Documentation
¶
Index ¶
- Constants
- type AzureConfig
- type Config
- type ConfigSnapshot
- func (t *ConfigSnapshot) DefaultGroup() Group
- func (t *ConfigSnapshot) GetGroup(name string) (Group, bool)
- func (t *ConfigSnapshot) GetProviderType(providerName string) (string, error)
- func (t *ConfigSnapshot) Groups() []Group
- func (t *ConfigSnapshot) HaveGroups() bool
- func (t *ConfigSnapshot) ProviderConfigs() map[string]*ProviderConfig
- func (t *ConfigSnapshot) Targets() []Target
- type ConfigV1
- type Group
- type LoginCredentials
- type OspreyConfig
- type ProviderConfig
- type Providers
- type ProvidersV1
- type Retriever
- type RetrieverOptions
- type Target
- func (m *Target) APIServer() string
- func (m *Target) Aliases() []string
- func (m *Target) CertificateAuthorityData() string
- func (m *Target) HasAliases() bool
- func (m *Target) Name() string
- func (m *Target) Server() string
- func (m *Target) ShouldConfigureForGKE() bool
- func (m *Target) ShouldFetchCAFromAPIServer() bool
- func (m *Target) ShouldSkipTLSVerify() bool
- type TargetEntry
- type TargetInfo
- type UserInfo
- type VersionConfig
Constants ¶
const (
// AzureProviderName is the constant string value for the azure provider
AzureProviderName = "azure"
)
const OspreyProviderName = "osprey"
OspreyProviderName is the constant string value for the osprey provider
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AzureConfig ¶
type AzureConfig struct {
// Name provides a named reference to the provider. For e.g sky-azure, nbcu-azure etc. Optional field
Name string `yaml:"name,omitempty"`
// ServerApplicationID is the oidc-client-id used on the apiserver configuration
ServerApplicationID string `yaml:"server-application-id,omitempty"`
// ClientID is the oidc client id used for osprey
ClientID string `yaml:"client-id,omitempty"`
// ClientSecret is the oidc client secret used for osprey
ClientSecret string `yaml:"client-secret,omitempty"`
// CertificateAuthority is the filesystem path from which to read the CA certificate
CertificateAuthority string `yaml:"certificate-authority,omitempty"`
// CertificateAuthorityData is base64-encoded CA cert data.
// This will override any cert file specified in CertificateAuthority.
// +optional
CertificateAuthorityData string `yaml:"certificate-authority-data,omitempty"`
// RedirectURI is the redirect URI that the oidc application is configured to call back to
RedirectURI string `yaml:"redirect-uri,omitempty"`
// Scopes is the list of scopes to request when performing the oidc login request
Scopes []string `yaml:"scopes"`
// AzureTenantID is the Azure Tenant ID assigned to your organisation
AzureTenantID string `yaml:"tenant-id,omitempty"`
// IssuerURL is the URL of the OpenID server. This is mainly used for testing.
// +optional
IssuerURL string `yaml:"issuer-url,omitempty"`
// Targets contains a map of strings to osprey targets
Targets map[string]*TargetEntry `yaml:"targets"`
}
AzureConfig holds the configuration for Azure
func (*AzureConfig) ValidateConfig ¶
func (ac *AzureConfig) ValidateConfig() error
ValidateConfig checks that the required configuration has been provided for Azure
type Config ¶
type Config struct {
// APIVersion specifies the version of osprey config file used
APIVersion string `yaml:"apiVersion,omitempty"`
// Kubeconfig specifies the path to read/write the kubeconfig file.
// +optional
Kubeconfig string `yaml:"kubeconfig,omitempty"`
// DefaultGroup specifies the group to log in to if none provided.
// +optional
DefaultGroup string `yaml:"default-group,omitempty"`
// Providers is a map of OIDC provider config
Providers *Providers `yaml:"providers,omitempty"`
}
Config holds the information needed to connect to remote OIDC providers
func LoadConfig ¶
LoadConfig reads and parses the Config file
func (*Config) GetRetrievers ¶
func (c *Config) GetRetrievers(providerConfigs map[string]*ProviderConfig, options RetrieverOptions) (map[string]Retriever, error)
GetRetrievers returns a map of providers to retrievers Can return just a single retriever as it can be called just in time. The disadvantage being login can fail for a different provider after having succeeded for the first.
func (*Config) GroupOrDefault ¶
GroupOrDefault returns the group if it is not empty, or the Config.DefaultGroup if it is.
func (*Config) Snapshot ¶
func (c *Config) Snapshot() *ConfigSnapshot
Snapshot creates or returns a ConfigSnapshot
type ConfigSnapshot ¶
type ConfigSnapshot struct {
// contains filtered or unexported fields
}
ConfigSnapshot is a snapshot view of the configuration to organize the targets per group. It does not reflect changes to the configuration after it has been taken.
func (*ConfigSnapshot) DefaultGroup ¶
func (t *ConfigSnapshot) DefaultGroup() Group
DefaultGroup returns the default group in the configuration. If no specific group is set as default, it will return the special ungrouped ("") group
func (*ConfigSnapshot) GetGroup ¶
func (t *ConfigSnapshot) GetGroup(name string) (Group, bool)
GetGroup returns a valid group and true if it exists, an empty group and false if it doesn't.
func (*ConfigSnapshot) GetProviderType ¶ added in v2.12.0
func (t *ConfigSnapshot) GetProviderType(providerName string) (string, error)
GetProviderType provides the name of the provider. azure, osprey etc
func (*ConfigSnapshot) Groups ¶
func (t *ConfigSnapshot) Groups() []Group
Groups returns all defined groups sorted alphabetically by name.
func (*ConfigSnapshot) HaveGroups ¶
func (t *ConfigSnapshot) HaveGroups() bool
HaveGroups returns true if there is at least one defined group.
func (*ConfigSnapshot) ProviderConfigs ¶ added in v2.12.0
func (t *ConfigSnapshot) ProviderConfigs() map[string]*ProviderConfig
ProviderConfigs is the config for the providers
func (*ConfigSnapshot) Targets ¶
func (t *ConfigSnapshot) Targets() []Target
Targets returns all the targets in the configuration in alphabetical order.
type ConfigV1 ¶ added in v2.12.0
type ConfigV1 struct {
// Kubeconfig specifies the path to read/write the kubeconfig file.
// +optional
Kubeconfig string `yaml:"kubeconfig,omitempty"`
// DefaultGroup specifies the group to log in to if none provided.
// +optional
DefaultGroup string `yaml:"default-group,omitempty"`
// Providers is a map of OIDC provider config
Providers *ProvidersV1 `yaml:"providers,omitempty"`
}
ConfigV1 is the v1 version of the config file Deprecated: This config format is now deprecated. Use `Config` format instead
type Group ¶
type Group struct {
// contains filtered or unexported fields
}
Group organizes the targetEntry targets
func (*Group) TargetsForProvider ¶ added in v2.12.0
TargetsForProvider returns the list of targets by provider belonging to this group
type LoginCredentials ¶
type LoginCredentials struct {
// Username username of user intending to login
Username string
// Password the password for user
Password string
}
LoginCredentials represents user credentials
func GetCredentials ¶
func GetCredentials(partialLoginCredentials *LoginCredentials) (*LoginCredentials, error)
GetCredentials loads the credentials from the terminal or stdin.
type OspreyConfig ¶
type OspreyConfig struct {
// CertificateAuthority is the path to a cert file for the certificate authority.
// +optional
CertificateAuthority string `yaml:"certificate-authority,omitempty"`
// CertificateAuthorityData is base64-encoded CA cert data.
// This will override any cert file specified in CertificateAuthority.
// +optional
CertificateAuthorityData string `yaml:"certificate-authority-data,omitempty"`
// AzureTenantID is the Azure Tenant ID assigned to your organisation
Targets map[string]*TargetEntry `yaml:"targets"`
// Provider name
Name string `yaml:"provider-name,omitempty"`
}
OspreyConfig holds the configuration for Osprey
func (*OspreyConfig) ValidateConfig ¶
func (oc *OspreyConfig) ValidateConfig() error
ValidateConfig checks that the required configuration has been provided for Osprey
type ProviderConfig ¶ added in v2.12.0
type ProviderConfig struct {
// contains filtered or unexported fields
}
ProviderConfig is a super struct i.e many fields don't apply for osprey config/setup. Maybe there's a better way :shrug:
type Providers ¶
type Providers struct {
Azure []*AzureConfig `yaml:"azure,omitempty"`
Osprey []*OspreyConfig `yaml:"osprey,omitempty"`
}
Providers holds the configuration structs for the supported providers
type ProvidersV1 ¶ added in v2.12.0
type ProvidersV1 struct {
Azure *AzureConfig `yaml:"azure,omitempty"`
Osprey *OspreyConfig `yaml:"osprey,omitempty"`
}
ProvidersV1 Single Provider config Deprecated: This format is now deprecated. Use `Providers` instead
type Retriever ¶
type Retriever interface {
// GetAuthInfo returns the AuthInfo from the kubeconfig for a given target. Returns an AuthInfo if the user is logged in.
GetAuthInfo(*clientgo.Config, Target) *clientgo.AuthInfo
// RetrieveClusterDetailsAndAuthTokens returns an access token that is required to authenticate user access against a kubernetes cluster.
RetrieveClusterDetailsAndAuthTokens(Target) (*TargetInfo, error)
// RetrieveUserDetails returns the user email address and groups, if available.
RetrieveUserDetails(Target, clientgo.AuthInfo) (*UserInfo, error)
// SetUseDeviceCode is a flag that when set to false, creates non-interactive login requests to auth providers (e.g. device flow)
SetUseDeviceCode(bool)
}
Retriever is used to authenticate and generate the configuration
func NewAzureRetriever ¶
func NewAzureRetriever(provider *ProviderConfig, options RetrieverOptions) (Retriever, error)
NewAzureRetriever creates new Azure oAuth client
func NewOspreyRetriever ¶
func NewOspreyRetriever(provider *ProviderConfig, options RetrieverOptions) (Retriever, error)
NewOspreyRetriever creates new osprey client
type RetrieverOptions ¶
type RetrieverOptions struct {
UseDeviceCode bool
LoginTimeout time.Duration
DisableBrowserPopup bool
Username string
Password string
}
RetrieverOptions is used to hold command line arguments that change the behaviour of logins
type Target ¶
type Target struct {
// contains filtered or unexported fields
}
Target has the information of an TargetEntry target server
func (*Target) CertificateAuthorityData ¶
CertificateAuthorityData returns the CertificateAuthorityData of the Target
func (*Target) HasAliases ¶
HasAliases returns true if the Target has at least one alias
func (*Target) ShouldConfigureForGKE ¶
ShouldConfigureForGKE returns true iff the API server URL and CA should be fetched from the kube-public ClientConfig provided by GKE clusters instead of the other methods (e.g. inline in Osprey config file or from Osprey server)
func (*Target) ShouldFetchCAFromAPIServer ¶
ShouldFetchCAFromAPIServer returns true iff the CA should be fetched from the kube-public ConfigMap instead of the other methods (e.g. inline in Osprey config file or from Osprey server)
func (*Target) ShouldSkipTLSVerify ¶ added in v2.9.0
ShouldSkipTLSVerify returns true iff the configured target should not have TLS certs verified
type TargetEntry ¶
type TargetEntry struct {
// Server is the address of the osprey server (hostname:port).
// +optional
Server string `yaml:"server,omitempty"`
// APIServer is the address of the API server (hostname:port).
// +optional
APIServer string `yaml:"api-server,omitempty"`
// UseGKEClientConfig true if Osprey should fetch the CA cert and server URL from the
//kube-public/ClientConfig resource provided by the OIDC Identity Service in GKE clusters.
// +optional
UseGKEClientConfig bool `yaml:"use-gke-clientconfig,omitempty"`
// SkipTLSVerify true if Osprey should skip verification of TLS certificate
// +optional
SkipTLSVerify bool `yaml:"skip-tls-verify,omitempty"`
// CertificateAuthority is the path to a cert file for the certificate authority.
// +optional
CertificateAuthority string `yaml:"certificate-authority,omitempty"`
// CertificateAuthorityData is base64-encoded CA cert data.
// This will override any cert file specified in CertificateAuthority.
// +optional
CertificateAuthorityData string `yaml:"certificate-authority-data,omitempty"`
// Aliases is a list of names that the osprey server can be called.
// +optional
Aliases []string `yaml:"aliases,omitempty"`
// Groups is a list of names that can be used to group different osprey servers.
// +optional
Groups []string `yaml:"groups,omitempty"`
}
TargetEntry contains information about how to communicate with an osprey server
type TargetInfo ¶
type TargetInfo struct {
// Username the identifier of the logged in user
Username string
// IDToken the JWT token for the user
IDToken string
// ClientID the id of the client requesting the authentication
ClientID string
// ClientSecret a secret to identify the client requesting the authentication
ClientSecret string
// IssuerURL the URL of the OIDC provider
IssuerURL string
// IssuerCA base64 encoded CA used to validate the Issuers certificate
IssuerCA string
// ClusterName name of the cluster that can be accessed with the IDToken
ClusterName string
// ClusterAPIServerURL URL of the apiserver of the cluster that can be accessed with the IDToken
ClusterAPIServerURL string
// ClusterCA base64 encoded CA of the cluster that can be accessed with the IDToken
ClusterCA string
// AccessToken is the JWT token for the user when using a cloud IDP
AccessToken string
}
TargetInfo contains the data required to configure an OIDC authenticator for kubectl
type UserInfo ¶
type UserInfo struct {
// Username the identifier of the logged in user
Username string
// Roles group memberships for the user
Roles []string
}
UserInfo contains data about a user
type VersionConfig ¶ added in v2.12.0
type VersionConfig struct {
APIVersion string `yaml:"apiVersion,omitempty"`
}
VersionConfig is used to unmarshal just the apiVersion field from the config file
Source Files
Directories