddr string
	// Request is the request body
	Request []byte
}

NodeRegistrationSpec is the node request specification

type NodeRegistrationStatus

type NodeRegistrationStatus struct {
	// Allowed indicates the request is permitted
	Allowed bool
	// Token is the bootstrap token
	Token string
	// Reason is the reason for the error if any
	Reason string
}

NodeRegistrationStatus is result of a authorization

type Token

type Token struct {
	// ID is the id of the token
	ID string
	// Secret is the secret of the token
	Secret string
}

Token defines a bootstrap token

func NewToken

func NewToken() (*Token, error)

NewToken creates and returns a new token

func (*Token) Name

func (t *Token) Name() string

Name returns the secret name

func (*Token) String

func (t *Token) String() string

String returns the encoded secret

type Verifier

type Verifier interface {
	// VerifyIdentity is responsible for constructing the parameters for a request
	VerifyIdentity(context.Context) ([]byte, error)
}

Verifier is the client side of authorizer

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL