v0.0.0-...-15da440 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Nov 28, 2023 License: AGPL-3.0 Imports: 16 Imported by: 105



Package cloud provides functionality to parse information describing clouds, including regions, supported auth types etc.



View Source
const (
	// AccessKeyAuthType is an authentication type using a key and secret.
	AccessKeyAuthType AuthType = "access-key"

	// InstanceRoleAuthType is an authentication type used by sourcing
	// credentials from within the machine's context in a given cloud provider.
	// You only get these credentials by running within that machine.
	InstanceRoleAuthType AuthType = "instance-role"

	// UserPassAuthType is an authentication type using a username and password.
	UserPassAuthType AuthType = "userpass"

	// OAuth1AuthType is an authentication type using oauth1.
	OAuth1AuthType AuthType = "oauth1"

	// OAuth2AuthType is an authentication type using oauth2.
	OAuth2AuthType AuthType = "oauth2"

	// JSONFileAuthType is an authentication type that takes a path to
	// a JSON file.
	JSONFileAuthType AuthType = "jsonfile"

	// ClientCertificateAuthType is an authentication type using client
	// certificates.
	ClientCertificateAuthType AuthType = "clientcertificate"

	// HTTPSigAuthType is an authentication type that uses HTTP signatures:
	HTTPSigAuthType AuthType = "httpsig"

	// InteractiveAuthType is a credential auth-type provided as an option to
	// "juju add-credential", which takes the user through the process of
	// adding credentials.  e.g. for lxd: generating a certificate credential.
	// This authType should used in a CredentialSchema, not a CloudSchema.
	InteractiveAuthType = "interactive"

	// EmptyAuthType is the authentication type used for providers
	// that require no credentials, e.g. "lxd", and "manual".
	EmptyAuthType AuthType = "empty"

	// AuthTypesKey is the name of the key in a cloud config or cloud schema
	// that holds the cloud's auth types.
	AuthTypesKey = "auth-types"

	// EndpointKey is the name of the key in a cloud config or cloud schema
	// that holds the cloud's endpoint url.
	EndpointKey = "endpoint"

	// RegionsKey is the name of the key in a cloud schema that holds the list
	// of regions a cloud supports.
	RegionsKey = "regions"

	// CertFilenameKey is the name of the key in a cloud schema that holds
	// the filename of a CA Certificate to be used to access the cloud, in conjunction
	// with an auth type.
	CertFilenameKey = "certfilename"
View Source
const (
	// CloudTypeKubernetes is the kubernetes cloud type.
	CloudTypeKubernetes = "kubernetes"
View Source
const DefaultCloudRegion = "default"

DefaultCloudRegion is the name of the default region that Juju creates for clouds that do not define a region.


This section is empty.


func BuildHostCloudRegion

func BuildHostCloudRegion(cloudType, region string) string

BuildHostCloudRegion combines cloudType with region to host cloud region.

func CloudIsCAAS

func CloudIsCAAS(cloud Cloud) bool

CloudIsCAAS checks if cloud is a CAAS cloud.

func CloudTypeIsCAAS

func CloudTypeIsCAAS(cloudType string) bool

CloudTypeIsCAAS checks if a given cloud type is a CAAS cloud

func DefaultCloudDescription

func DefaultCloudDescription(cloudType string) string

DefaultCloudDescription returns the description for the specified cloud type, or an empty string if the cloud type is unknown.

func IsSameCloudMetadata

func IsSameCloudMetadata(meta1, meta2 map[string]Cloud) (bool, error)

IsSameCloudMetadata returns true if both meta and meta2 contain the same cloud metadata.

func JujuPersonalCloudsPath

func JujuPersonalCloudsPath() string

JujuPersonalCloudsPath is the location where personal cloud information is expected to be found. Requires JUJU_HOME to be set.

func JujuPublicCloudsPath

func JujuPublicCloudsPath() string

JujuPublicCloudsPath is the location where public cloud information is expected to be found. Requires JUJU_HOME to be set.

func MarshalCloud

func MarshalCloud(cloud Cloud) ([]byte, error)

MarshalCloud marshals a Cloud to an opaque byte array.

func ParseCloudMetadata

func ParseCloudMetadata(data []byte) (map[string]Cloud, error)

ParseCloudMetadata parses the given yaml bytes into Clouds metadata.

