auth

package

v0.8.3 Latest Latest Go to latest Published: May 30, 2023 License: Apache-2.0 Imports: 11 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/liqotech/liqo

Links

Open Source Insights

Documentation ¶

Overview ¶

Package auth contains structures, interfaces and utility functions useful for both server and client authentication agents.

Index ¶

Constants
func GenerateToken() (string, error)
func GetToken(ctx context.Context, c client.Client, namespace string) (string, error)
func GetTokenFromSecret(secret *v1.Secret) (string, error)
type AWSIdentityInfo
type CertificateIdentityRequest
- func NewCertificateIdentityRequest(cluster discoveryv1alpha1.ClusterIdentity, originClusterToken, token string, ...) *CertificateIdentityRequest
type CertificateIdentityResponse
- func NewCertificateIdentityResponse(namespace string, identityResponse *responsetypes.SigningRequestResponse, ...) (*CertificateIdentityResponse, error)
- func (resp *CertificateIdentityResponse) HasAWSValues() bool
type ClusterInfo
type IdentityRequest
type ServiceAccountIdentityRequest

Constants ¶

View Source

const (
	// IdsURI is the path where to contact the Authentication Service to get the clusterID.
	IdsURI = "/ids"
	// IdentityURI is the path where to contact the Authentication Service
	// to have a ServiceAccont Identity.
	IdentityURI = "/identity"
	// CertIdentityURI is the path where to contact the Authentication Service
	// to have a Certificate Identity.
	CertIdentityURI = "/identity/certificate"
)

View Source

const (
	// TokenSecretName is the name of the secret containing the authentication token for the local cluster.
	TokenSecretName = "auth-token"
)

Variables ¶

This section is empty.

Functions ¶

func GenerateToken ¶ added in v0.3.0

func GenerateToken() (string, error)

GenerateToken generates a random authentication token.

func GetToken ¶ added in v0.3.0

func GetToken(ctx context.Context, c client.Client, namespace string) (string, error)

GetToken retrieves the token for the local cluster.

func GetTokenFromSecret ¶ added in v0.3.0

func GetTokenFromSecret(secret *v1.Secret) (string, error)

GetTokenFromSecret retrieves the token for the local cluster given its secret.

Types ¶

type AWSIdentityInfo ¶ added in v0.3.0

type AWSIdentityInfo struct {
	AccessKeyID     string `json:"accessKeyID"`
	SecretAccessKey string `json:"secretAccessKey"`
	Region          string `json:"region"`
	EKSClusterID    string `json:"eksClusterID"`
	IAMUserArn      string `json:"iamUserArn"`
}

AWSIdentityInfo contains the information required by a cluster to get a valied IAM-based identity.

type CertificateIdentityRequest ¶ added in v0.3.0

type CertificateIdentityRequest struct {
	ClusterIdentity discoveryv1alpha1.ClusterIdentity `json:"cluster"`
	// OriginClusterToken will be used by the remote cluster to obtain an identity to send us its ResourceOffers
	// and NetworkConfigs.
	OriginClusterToken        string `json:"originClusterToken,omitempty"`
	DestinationClusterToken   string `json:"destinationClusterToken"`
	CertificateSigningRequest string `json:"certificateSigningRequest"`
}

CertificateIdentityRequest is the request for a new certificate validation.

func NewCertificateIdentityRequest ¶ added in v0.3.0

func NewCertificateIdentityRequest(cluster discoveryv1alpha1.ClusterIdentity, originClusterToken, token string,
	certificateSigningRequest []byte) *CertificateIdentityRequest

NewCertificateIdentityRequest creates and returns a new CertificateIdentityRequest.

func (*CertificateIdentityRequest) GetClusterIdentity ¶ added in v0.4.0

func (certIdentityRequest *CertificateIdentityRequest) GetClusterIdentity() discoveryv1alpha1.ClusterIdentity

GetClusterIdentity returns the ClusterIdentity.

func (*CertificateIdentityRequest) GetPath ¶ added in v0.3.0

func (certIdentityRequest *CertificateIdentityRequest) GetPath() string

GetPath returns the absolute path of the endpoint to contact to send a new CertificateIdentityRequest.

func (*CertificateIdentityRequest) GetToken ¶ added in v0.3.0

func (certIdentityRequest *CertificateIdentityRequest) GetToken() string

GetToken returns the token.

type CertificateIdentityResponse ¶ added in v0.3.0

type CertificateIdentityResponse struct {
	Namespace    string `json:"namespace"`
	Certificate  string `json:"certificate,omitempty"`
	APIServerURL string `json:"apiServerUrl"`
	APIServerCA  string `json:"apiServerCA,omitempty"`

	AWSIdentityInfo AWSIdentityInfo `json:"aws,omitempty"`
}

CertificateIdentityResponse is the response on a certificate identity request.

func NewCertificateIdentityResponse ¶ added in v0.3.0

func NewCertificateIdentityResponse(
	namespace string, identityResponse *responsetypes.SigningRequestResponse,
	apiServerConfig apiserver.Config) (*CertificateIdentityResponse, error)

NewCertificateIdentityResponse makes a new CertificateIdentityResponse.

func (*CertificateIdentityResponse) HasAWSValues ¶ added in v0.3.0

func (resp *CertificateIdentityResponse) HasAWSValues() bool

HasAWSValues checks if the response has all the required AWS fields set.

type ClusterInfo ¶

type ClusterInfo struct {
	ClusterID   string `json:"clusterId"`
	ClusterName string `json:"clusterName,omitempty"`
}

ClusterInfo contains the information to be shared to a remote cluster to make the peering possible.

type IdentityRequest ¶

type IdentityRequest interface {
	GetClusterIdentity() discoveryv1alpha1.ClusterIdentity
	GetToken() string
	GetPath() string
}

IdentityRequest is the common interface for Certificate and ServiceAccount identity request.

type ServiceAccountIdentityRequest ¶ added in v0.3.0

type ServiceAccountIdentityRequest struct {
	ClusterIdentity discoveryv1alpha1.ClusterIdentity `json:"cluster"`
	Token           string                            `json:"token"`
}

ServiceAccountIdentityRequest is the request for a new ServiceAccount validation.

func (*ServiceAccountIdentityRequest) GetClusterIdentity ¶ added in v0.4.0

func (saIdentityRequest *ServiceAccountIdentityRequest) GetClusterIdentity() discoveryv1alpha1.ClusterIdentity

GetClusterIdentity returns the ClusterIdentity.

func (*ServiceAccountIdentityRequest) GetPath ¶ added in v0.3.0

func (saIdentityRequest *ServiceAccountIdentityRequest) GetPath() string

GetPath returns the absolute path of the endpoint to contact to send a new ServiceAccountIdentityRequest.

func (*ServiceAccountIdentityRequest) GetToken ¶ added in v0.3.0

func (saIdentityRequest *ServiceAccountIdentityRequest) GetToken() string

GetToken returns the token.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
errors Package errors contains error types definition and related functions used by the Liqo Auth package.	Package errors contains error types definition and related functions used by the Liqo Auth package.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL