client

package
v0.0.0-...-0533826 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 19, 2023 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// PlatformAuthIDPConfigMapName is the name of the ConfigMap containing settings used for Client management
	PlatformAuthIDPConfigMapName string = "platform-auth-idp"
	// PlatformAuthIDPCredentialsSecretName is the name of the Secret containing default credentials
	PlatformAuthIDPCredentialsSecretName string = "platform-auth-idp-credentials"
	// PlatformOIDCCredentialsSecretName is the name of the Secret containing the OP admin oauthadmin's password
	PlatformOIDCCredentialsSecretName string = "platform-oidc-credentials"
	// CSCACertificateSecretName is the name of the Secret created by the installer in the shared services namespace
	// that contains the Common Services CA certificate and private key details
	CSCACertificateSecretName string = "cs-ca-certificate-secret"
	// CP3FinalizerName is the name of the finalizer added to Clients by the Client controller in IM v4.x
	CP3FinalizerName string = "client.oidc.security.ibm.com"
	// CP2FinalizerName is the name of the finalizer added to Clients by the OIDC Client Watcher in IAM v3.x
	CP2FinalizerName  string = "fynalyzer.client.oidc.security.ibm.com"
	AdministratorRole string = "Administrator"
)
View Source 
const (
	GetType    = "GET"
	PostType   = "POST"
	PutType    = "PUT"
	DeleteType = "DELETE"
)
View Source 
const (
	MessageCreateClientSuccessful             = "OIDC client registration create successful"
	MessageUpdateClientSuccessful             = "OIDC client registration update successful"
	MessageClientSuccessful                   = "OIDC client registration successful"
	MessageCreateClientFailed                 = "OIDC client registration create failed"
	MessageCreateZenRegistrationFailed        = "Registration of the Zen Instance failed"
	MessageUnknown                     string = "Unexpected error occurred while processing the request"

	ReasonCreateClientSuccessful             = "CreateClientSuccessful"
	ReasonCreateClientFailed                 = "CreateClientFailed"
	ReasonUpdateClientSuccessful             = "UpdateClientSuccessful"
	ReasonUpdateClientFailed                 = "UpdateClientFailed"
	ReasonGetClientFailed                    = "GetClientFailed"
	ReasonDeleteClientFailed                 = "DeleteClientFailed"
	ReasonCreateZenRegistrationFailed        = "CreateZenRegistrationFailed"
	ReasonUnknown                     string = "Unknown"
)

These are valid condition statuses. "ConditionTrue" means a resource is in the condition; "ConditionFalse" means a resource is not in the condition; "ConditionUnknown" means kubernetes can't decide if a resource is in the condition or not. In the future, we could add other intermediate conditions, e.g. ConditionDegraded.

View Source 
const OptimisticLockErrorMsg = "the object has been modified; please apply your changes to the latest version and try again"

Variables

View Source 
var Clock clock.Clock = clock.RealClock{}

Functions

func Add 

func Add(mgr manager.Manager) error

Add creates a new Client Controller and adds it to the Manager. The Manager will set fields on the Controller and Start it when the Manager is Started.

func ClientHasCondition 

func ClientHasCondition(client *oidcv1.Client, c oidcv1.ClientCondition) bool

ClientHasCondition will return true if the given Client has a condition matching the provided ClientCondition. Only the Type and Status field will be used in the comparison, meaning that this function will return 'true' even if the Reason, Message and LastTransitionTime fields do not match.

func SetClientCondition 

func SetClientCondition(client *oidcv1.Client, conditionType oidcv1.ClientConditionType, status oidcv1.ConditionStatus, reason, message string)

SetClientCondition will set a 'condition' on the given Client.

  • If no condition of the same type already exists, the condition will be inserted with the LastTransitionTime set to the current time.
  • If a condition of the same type and state already exists, the condition will be updated but the LastTransitionTime will not be modified.
  • If a condition of the same type and different state already exists, the condition will be updated and the LastTransitionTime set to the current time.