The expected regular yaml formal is:


  type: maas
  auth-types: [oauth1]
  endpoint: "http://garagemaas"
  skip-tls-verify: true`

It also accepts a yaml format without the 'clouds' key at the top, e.g.


type: maas
auth-types: [oauth1]
endpoint: "http://garagemaas"
skip-tls-verify: true`


func ParseCloudMetadataFile

func ParseCloudMetadataFile(file string) (map[string]Cloud, error)

ParseCloudMetadataFile loads any cloud metadata defined in the specified file.

func ParseCredentials

func ParseCredentials(data []byte) (map[string]CloudCredential, error)

ParseCredentials parses the given yaml bytes into Credentials, but does not validate the credential attributes.

func PersonalCloudMetadata

func PersonalCloudMetadata() (map[string]Cloud, error)

PersonalCloudMetadata loads any personal cloud metadata defined in the Juju Home directory. If not cloud metadata is found, that is not an error; nil is returned.

func PublicCloudMetadata

func PublicCloudMetadata(searchPath ...string) (result map[string]Cloud, fallbackUsed bool, err error)

PublicCloudMetadata looks in searchPath for cloud metadata files and if none are found, returns the fallback public cloud metadata.

func RegionNames

func RegionNames(regions []Region) []string

RegionNames returns a sorted list of the names of the given regions.

func RegisterStructTags

func RegisterStructTags(vals ...interface{})

RegisterStructTags ensures the yaml tags for the given structs are able to be used when parsing cloud metadata.

func SplitHostCloudRegion

func SplitHostCloudRegion(hostCloudRegion string) (string, string, error)

SplitHostCloudRegion splits host cloud region to cloudType and region.

func ValidateCloudSet

func ValidateCloudSet(data []byte) error

ValidateCloudSet reports any erroneous properties found in cloud metadata YAML. If there are no erroneous properties, then ValidateCloudSet returns nil otherwise it return an error listing all erroneous properties and possible suggestion.

func ValidateFileAttrValue

func ValidateFileAttrValue(path string) (string, error)

ValidateFileAttrValue returns the normalised file path, so long as the specified path is valid and not a directory.

func ValidateOneCloud

func ValidateOneCloud(data []byte) error

ValidateOneCloud is like ValidateCloudSet but validates the metadata for only one cloud and not multiple.

func WritePersonalCloudMetadata

func WritePersonalCloudMetadata(cloudsMap map[string]Cloud) error

WritePersonalCloudMetadata marshals to YAML and writes the cloud metadata to the personal cloud file.

func WritePublicCloudMetadata

func WritePublicCloudMetadata(cloudsMap map[string]Cloud) error

WritePublicCloudMetadata marshals to YAML and writes the cloud metadata to the public cloud file.


type Attrs

type Attrs map[string]interface{}

Attrs serves as a map to hold regions specific configuration attributes. This serves to reduce confusion over having a nested map, i.e. map[string]map[string]interface{}

type AuthType

type AuthType string

AuthType is the type of authentication used by the cloud.

const (
	// CertificateAuthType is an authentication type using certificates.
	// NOTE: This type should never be used in practice as it doesn't exist. We
	// maintain it here to maintain backwards functionality for Juju in a pre
	// 2.9 world. Consider using ClientCertificateAuthType instead. This note
	// applies to Kubernetes.
	// TODO: tlm update lxd to stop using this auth type
	CertificateAuthType AuthType = "certificate"

