Documentation ¶
Overview ¶
Package konfigurator provides a library for generating Kubernetes config files by means of OpenID connect authentication. It will do an OIDC Token exchange to the Host given and create a configuration file with all the information provided as well as the token retrieved. By default, konfigurator will output the contents of the file to `stdout`, this can be overridden with the `-o|--output` flag.
NOTE: that this tool will start a local webserver in the provided port to be able to handle the callback from the OpenID Connect protocol, so it is important to make sure the port provided is not in use by the host.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Konfigurator ¶
type Konfigurator struct {
// contains filtered or unexported fields
}
func NewKonfigurator ¶
func NewKonfigurator(oidcHost, oidcClientID, oidcClientPort, oidcClientRedirectEndpoint, kubeCa, kubeAPIURL, kubeNamespace, outputFilePath string) (*Konfigurator, error)
NewKonfigurator creates a file and a uuid to use as a state to check MITM attacks and returns a new Konfigurator struct.
func (*Konfigurator) Orchestrate ¶
func (k *Konfigurator) Orchestrate() error
Orchestrate will start a local web server based on parameters from the constructor, will open a browser and initiate the authentication process. Once the process is done, it will output the kubernetes config file to the output file path (or stdout of that is empty) and close the web server. The webserver will only be closed once the authentication succeeds.
type KubeConfig ¶
type KubeConfig struct { CA string URL string NS string Output io.ReadWriteCloser // contains filtered or unexported fields }
KubeConfig holds the information necessary to generate a Kubernetes configuration file which icludes the server's CA, the api url and where to write the file to.
func NewKubeConfig ¶
func NewKubeConfig(ca, url, namespace string, output io.ReadWriteCloser) (*KubeConfig, error)
NewKubeConfig returns an initialized KubeConfig struct.
func (*KubeConfig) Generate ¶
func (k *KubeConfig) Generate(token string) error
Generate executes the writing of the config to the appropriate location (os.Stdout, os.File, etc...).
type OidcGenerator ¶
type OidcGenerator struct { Run func(string) error Stream io.Writer // contains filtered or unexported fields }
OidcGenerator deals with OIDC information such as the redirect endpoint and all the Oauth2 config.
func NewOidcGenerator ¶
func NewOidcGenerator(hostURL, clientID, localPort, localRedirectEndpoint string) (*OidcGenerator, error)
NewOidcGenerator uses a default background context and 'localhost' for the redirectUrl and returns a new OidcGenerator struct.
func (*OidcGenerator) AuthCodeURL ¶
func (o *OidcGenerator) AuthCodeURL(state, nonceValue string) string
AuthCodeURL calls the underlying oauth2.Config AuthCodeURL.
func (*OidcGenerator) GetToken ¶
func (o *OidcGenerator) GetToken(code string) (string, error)
GetToken retrieves the Oauth2 token from the request and extracts the "id_token" part of it.
func (*OidcGenerator) OpenBrowser ¶
func (o *OidcGenerator) OpenBrowser()
OpenBrowser opens a browser with the given url