auth

package

v1.3.13 Latest Latest Go to latest Published: Apr 17, 2026 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/illumio/cloud-operator

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func GetClusterCredentials(ctx context.Context, logger *zap.Logger, clientset kubernetes.Interface, ...) (string, string, error)
func GetClusterID(ctx context.Context, logger *zap.Logger, clientset kubernetes.Interface) (string, error)
func GetFirstAudience(logger *zap.Logger, claims map[string]any) (string, error)
func GetTLSConfig(skipVerify bool) *tls.Config
func GetTokenSource(ctx context.Context, config clientcredentials.Config, tlsConfig *tls.Config) oauth2.TokenSource
func OnboardCluster(ctx context.Context, tlsSkipVerify bool, ...) (string, string, error)
func ParseToken(tokenString string) (jwt.MapClaims, error)
func SetUpOAuthConnection(ctx context.Context, logger *zap.Logger, tokenURL string, tlsSkipVerify bool, ...) (*grpc.ClientConn, error)
type AuthConfig
type OnboardResponse

Constants ¶

View Source

const (
	SecretFieldClientID     = "client_id"
	SecretFieldClientSecret = "client_secret"
)

Variables ¶

This section is empty.

Functions ¶

func GetClusterCredentials ¶

func GetClusterCredentials(ctx context.Context, logger *zap.Logger, clientset kubernetes.Interface, config AuthConfig) (string, string, error)

GetClusterCredentials retrieves cluster credentials from a Kubernetes secret, or onboards the cluster if credentials are not found.

func GetClusterID ¶

func GetClusterID(ctx context.Context, logger *zap.Logger, clientset kubernetes.Interface) (string, error)

GetClusterID returns the uid of the k8s cluster's kube-system namespace, which is used as the cluster's globally unique ID.

func GetFirstAudience ¶

func GetFirstAudience(logger *zap.Logger, claims map[string]any) (string, error)

GetFirstAudience extracts the first audience from the claims map.

func GetTLSConfig ¶

func GetTLSConfig(skipVerify bool) *tls.Config

GetTLSConfig returns a TLS configuration.

func GetTokenSource ¶

func GetTokenSource(ctx context.Context, config clientcredentials.Config, tlsConfig *tls.Config) oauth2.TokenSource

GetTokenSource returns an OAuth2 token source.

func OnboardCluster ¶

func OnboardCluster(ctx context.Context, tlsSkipVerify bool, onboardingEndpoint, onboardingClientID, onboardingClientSecret string, logger *zap.Logger) (string, string, error)

OnboardCluster onboards this cluster with CloudSecure using the onboarding credentials and obtains the OAuth 2 client ID and client secret for this cluster.

func ParseToken ¶

func ParseToken(tokenString string) (jwt.MapClaims, error)

ParseToken parses the JWT token and returns the claims.

func SetUpOAuthConnection ¶

func SetUpOAuthConnection(
	ctx context.Context,
	logger *zap.Logger,
	tokenURL string,
	tlsSkipVerify bool,
	clientID string,
	clientSecret string,
) (*grpc.ClientConn, error)

SetUpOAuthConnection establishes a gRPC connection using OAuth credentials and logging the process.

Types ¶

type AuthConfig ¶

type AuthConfig struct {
	ClusterCreds           string
	PodNamespace           string
	OnboardingClientID     string
	OnboardingClientSecret string
	OnboardingEndpoint     string
	TlsSkipVerify          bool
}

AuthConfig holds configuration for authentication operations.

type OnboardResponse ¶

type OnboardResponse struct {
	ClusterClientID     string `json:"cluster_client_id"`
	ClusterClientSecret string `json:"cluster_client_secret"`
}

OnboardResponse represents the response from the onboarding endpoint.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL