Documentation
¶
Index ¶
Constants ¶
const ( IssuerUrl = "idp-issuer-url" ClientID = "client-id" ClientSecret = "client-secret" CertificateAuthority = "idp-certificate-authority" CertificateAuthorityData = "idp-certificate-authority-data" ExtraScopes = "extra-scopes" IDToken = "id-token" RefreshToken = "refresh-token" AccessToken = "access-token" )
Variables ¶
var DefaultKubeConfigPath = cfg.RecommendedHomeFile
Functions ¶
This section is empty.
Types ¶
type Cache ¶
type Cache struct {
// contains filtered or unexported fields
}
Cache is an cache for OIDC tokens that installs token inside k8s user config directory in `Users:` sections of yaml. It is convenient for initial install of token (and possibly refresh-token) for OIDC auth-provider. It stores config following set-credentials way of saving credentials:
users:
- name: <k8sUsers[0]> user: auth-provider: config: client-id: <clientID> client-secret: <clientSecret> extra-scopes: groups id-token: <id-token> idp-issuer-url: <provider> refresh-token: <[optional] refresh-token) name: oidc
func NewCache ¶
func NewCache(kubeConfigPath string, loginCfg login.OIDCConfig, k8sUsers ...string) *Cache
NewCache constructs cache that installs specified configuration and token under given k8s users inside kubeconfig.
func NewCacheFromUser ¶
NewCacheFromUser constructs cache that assumes that required configuration (and optionally refresh token) is already cached under given user inside kubeconfig. It returns error if configuration is not there.
func (*Cache) SaveToken ¶
SaveToken saves token as k8s user's credentials inside k8s config directory. It saves the same thing for ALL specified k8s users.
func (*Cache) Token ¶
Token retrieves the tokens from all of the registered users in kube config. It does not check if tokens are valid, however if the OIDC clients data are different than configured in login.Config or one of the tokens for all specified k8s users is different - it returns an error.
Source Files