credentialprovider

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 6, 2021 License: Apache-2.0 Imports: 25 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewAcrDockerProvider 

func NewAcrDockerProvider(provider CredentialProvider) k8sCredentialProvider.DockerConfigProvider

Types

type AzureCloudConfig 

type AzureCloudConfig struct {
	// The cloud environment identifier. Takes values from https://github.com/Azure/go-autorest/blob/ec5f4903f77ed9927ac95b19ab8e44ada64c1356/autorest/azure/environments.go#L13
	Cloud string `json:"cloud,omitempty" yaml:"cloud,omitempty"`
	// The AAD Tenant ID for the Subscription that the cluster is deployed in
	TenantID string `json:"tenantId,omitempty" yaml:"tenantId,omitempty"`
	// The ClientID for an AAD application with RBAC access to talk to Azure RM APIs
	AADClientID string `json:"aadClientId,omitempty" yaml:"aadClientId,omitempty"`
	// The ClientSecret for an AAD application with RBAC access to talk to Azure RM APIs
	AADClientSecret string `json:"aadClientSecret,omitempty" yaml:"aadClientSecret,omitempty"`
	// The path of a client certificate for an AAD application with RBAC access to talk to Azure RM APIs
	AADClientCertPath string `json:"aadClientCertPath,omitempty" yaml:"aadClientCertPath,omitempty"`
	// The password of the client certificate for an AAD application with RBAC access to talk to Azure RM APIs
	AADClientCertPassword string `json:"aadClientCertPassword,omitempty" yaml:"aadClientCertPassword,omitempty"`
	// Use managed service identity for the virtual machine to access Azure ARM APIs
	UseManagedIdentityExtension bool `json:"useManagedIdentityExtension,omitempty" yaml:"useManagedIdentityExtension,omitempty"`
	// UserAssignedIdentityID contains the Client ID of the user assigned MSI which is assigned to the underlying VMs. If empty the user assigned identity is not used.
	// More details of the user assigned identity can be found at: https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/overview
	// For the user assigned identity specified here to be used, the UseManagedIdentityExtension has to be set to true.
	UserAssignedIdentityID string `json:"userAssignedIdentityID,omitempty" yaml:"userAssignedIdentityID,omitempty"`
	// The location of the resource group that the cluster is deployed in
	Location string `json:"location,omitempty" yaml:"location,omitempty"`
	VMType   string `json:"vmType,omitempty" yaml:"vmType,omitempty"`
}

AzureCloudConfig holds azure configuration

func ParseConfig 

func ParseConfig(configReader io.Reader) (*AzureCloudConfig, error)

ParseConfig returns a parsed configuration for an Azure cloudprovider config file

type AzureKeyVaultCredentials 

type AzureKeyVaultCredentials interface {
	Authorizer() (autorest.Authorizer, error)
	Endpoint(keyVaultName string) string
}

AzureKeyVaultCredentials has credentials needed to authenticate with azure key vault. These credentials will never expire

type AzureResourceManagerCredentials 

type AzureResourceManagerCredentials struct {
	SubscriptionID          string
	ResourceManagerEndpoint string
	Token                   *adal.ServicePrincipalToken
}

AzureResourceManagerCredentials has credentials needed to authenticate with azure resource manager. These credentials will never expire

func (AzureResourceManagerCredentials) Authorizer 

func (c AzureResourceManagerCredentials) Authorizer() (autorest.Authorizer, error)

Authorizer gets an Authorizer from credentials

type CloudConfigCredentialProvider 

type CloudConfigCredentialProvider struct {
	// contains filtered or unexported fields
}

CloudConfigCredentialProvider provides credentials for Azure using the cloud config file

func FakeCloudConfigProvider 

func FakeCloudConfigProvider() CloudConfigCredentialProvider

func (CloudConfigCredentialProvider) GetAcrCredentials 

func (c CloudConfigCredentialProvider) GetAcrCredentials(image string) (k8sCredentialProvider.DockerConfigEntry, error)

GetAcrCredentials will get Docker credentials for Azure Container Registry It will either get a exact match to the login server for the image (eg xxx.azureacr.io) or get credentials for a wildcard match (eg *.azureacr.io* or *.azureacr.cn*)

func (CloudConfigCredentialProvider) GetAzureKeyVaultCredentials 

func (c CloudConfigCredentialProvider) GetAzureKeyVaultCredentials() (AzureKeyVaultCredentials, error)

GetAzureKeyVaultCredentials will get Azure credentials

func (CloudConfigCredentialProvider) GetAzureResourceManagerCredentials 

func (c CloudConfigCredentialProvider) GetAzureResourceManagerCredentials() (*AzureResourceManagerCredentials, error)

GetAzureResourceManagerCredentials will get Azure credentials for Azure Resource Manager (ARM)

func (CloudConfigCredentialProvider) IsAcrRegistry 

func (c CloudConfigCredentialProvider) IsAcrRegistry(image string) bool

IsAcrRegistry checks if an image blongs to a ACR registry

type CredentialProvider 

type CredentialProvider interface {
	GetAzureKeyVaultCredentials() (AzureKeyVaultCredentials, error)
	GetAcrCredentials(image string) (k8sCredentialProvider.DockerConfigEntry, error)
}

func NewFromCloudConfig 

func NewFromCloudConfig(configReader io.Reader) (CredentialProvider, error)

NewFromCloudConfig parses the specified configFile and returns a CloudConfigCredentialProvider

type Credentials 

type Credentials interface {
	Authorizer() (autorest.Authorizer, error)
}

Credentials has credentials needed to authenticate with azure key vault. These credentials will never expire

func NewFromServicePrincipalToken 

func NewFromServicePrincipalToken(token *adal.ServicePrincipalToken) (Credentials, error)

NewFromServicePrincipalToken gets a credentials object from a service principal token to use with Azure Key Vault

type EnvironmentCredentialProvider 

type EnvironmentCredentialProvider struct {
	// contains filtered or unexported fields
}

EnvironmentCredentialProvider provides credentials for Azure using environment vars

func FakeEnvironmentCredentialProvider 

func FakeEnvironmentCredentialProvider() (EnvironmentCredentialProvider, error)

func NewFromEnvironment 

func NewFromEnvironment() (*EnvironmentCredentialProvider, error)

NewFromEnvironment creates a credentials object based on available environment settings to use with Azure Key Vault

func (EnvironmentCredentialProvider) GetAcrCredentials 

func (c EnvironmentCredentialProvider) GetAcrCredentials(image string) (k8sCredentialProvider.DockerConfigEntry, error)

func (EnvironmentCredentialProvider) GetAzureKeyVaultCredentials 

func (c EnvironmentCredentialProvider) GetAzureKeyVaultCredentials() (AzureKeyVaultCredentials, error)

GetAzureKeyVaultCredentials will get Azure credentials

func (EnvironmentCredentialProvider) IsAcrRegistry 

func (c EnvironmentCredentialProvider) IsAcrRegistry(image string) bool

IsAcrRegistry checks if an image blongs to a ACR registry

type OAuthCredentials 

type OAuthCredentials struct {
	OAuthToken      string `json:"oauth_token"`
	EndpointPartial string `json:"endpoint_partial"`
}

OAuthCredentials has credentials need to authenticate with azure. These credentials expires when the oauth token expire (default one our in Azure). Use the Credentials interface if you want tokens to refresh.

func (OAuthCredentials) Authorizer 

func (c OAuthCredentials) Authorizer() (autorest.Authorizer, error)

Authorizer gets an Authorizer from credentials

func (OAuthCredentials) Endpoint 

func (c OAuthCredentials) Endpoint(keyVaultName string) string

Endpoint takes the name of the keyvault and creates a correct andpoint url

type UserAssignedManagedIdentityProvider 

type UserAssignedManagedIdentityProvider struct {
	// contains filtered or unexported fields
}

UserAssignedManagedIdentityProvider provides credentials for Azure using managed identity

func NewUserAssignedManagedIdentityProvider 

func NewUserAssignedManagedIdentityProvider(azureConfigFile string) (*UserAssignedManagedIdentityProvider, error)

func (UserAssignedManagedIdentityProvider) GetAzureKeyVaultCredentials 

func (c UserAssignedManagedIdentityProvider) GetAzureKeyVaultCredentials(azureIdentity string, hostname string) (AzureKeyVaultCredentials, error)

GetAzureKeyVaultCredentials will get Azure credentials

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.