Types

type ClientControllerConfig 

type ClientControllerConfig map[string]string

ClientControllerConfig maintains state used while reconciling OIDC Client objects

func (ClientControllerConfig) ApplyConfigMap 

func (c ClientControllerConfig) ApplyConfigMap(configMap *corev1.ConfigMap, keysList ...string) (err error)

ApplyConfigMap takes the key value pairs found in a ConfigMap's Data field and sets the same keys and values in the ClientControllerConfig. Produces an error if the ConfigMap had an empty Data field.

func (ClientControllerConfig) ApplySecret 

func (c ClientControllerConfig) ApplySecret(secret *corev1.Secret, keysList ...string) (err error)

ApplySecret takes the key value pairs found in a Secret's Data field and sets the same keys and values in the ClientControllerConfig after converting the values into strings from []byte. Produces an error if the Secret had an empty Data field.

type ClientCredentials 

type ClientCredentials struct {
	ClientID     string `json:"CLIENT_ID"`
	ClientSecret string `json:"CLIENT_SECRET"`
}

type OIDCClientError 

type OIDCClientError struct {
	Description string `json:"error_description"`
}

func NewOIDCClientError 

func NewOIDCClientError(response *http.Response) (oidcErr *OIDCClientError)

NewOIDCClientError produces a new OIDCClientError by attempting to unmarshal the response body JSON into an OIDCClientError's Description field.

func (*OIDCClientError) Error 

func (e *OIDCClientError) Error() string

type OidcClientResponse 

type OidcClientResponse struct {
	ClientIDIssuedAt        int      `json:"client_id_issued_at"`
	RegistrationClientURI   string   `json:"registration_client_uri"`
	ClientSecretExpiresAt   int      `json:"client_secret_expires_at"`
	TokenEndpointAuthMethod string   `json:"token_endpoint_auth_method"`
	Scope                   string   `json:"scope"`
	GrantTypes              []string `json:"grant_types"`
	ResponseTypes           []string `json:"response_types"`
	ApplicationType         string   `json:"application_type"`
	SubjectType             string   `json:"subject_type"`
	PostLogoutRedirectUris  []string `json:"post_logout_redirect_uris"`
	PreauthorizedScope      string   `json:"preauthorized_scope"`
	IntrospectTokens        bool     `json:"introspect_tokens"`
	TrustedURIPrefixes      []string `json:"trusted_uri_prefixes"`
	ResourceIds             []string `json:"resource_ids"`
	FunctionalUserGroupIds  []string `json:"functional_user_groupIds"`
	FunctionalUserID        string   `json:"functional_user_id"`
	AppPasswordAllowed      bool     `json:"appPasswordAllowed"`
	AppTokenAllowed         bool     `json:"appTokenAllowed"`
	ClientID                string   `json:"client_id"`
	ClientSecret            string   `json:"client_secret"`
	ClientName              string   `json:"client_name"`
	RedirectUris            []string `json:"redirect_uris"`
	AllowRegexpRedirects    bool     `json:"allow_regexp_redirects"`
}

type ReconcileClient 

type ReconcileClient struct {
	Reader client.Reader
	// contains filtered or unexported fields
}

ReconcileClient is a split client that reads objects from the cache and writes to the apiserver

func (*ReconcileClient) CreateClientRegistration 

func (r *ReconcileClient) CreateClientRegistration(ctx context.Context, client *oidcv1.Client, clientCreds *ClientCredentials) (response *http.Response, err error)

CreateClientRegistration registers a new OIDC Client on the OP using information provided in the provided Client CR.

func (*ReconcileClient) CreateZenInstance 

func (r *ReconcileClient) CreateZenInstance(ctx context.Context, client *oidcv1.Client, clientCreds *ClientCredentials) (err error)

CreateZenInstance registers the zen instance with the iam identity mgmt service

func (*ReconcileClient) DeleteClientRegistration 

func (r *ReconcileClient) DeleteClientRegistration(ctx context.Context, client *oidcv1.Client) (response *http.Response, err error)

DeleteClientRegistration deletes from the OP the OIDC Client registration represented by the Client CR.

func (*ReconcileClient) DeleteZenInstance 

func (r *ReconcileClient) DeleteZenInstance(ctx context.Context, client *oidcv1.Client) (err error)

DeleteZenInstance deletes the requested zen instance

func (*ReconcileClient) GetAuthServiceURL 

func (r *ReconcileClient) GetAuthServiceURL() (value string, err error)

GetAuthServiceURL gets the IAM Auth Service URL from the ReconcileClient's ClientControllerConfig. Produces an error if the ClientControllerConfig is empty or if the key is not present.

func (*ReconcileClient) GetClientCreds 

func (r *ReconcileClient) GetClientCreds(ctx context.Context, client *oidcv1.Client) (clientCreds *ClientCredentials, err error)

GetClientCreds uses information from a Client to obtain the Client's credentials from the cluster. The Client must at a minimum have its ClientId, Secret, and namespace set.

func (*ReconcileClient) GetClientRegistration 

func (r *ReconcileClient) GetClientRegistration(ctx context.Context, client *oidcv1.Client) (response *http.Response, err error)

GetClientRegistration gets the registered Client from the OP, if it is there.

func (*ReconcileClient) GetDefaultAdminPassword 

func (r *ReconcileClient) GetDefaultAdminPassword() (value string, err error)

GetDefaultAdminPassword gets the default admin password for the IAM API from the ReconcileClient's ClientControllerConfig. Produces an error if the ClientControllerConfig is empty or if the key is not present.

func (*ReconcileClient) GetDefaultAdminUser 

func (r *ReconcileClient) GetDefaultAdminUser() (value string, err error)

GetDefaultAdminUser gets the default admin user for the IAM API from the ReconcileClient's ClientControllerConfig. Produces an error if the ClientControllerConfig is empty or if the key is not present.

func (*ReconcileClient) GetIdentityManagementURL 

func (r *ReconcileClient) GetIdentityManagementURL() (value string, err error)

GetIdentityManagementURL gets the Identity Management URL from the ReconcileClient's ClientControllerConfig. Produces an error if the ClientControllerConfig is empty or if the key is not present.

func (*ReconcileClient) GetIdentityProviderURL 

func (r *ReconcileClient) GetIdentityProviderURL() (value string, err error)

GetIdentityProviderURL gets the Identity Provider URL from the ReconcileClient's ClientControllerConfig. Produces an error if the ClientControllerConfig is empty or if the key is not present.

func (*ReconcileClient) GetOAuthAdminPassword 

func (r *ReconcileClient) GetOAuthAdminPassword() (value string, err error)

GetOauthAdminPassword gets the password for the OAuth Provider oauthadmin account from the ReconcileClient's ClientControllerConfig. Produces an error if the ClientControllerConfig is empty or if the key is not present.

func (*ReconcileClient) GetROKSEnabled 

func (r *ReconcileClient) GetROKSEnabled() (value bool, err error)

GetROKSEnabled gets from the ClientControllerConfig whether the controller is enabled to use OpenShift OAuthClients for OIDC Client authentication via legacy configuration; creates and manages OAuthClient objects with names that match OIDC Client's clientId field. Produces an error if the ClientControllerConfig is empty or if the key is not present.

func (*ReconcileClient) GetZenInstance 

func (r *ReconcileClient) GetZenInstance(ctx context.Context, client *oidcv1.Client) (zenInstance *ZenInstance, err error)

GetZenInstance returns the zen instance or nil if it does not exist

func (*ReconcileClient) IsConfigured 

func (r *ReconcileClient) IsConfigured() bool

IsConfigured returns whether all mandatory config fields are set.

func (*ReconcileClient) Reconcile 

func (r *ReconcileClient) Reconcile(ctx context.Context, request reconcile.Request) (result reconcile.Result, err error)

Reconcile reads that state of the cluster for a Client object and makes changes based on the state read and what is in the Client.Spec The Controller will requeue the Request to be processed again if the returned error is non-nil or Result.Requeue is true, otherwise upon completion it will remove the work from the queue.

func (*ReconcileClient) RemoveAnnotationFromSA 

func (r *ReconcileClient) RemoveAnnotationFromSA(ctx context.Context, client *oidcv1.Client, sAccNamespace string)

RemoveAnnotationFromSA removes respective redirecturi annotation present in ibm-iam-operand-restricted SA for deleteClient Call

func (*ReconcileClient) SetConfig 

func (r *ReconcileClient) SetConfig(ctx context.Context, namespace string) (err error)

SetConfig sets the ClientControllerConfig on the ReconcileClient using the platform-auth-idp ConfigMap and platform-auth-idp-credentials Secret that are installed on the cluster.

func (*ReconcileClient) UpdateClientRegistration 

func (r *ReconcileClient) UpdateClientRegistration(ctx context.Context, client *oidcv1.Client, clientCreds *ClientCredentials) (response *http.Response, err error)

UpdateClientRegistration updates the OIDC Client registration represented by the Client CR to use the credentials stored in the provided Secret.

type TokenInfo 

type TokenInfo struct {
	AccessToken  string `json:"access_token"`
	TokenType    string `json:"token_type"`
	ExpiresIn    int    `json:"expires_in"`
	Scope        string `json:"scope"`
	RefreshToken string `json:"refresh_token"`
	IdToken      string `json:"id_token"`
}

type ZenInstance 

type ZenInstance struct {
	ClientID       string `json:"clientId"`
	InstanceId     string `json:"instanceId"`
	ProductNameUrl string `json:"productNameUrl"`
	Namespace      string `json:"namespace"`
	ZenAuditUrl    string `json:"zenAuditUrl"`
}

ZenInstance represents the zen instance model (response from post, get)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.