	// OAuth2WithCertAuthType is an authentication type using oauth2 and a client certificate
	// NOTE: This type should never be used in practice as it doesn't exist. We
	// maintain it here to maintain backwards functionality for Juju in a pre
	// 2.9 world. Consider using OAuth2AuthType instead.
	OAuth2WithCertAuthType AuthType = "oauth2withcert"

Const legacy auth types. Their should be no reason to use these anymore in Juju. They are kept to maintain backwards compatibility.

type AuthTypes

type AuthTypes []AuthType

AuthTypes is defined to allow sorting AuthType slices.

func (AuthTypes) Contains

func (a AuthTypes) Contains(t AuthType) bool

Contains checks if AuthType t is in a AuthTypes.

func (AuthTypes) Len

func (a AuthTypes) Len() int

func (AuthTypes) Less

func (a AuthTypes) Less(i, j int) bool

func (AuthTypes) Swap

func (a AuthTypes) Swap(i, j int)

type Cloud

type Cloud struct {
	// Name of the cloud.
	Name string

	// Type is the type of cloud, eg ec2, openstack etc.
	// This is one of the provider names registered with
	// environs.RegisterProvider.
	Type string

	// HostCloudRegion represents the k8s host cloud. The format is <cloudType>/<region>.
	HostCloudRegion string

	// Description describes the type of cloud.
	Description string

	// AuthTypes are the authentication modes supported by the cloud.
	AuthTypes AuthTypes

	// Endpoint is the default endpoint for the cloud regions, may be
	// overridden by a region.
	Endpoint string

	// IdentityEndpoint is the default identity endpoint for the cloud
	// regions, may be overridden by a region.
	IdentityEndpoint string

	// StorageEndpoint is the default storage endpoint for the cloud
	// regions, may be overridden by a region.
	StorageEndpoint string

	// Regions are the regions available in the cloud.
	// Regions is a slice, and not a map, because order is important.
	// The first region in the slice is the default region for the
	// cloud.
	Regions []Region

	// Config contains optional cloud-specific configuration to use
	// when bootstrapping Juju in this cloud. The cloud configuration
	// will be combined with Juju-generated, and user-supplied values;
	// user-supplied values taking precedence.
	Config map[string]interface{}

	// RegionConfig contains optional region specific configuration.
	// Like Config above, this will be combined with Juju-generated and user
	// supplied values; with user supplied values taking precedence.
	RegionConfig RegionConfig

	// CACertificates contains an optional list of Certificate
	// Authority certificates to be used to validate certificates
	// of cloud infrastructure components
	// The contents are Base64 encoded x.509 certs.
	CACertificates []string

	// SkipTLSVerify is true if the client should be asked not to
	// validate certificates. It is not recommended for production clouds.
	// It is secure (false) by default.
	SkipTLSVerify bool

	// IsControllerCloud is true when this is the cloud used by the controller.
	IsControllerCloud bool

Cloud is a cloud definition.

func CloudByName

func CloudByName(name string) (*Cloud, error)

CloudByName returns the cloud with the specified name. If there exists no cloud with the specified name, an error satisfying errors.IsNotFound will be returned.

TODO(axw) write unit tests for this.

func ParseOneCloud

func ParseOneCloud(data []byte) (Cloud, error)

ParseOneCloud parses the given yaml bytes into a single Cloud metadata.

func UnmarshalCloud

func UnmarshalCloud(in []byte) (Cloud, error)

UnmarshalCloud unmarshals a Cloud from a byte array produced by MarshalCloud.

type CloudCredential

type CloudCredential struct {
	// DefaultCredential is the named credential to use by default.
	DefaultCredential string `yaml:"default-credential,omitempty"`

	// DefaultRegion is the cloud region to use by default.
	DefaultRegion string `yaml:"default-region,omitempty"`

	// AuthCredentials is the credentials for a cloud, keyed on name.
	AuthCredentials map[string]Credential `yaml:",omitempty,inline"`

CloudCredential contains attributes used to define credentials for a cloud.

func NewEmptyCloudCredential

func NewEmptyCloudCredential() *CloudCredential

NewEmptyCloudCredential returns a new CloudCredential with an empty default credential.

type Credential

type Credential struct {

	// Revoked is true if the credential has been revoked.
	Revoked bool

	// Label is optionally set to describe the credentials to a user.
	Label string

	// Invalid is true if the credential is invalid.
	Invalid bool

	// InvalidReason contains the reason why a credential was flagged as invalid.
	// It is expected that this string will be empty when a credential is valid.
	InvalidReason string
	// contains filtered or unexported fields

Credential instances represent cloud credentials.

func ExpandFilePathsOfCredential

func ExpandFilePathsOfCredential(
	cred Credential,
	schemas map[AuthType]CredentialSchema,
) (Credential, error)

ExpandFilePathsOfCredential iterates over the credential schema attributes and checks if the credential attribute has the ExpandFilePath flag set. If so the value of the credential attribute will be interrupted as a file with it's contents replaced with that of the file.

func FinalizeCredential

func FinalizeCredential(
	credential Credential,
	schemas map[AuthType]CredentialSchema,
	readFile func(string) ([]byte, error),
) (*Credential, error)

FinalizeCredential finalizes a credential by matching it with one of the provided credential schemas, and reading any file attributes into their corresponding non-file attributes. This will also validate the credential.

If there is no schema with the matching auth-type, an error satisfying errors.IsNotSupported will be returned.

func NewCredential

func NewCredential(authType AuthType, attributes map[string]string) Credential

NewCredential returns a new, immutable, Credential with the supplied auth-type and attributes.

func NewEmptyCredential

func NewEmptyCredential() Credential

NewEmptyCredential returns a new Credential with the EmptyAuthType auth-type.

func NewNamedCredential

func NewNamedCredential(name string, authType AuthType, attributes map[string]string, revoked bool) Credential

NewNamedCredential returns an immutable Credential with the supplied properties.

func RemoveSecrets

func RemoveSecrets(
	credential Credential,
	schemas map[AuthType]CredentialSchema,
) (*Credential, error)

RemoveSecrets returns a copy of the given credential with secret fields removed.

func (Credential) Attributes

func (c Credential) Attributes() map[string]string

Attributes returns the credential attributes.

func (Credential) AuthType

func (c Credential) AuthType() AuthType

AuthType returns the authentication type.

func (Credential) MarshalJSON

func (c Credential) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface.

func (Credential) MarshalYAML

func (c Credential) MarshalYAML() (interface{}, error)

MarshalYAML implements the yaml.Marshaler interface.

func (*Credential) UnmarshalJSON

func (c *Credential) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the json.Unmarshaler interface.

func (*Credential) UnmarshalYAML

func (c *Credential) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML implements the yaml.Marshaler interface.

type CredentialAttr

type CredentialAttr struct {
	// Description is a human-readable description of the credential
	// attribute.
	Description string

	// Hidden controls whether or not the attribute value will be hidden
	// when being entered interactively. Regardless of this, all credential
	// attributes are provided only to the Juju controllers.
	Hidden bool

	// FileAttr is the name of an attribute that may be specified instead
	// of this one, which points to a file that will be read in and its
	// value used for this attribute.
	FileAttr string

	// FilePath is true if the value of this attribute is a file path. If
	// this is true, then the attribute value will be set to the contents
	// of the file when the credential is "finalized".
	FilePath bool

	// ExpandFilePath reads in the FilePath, validating the file path correctly.
	// If the file path is correct, it will then read and replace the path,
	// with the associated content. The contents of the file in "finalized" will
	// be the file contents, not the filepath.
	ExpandFilePath bool

	// Optional controls whether the attribute is required to have a non-empty
	// value or not. Attributes default to mandatory.
	Optional bool

	// Options, if set, define the allowed values for this field.
	Options []interface{}

CredentialAttr describes the properties of a credential attribute.

type CredentialCollection

type CredentialCollection struct {
	Credentials map[string]interface{} `yaml:"credentials"`

CredentialCollection holds CloudCredential(s) that are lazily validated.

func ParseCredentialCollection

func ParseCredentialCollection(data []byte) (*CredentialCollection, error)

ParseCredentialCollection parses YAML bytes for the credential

func (*CredentialCollection) CloudCredential

func (c *CredentialCollection) CloudCredential(cloudName string) (*CloudCredential, error)

CloudCredential returns a copy of the CloudCredential for the specified cloud or an error when the CloudCredential was not found or failed to pass validation.

func (*CredentialCollection) CloudNames

func (c *CredentialCollection) CloudNames() []string

CloudNames returns the cloud names to which credentials inside the CredentialCollection belong.

func (*CredentialCollection) UpdateCloudCredential

func (c *CredentialCollection) UpdateCloudCredential(cloudName string, details CloudCredential)

UpdateCloudCredential stores a CloudCredential for a specific cloud.

type CredentialSchema

type CredentialSchema []NamedCredentialAttr

CredentialSchema describes the schema of a credential. Credential schemas are specific to cloud providers.

func (CredentialSchema) Attribute

func (s CredentialSchema) Attribute(name string) (*CredentialAttr, bool)

Attribute returns the named CredentialAttr value.

func (CredentialSchema) Finalize

func (s CredentialSchema) Finalize(
	attrs map[string]string,
	readFile func(string) ([]byte, error),
) (map[string]string, error)

Finalize finalizes the given credential attributes against the credential schema. If the attributes are invalid, Finalize will return an error.

An updated attribute map will be returned, having any file attributes deleted, and replaced by their non-file counterparts with the values set to the contents of the files.

type NamedCredentialAttr

type NamedCredentialAttr struct {
	// Name is the name of the credential value.
	Name string

	// CredentialAttr holds the properties of the credential value.

NamedCredentialAttr describes the properties of a named credential attribute.

type Region

type Region struct {
	// Name is the name of the region.
	Name string

	// Endpoint is the region's primary endpoint URL.
	Endpoint string

	// IdentityEndpoint is the region's identity endpoint URL.
	// If the cloud/region does not have an identity-specific
	// endpoint URL, this will be empty.
	IdentityEndpoint string

	// StorageEndpoint is the region's storage endpoint URL.
	// If the cloud/region does not have a storage-specific
	// endpoint URL, this will be empty.
	StorageEndpoint string

Region is a cloud region.

func RegionByName

func RegionByName(regions []Region, name string) (*Region, error)

RegionByName finds the region in the given slice with the specified name, with case folding.

func (Region) IsEmpty

func (r Region) IsEmpty() bool

IsEmpty indicates if it's an empty region.

type RegionConfig

type RegionConfig map[string]Attrs

RegionConfig holds a map of regions and the attributes that serve as the region specific configuration options. This allows model inheritance to function, providing a place to store configuration for a specific region which is passed down to other models under the same controller.

type ValidationWarning

type ValidationWarning struct {
	Messages []string

ValidationWarning are JSON schema validation errors used to warn users about potential schema violations

func (*ValidationWarning) Error

func (e *ValidationWarning) Error() string

type WhiteList

type WhiteList struct {
	// contains filtered or unexported fields

WhiteList contains a cloud compatibility matrix: if controller was bootstrapped on a particular cloud type, what other cloud types can be added to it.

func CurrentWhiteList

func CurrentWhiteList() *WhiteList

CurrentWhiteList returns current clouds whitelist supported by Juju.

func (*WhiteList) Check

func (w *WhiteList) Check(existing, new string) error

Check will err out if 'existing' controller cloud type is not compatible with a 'new' cloud type according to this white list.

func (*WhiteList) String

func (w *WhiteList) String() string

String constructs user friendly white list representation.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL