oauth

package
v0.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 20, 2021 License: Apache-2.0 Imports: 38 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	OAuthServerPort   = 6443
	RouteExternalPort = 443
)
View Source 
const (
	LoginTemplateKey             = "login.html"
	ProviderSelectionTemplateKey = "providers.html"
	ErrorsTemplateKey            = "errors.html"

	LoginTemplateFile             = "templates/" + LoginTemplateKey
	ProviderSelectionTemplateFile = "templates/" + ProviderSelectionTemplateKey
	ErrorsTemplateFile            = "templates/" + ErrorsTemplateKey
)
View Source 
const (
	IDPVolumePathPrefix = "/etc/oauth/idp"
)
View Source 
const (
	OAuthServerConfigKey = "config.yaml"
)
View Source 
const (
	SessionSecretsFileKey = "v4-0-config-system-session"
)

Variables

This section is empty.

Functions

func MustTemplate 

func MustTemplate(name string) []byte

func ReconcileBrowserClientWorkerManifest 

func ReconcileBrowserClientWorkerManifest(cm *corev1.ConfigMap, ownerRef config.OwnerRef, externalHost string, externalPort int32) error

func ReconcileChallengingClientWorkerManifest 

func ReconcileChallengingClientWorkerManifest(cm *corev1.ConfigMap, ownerRef config.OwnerRef, externalHost string, externalPort int32) error

func ReconcileDeployment 

func ReconcileDeployment(ctx context.Context, client client.Client, deployment *appsv1.Deployment, ownerRef config.OwnerRef, config *corev1.ConfigMap, image string, deploymentConfig config.DeploymentConfig, identityProviders []configv1.IdentityProvider, providerOverrides map[string]*ConfigOverride) error

func ReconcileErrorTemplateSecret 

func ReconcileErrorTemplateSecret(secret *corev1.Secret, ownerRef config.OwnerRef) error

func ReconcileLoginTemplateSecret 

func ReconcileLoginTemplateSecret(secret *corev1.Secret, ownerRef config.OwnerRef) error

func ReconcileOAuthServerConfig 

func ReconcileOAuthServerConfig(ctx context.Context, cm *corev1.ConfigMap, ownerRef config.OwnerRef, client crclient.Client, params *OAuthConfigParams) error

func ReconcileProviderSelectionTemplateSecret 

func ReconcileProviderSelectionTemplateSecret(secret *corev1.Secret, ownerRef config.OwnerRef) error

func ReconcileRoute 

func ReconcileRoute(route *routev1.Route, ownerRef config.OwnerRef) error

func ReconcileService 

func ReconcileService(svc *corev1.Service, ownerRef config.OwnerRef, strategy *hyperv1.ServicePublishingStrategy) error

func ReconcileServiceStatus 

func ReconcileServiceStatus(svc *corev1.Service, route *routev1.Route, strategy *hyperv1.ServicePublishingStrategy) (host string, port int32, err error)

func ReconcileSessionSecret 

func ReconcileSessionSecret(secret *corev1.Secret, ownerRef config.OwnerRef) error

Types

type ConfigOverride 

type ConfigOverride struct {
	URLs   osinv1.OpenIDURLs   `json:"urls,omitempty"`
	Claims osinv1.OpenIDClaims `json:"claims,omitempty"`
}

ConfigOverride defines the oauth parameters that can be overriden in special use cases. The only supported use case for this currently is the IBMCloud IAM OIDC provider. These parameters are necessary since the public OpenID api does not support some of the customizations used in the IBMCloud IAM OIDC provider. This can be removed if the public API is adjusted to allow specifying these customizations.

type IDPVolumeMountInfo 

type IDPVolumeMountInfo struct {
	Container    string
	VolumeMounts util.PodVolumeMounts
	Volumes      []corev1.Volume
}

func (*IDPVolumeMountInfo) ConfigMapPath 

func (i *IDPVolumeMountInfo) ConfigMapPath(index int, configMapName, field, key string) string

func (*IDPVolumeMountInfo) SecretPath 

func (i *IDPVolumeMountInfo) SecretPath(index int, secretName, field, key string) string

type OAuthConfigParams 

type OAuthConfigParams struct {
	ExternalAPIHost          string
	ExternalAPIPort          int32
	ExternalHost             string
	ExternalPort             int32
	ServingCert              *corev1.Secret
	CipherSuites             []string
	MinTLSVersion            string
	IdentityProviders        []configv1.IdentityProvider
	AccessTokenMaxAgeSeconds int32
	// OauthConfigOverrides contains a mapping from provider name to the config overrides specified for the provider.
	// The only supported use case of using this is for the IBMCloud IAM OIDC provider.
	OauthConfigOverrides map[string]*ConfigOverride
	// LoginURLOverride can be used to specify an override for the oauth config login url. The need for this arises
	// when the login a provider uses doesn't conform to the standard login url in hypershift. The only supported use case
	// for this is IBMCloud Red Hat Openshift
	LoginURLOverride string
}

type OAuthServerParams 

type OAuthServerParams struct {
	OwnerRef                config.OwnerRef `json:"ownerRef"`
	ExternalHost            string          `json:"externalHost"`
	ExternalPort            int32           `json:"externalPort"`
	ExternalAPIHost         string          `json:"externalAPIHost"`
	ExternalAPIPort         int32           `json:"externalAPIPort"`
	OAuthServerImage        string
	config.DeploymentConfig `json:",inline"`
	OAuth                   *configv1.OAuth     `json:"oauth"`
	APIServer               *configv1.APIServer `json:"apiServer"`
	// OauthConfigOverrides contains a mapping from provider name to the config overrides specified for the provider.
	// The only supported use case of using this is for the IBMCloud IAM OIDC provider.
	OauthConfigOverrides map[string]*ConfigOverride
	// LoginURLOverride can be used to specify an override for the oauth config login url. The need for this arises
	// when the login a provider uses doesn't conform to the standard login url in hypershift. The only supported use case
	// for this is IBMCloud Red Hat Openshift
	LoginURLOverride string
}

func NewOAuthServerParams 

func NewOAuthServerParams(ctx context.Context, hcp *hyperv1.HostedControlPlane, globalConfig config.GlobalConfig, images map[string]string, host string, port int32) *OAuthServerParams

func (*OAuthServerParams) AccessTokenMaxAgeSeconds 

func (p *OAuthServerParams) AccessTokenMaxAgeSeconds() int32

func (*OAuthServerParams) CipherSuites 

func (p *OAuthServerParams) CipherSuites() []string

func (*OAuthServerParams) ConfigParams 

func (p *OAuthServerParams) ConfigParams(servingCert *corev1.Secret) *OAuthConfigParams

func (*OAuthServerParams) IdentityProviders 

func (p *OAuthServerParams) IdentityProviders() []configv1.IdentityProvider

func (*OAuthServerParams) MinTLSVersion 

func (p *OAuthServerParams) MinTLSVersion() string

type OAuthServiceParams 

type OAuthServiceParams struct {
	OAuth    *configv1.OAuth `json:"oauth"`
	OwnerRef config.OwnerRef `json:"ownerRef"`
}

func NewOAuthServiceParams 

func NewOAuthServiceParams(hcp *hyperv1.HostedControlPlane) *OAuthServiceParams

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.