Documentation ¶
Index ¶
- func NewAcrDockerProvider(provider CredentialProvider) k8sCredentialProvider.DockerConfigProvider
- type AzureCloudConfig
- type AzureKeyVaultCredentials
- type AzureResourceManagerCredentials
- type CloudConfigCredentialProvider
- func (c CloudConfigCredentialProvider) GetAcrCredentials(image string) (k8sCredentialProvider.DockerConfigEntry, error)
- func (c CloudConfigCredentialProvider) GetAzureKeyVaultCredentials() (AzureKeyVaultCredentials, error)
- func (c CloudConfigCredentialProvider) GetAzureResourceManagerCredentials() (*AzureResourceManagerCredentials, error)
- func (c CloudConfigCredentialProvider) IsAcrRegistry(image string) bool
- type CredentialProvider
- type Credentials
- type EnvironmentCredentialProvider
- type OAuthCredentials
- type UserAssignedManagedIdentityProvider
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewAcrDockerProvider ¶
func NewAcrDockerProvider(provider CredentialProvider) k8sCredentialProvider.DockerConfigProvider
Types ¶
type AzureCloudConfig ¶
type AzureCloudConfig struct { // The cloud environment identifier. Takes values from https://github.com/Azure/go-autorest/blob/ec5f4903f77ed9927ac95b19ab8e44ada64c1356/autorest/azure/environments.go#L13 Cloud string `json:"cloud,omitempty" yaml:"cloud,omitempty"` // The AAD Tenant ID for the Subscription that the cluster is deployed in TenantID string `json:"tenantId,omitempty" yaml:"tenantId,omitempty"` // The ClientID for an AAD application with RBAC access to talk to Azure RM APIs AADClientID string `json:"aadClientId,omitempty" yaml:"aadClientId,omitempty"` // The ClientSecret for an AAD application with RBAC access to talk to Azure RM APIs AADClientSecret string `json:"aadClientSecret,omitempty" yaml:"aadClientSecret,omitempty"` // The path of a client certificate for an AAD application with RBAC access to talk to Azure RM APIs AADClientCertPath string `json:"aadClientCertPath,omitempty" yaml:"aadClientCertPath,omitempty"` // The password of the client certificate for an AAD application with RBAC access to talk to Azure RM APIs AADClientCertPassword string `json:"aadClientCertPassword,omitempty" yaml:"aadClientCertPassword,omitempty"` // Use managed service identity for the virtual machine to access Azure ARM APIs UseManagedIdentityExtension bool `json:"useManagedIdentityExtension,omitempty" yaml:"useManagedIdentityExtension,omitempty"` // UserAssignedIdentityID contains the Client ID of the user assigned MSI which is assigned to the underlying VMs. If empty the user assigned identity is not used. // More details of the user assigned identity can be found at: https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/overview // For the user assigned identity specified here to be used, the UseManagedIdentityExtension has to be set to true. UserAssignedIdentityID string `json:"userAssignedIdentityID,omitempty" yaml:"userAssignedIdentityID,omitempty"` // The location of the resource group that the cluster is deployed in Location string `json:"location,omitempty" yaml:"location,omitempty"` VMType string `json:"vmType,omitempty" yaml:"vmType,omitempty"` }
AzureCloudConfig holds azure configuration
func ParseConfig ¶
func ParseConfig(configReader io.Reader) (*AzureCloudConfig, error)
ParseConfig returns a parsed configuration for an Azure cloudprovider config file
type AzureKeyVaultCredentials ¶
type AzureKeyVaultCredentials interface { Authorizer() (autorest.Authorizer, error) Endpoint(keyVaultName string) string }
AzureKeyVaultCredentials has credentials needed to authenticate with azure key vault. These credentials will never expire
type AzureResourceManagerCredentials ¶
type AzureResourceManagerCredentials struct { SubscriptionID string ResourceManagerEndpoint string Token *adal.ServicePrincipalToken }
AzureResourceManagerCredentials has credentials needed to authenticate with azure resource manager. These credentials will never expire
func (AzureResourceManagerCredentials) Authorizer ¶
func (c AzureResourceManagerCredentials) Authorizer() (autorest.Authorizer, error)
Authorizer gets an Authorizer from credentials
type CloudConfigCredentialProvider ¶
type CloudConfigCredentialProvider struct {
// contains filtered or unexported fields
}
CloudConfigCredentialProvider provides credentials for Azure using the cloud config file
func FakeCloudConfigProvider ¶
func FakeCloudConfigProvider() CloudConfigCredentialProvider
func (CloudConfigCredentialProvider) GetAcrCredentials ¶
func (c CloudConfigCredentialProvider) GetAcrCredentials(image string) (k8sCredentialProvider.DockerConfigEntry, error)
GetAcrCredentials will get Docker credentials for Azure Container Registry It will either get a exact match to the login server for the image (eg xxx.azureacr.io) or get credentials for a wildcard match (eg *.azureacr.io* or *.azureacr.cn*)
func (CloudConfigCredentialProvider) GetAzureKeyVaultCredentials ¶
func (c CloudConfigCredentialProvider) GetAzureKeyVaultCredentials() (AzureKeyVaultCredentials, error)
GetAzureKeyVaultCredentials will get Azure credentials
func (CloudConfigCredentialProvider) GetAzureResourceManagerCredentials ¶
func (c CloudConfigCredentialProvider) GetAzureResourceManagerCredentials() (*AzureResourceManagerCredentials, error)
GetAzureResourceManagerCredentials will get Azure credentials for Azure Resource Manager (ARM)
func (CloudConfigCredentialProvider) IsAcrRegistry ¶
func (c CloudConfigCredentialProvider) IsAcrRegistry(image string) bool
IsAcrRegistry checks if an image blongs to a ACR registry
type CredentialProvider ¶
type CredentialProvider interface { GetAzureKeyVaultCredentials() (AzureKeyVaultCredentials, error) GetAcrCredentials(image string) (k8sCredentialProvider.DockerConfigEntry, error) }
func NewFromCloudConfig ¶
func NewFromCloudConfig(configReader io.Reader) (CredentialProvider, error)
NewFromCloudConfig parses the specified configFile and returns a CloudConfigCredentialProvider
type Credentials ¶
type Credentials interface {
Authorizer() (autorest.Authorizer, error)
}
Credentials has credentials needed to authenticate with azure key vault. These credentials will never expire
func NewFromServicePrincipalToken ¶
func NewFromServicePrincipalToken(token *adal.ServicePrincipalToken) (Credentials, error)
NewFromServicePrincipalToken gets a credentials object from a service principal token to use with Azure Key Vault
type EnvironmentCredentialProvider ¶
type EnvironmentCredentialProvider struct {
// contains filtered or unexported fields
}
EnvironmentCredentialProvider provides credentials for Azure using environment vars
func FakeEnvironmentCredentialProvider ¶
func FakeEnvironmentCredentialProvider() (EnvironmentCredentialProvider, error)
func NewFromEnvironment ¶
func NewFromEnvironment() (*EnvironmentCredentialProvider, error)
NewFromEnvironment creates a credentials object based on available environment settings to use with Azure Key Vault
func (EnvironmentCredentialProvider) GetAcrCredentials ¶
func (c EnvironmentCredentialProvider) GetAcrCredentials(image string) (k8sCredentialProvider.DockerConfigEntry, error)
func (EnvironmentCredentialProvider) GetAzureKeyVaultCredentials ¶
func (c EnvironmentCredentialProvider) GetAzureKeyVaultCredentials() (AzureKeyVaultCredentials, error)
GetAzureKeyVaultCredentials will get Azure credentials
func (EnvironmentCredentialProvider) IsAcrRegistry ¶
func (c EnvironmentCredentialProvider) IsAcrRegistry(image string) bool
IsAcrRegistry checks if an image blongs to a ACR registry
type OAuthCredentials ¶
type OAuthCredentials struct { OAuthToken string `json:"oauth_token"` EndpointPartial string `json:"endpoint_partial"` }
OAuthCredentials has credentials need to authenticate with azure. These credentials expires when the oauth token expire (default one our in Azure). Use the Credentials interface if you want tokens to refresh.
func (OAuthCredentials) Authorizer ¶
func (c OAuthCredentials) Authorizer() (autorest.Authorizer, error)
Authorizer gets an Authorizer from credentials
func (OAuthCredentials) Endpoint ¶
func (c OAuthCredentials) Endpoint(keyVaultName string) string
Endpoint takes the name of the keyvault and creates a correct andpoint url
type UserAssignedManagedIdentityProvider ¶
type UserAssignedManagedIdentityProvider struct {
// contains filtered or unexported fields
}
UserAssignedManagedIdentityProvider provides credentials for Azure using managed identity
func NewUserAssignedManagedIdentityProvider ¶
func NewUserAssignedManagedIdentityProvider(azureConfigFile string) (*UserAssignedManagedIdentityProvider, error)
func (UserAssignedManagedIdentityProvider) GetAzureKeyVaultCredentials ¶
func (c UserAssignedManagedIdentityProvider) GetAzureKeyVaultCredentials(azureIdentity string, hostname string) (AzureKeyVaultCredentials, error)
GetAzureKeyVaultCredentials will get Azure credentials