api

package

v1.10.1 Latest Latest Go to latest Published: Dec 21, 2018 License: Apache-2.0 Imports: 3 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/sean-poem/dashboard

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func ShouldRejectRequest(url string) bool
type AuthManager
type AuthResponse
type AuthenticationMode
- func (self AuthenticationMode) String() string
type AuthenticationModes
- func ToAuthenticationModes(modes []string) AuthenticationModes
type Authenticator
type LoginModesResponse
type LoginSkippableResponse
type LoginSpec
type ProtectedResource
type TokenManager
type TokenRefreshSpec

Constants ¶

View Source

const (
	// Resource information that are used as encryption key storage. Can be accessible by multiple dashboard replicas.
	EncryptionKeyHolderName      = "kubernetes-dashboard-key-holder"
	EncryptionKeyHolderNamespace = "kube-system"

	// Resource information that are used as certificate storage for custom certificates used by the user.
	CertificateHolderSecretName      = "kubernetes-dashboard-certs"
	CertificateHolderSecretNamespace = "kube-system"

	// Expiration time (in seconds) of tokens generated by dashboard. Default: 15 min.
	DefaultTokenTTL = 900
)

Variables ¶

This section is empty.

Functions ¶

func ShouldRejectRequest ¶

func ShouldRejectRequest(url string) bool

ShouldRejectRequest returns true if url contains name and namespace of resource that should be filtered out from dashboard.

Types ¶

type AuthManager ¶

type AuthManager interface {
	// Login authenticates user based on provided LoginSpec and returns AuthResponse. AuthResponse contains
	// generated token and list of non-critical errors such as 'Failed authentication'.
	Login(*LoginSpec) (*AuthResponse, error)
	// Refresh takes valid token that hasn't expired yet and returns a new one with expiration time set to TokenTTL. In
	// case provided token has expired, token expiration error is returned.
	Refresh(string) (string, error)
	// AuthenticationModes returns array of auth modes supported by dashboard.
	AuthenticationModes() []AuthenticationMode
	// AuthenticationSkippable tells if the Skip button should be enabled or not
	AuthenticationSkippable() bool
}

AuthManager is used for user authentication management.

type AuthResponse ¶

type AuthResponse struct {
	// JWEToken is a token generated during login request that contains AuthInfo data in the payload.
	JWEToken string `json:"jweToken"`
	// Errors are a list of non-critical errors that happened during login request.
	Errors []error `json:"errors"`
}

AuthResponse is returned from our backend as a response for login/refresh requests. It contains generated JWEToken and a list of non-critical errors such as 'Failed authentication'.

type AuthenticationMode ¶

type AuthenticationMode string

AuthenticationMode represents auth mode supported by dashboard, i.e. basic.

const (
	Token AuthenticationMode = "token"
	Basic AuthenticationMode = "basic"
)

Authentication modes supported by dashboard should be defined below.

func (AuthenticationMode) String ¶

func (self AuthenticationMode) String() string

String returns string representation of auth mode.

type AuthenticationModes ¶

type AuthenticationModes map[AuthenticationMode]bool

AuthenticationModes represents auth modes supported by dashboard.

func ToAuthenticationModes ¶

func ToAuthenticationModes(modes []string) AuthenticationModes

ToAuthenticationModes transforms array of authentication mode strings to valid AuthenticationModes type.

func (AuthenticationModes) Add ¶

func (self AuthenticationModes) Add(mode AuthenticationMode)

Add adds given auth mode to AuthenticationModes map

func (AuthenticationModes) Array ¶

func (self AuthenticationModes) Array() []AuthenticationMode

Array returns array of auth modes supported by dashboard.

func (AuthenticationModes) IsEnabled ¶

func (self AuthenticationModes) IsEnabled(mode AuthenticationMode) bool

IsEnabled returns true if given auth mode is supported, false otherwise.

type Authenticator ¶

type Authenticator interface {
	// GetAuthInfo returns filled AuthInfo structure that can be used for K8S api client creation.
	GetAuthInfo() (api.AuthInfo, error)
}

Authenticator represents authentication methods supported by Dashboard. Currently supported types are:

Token based - Any bearer token accepted by apiserver
Basic - Username and password based authentication. Requires that apiserver has basic auth enabled also
Kubeconfig based - Authenticates user based on kubeconfig file. Only token/basic modes are supported within the kubeconfig file.

type LoginModesResponse ¶

type LoginModesResponse struct {
	Modes []AuthenticationMode `json:"modes"`
}

LoginModesResponse contains list of auth modes supported by dashboard.

type LoginSkippableResponse ¶ added in v1.10.0

type LoginSkippableResponse struct {
	Skippable bool `json:"skippable"`
}

LoginSkippableResponse contains a flag that tells the UI not to display the Skip button. Note that this only hides the button, it doesn't disable unauthenticated access.

type LoginSpec ¶

type LoginSpec struct {
	// Username is the username for basic authentication to the kubernetes cluster.
	Username string `json:"username"`
	// Password is the password for basic authentication to the kubernetes cluster.
	Password string `json:"password"`
	// Token is the bearer token for authentication to the kubernetes cluster.
	Token string `json:"token"`
	// KubeConfig is the content of users' kubeconfig file. It will be parsed and auth data will be extracted.
	// Kubeconfig can not contain any paths. All data has to be provided within the file.
	KubeConfig string `json:"kubeConfig"`
}

LoginSpec is extracted from request coming from Dashboard frontend during login request. It contains all the information required to authenticate user.

type ProtectedResource ¶ added in v1.10.1

type ProtectedResource struct {
	// ResourceName is a name of the protected resource.
	ResourceName string
	// ResourceNamespace is a namespace of the protected resource. Should be empty if resource is non-namespaced.
	ResourceNamespace string
}

ProtectedResource represents basic information about resource that should be filtered out from Dashboard UI.

type TokenManager ¶

type TokenManager interface {
	// Generate secure token based on AuthInfo structure and save it tokens' payload.
	Generate(api.AuthInfo) (string, error)
	// Decrypt generated token and return AuthInfo structure that will be used for K8S api client creation.
	Decrypt(string) (*api.AuthInfo, error)
	// Refresh returns refreshed token based on provided token. In case provided token has expired, token expiration
	// error is returned.
	Refresh(string) (string, error)
	// SetTokenTTL sets expiration time (in seconds) of generated tokens.
	SetTokenTTL(time.Duration)
}

TokenManager is responsible for generating and decrypting tokens used for authorization. Authorization is handled by K8S apiserver. Token contains AuthInfo structure used to create K8S api client.

type TokenRefreshSpec ¶

type TokenRefreshSpec struct {
	// JWEToken is a token generated during login request that contains AuthInfo data in the payload.
	JWEToken string `json:"jweToken"`
}

TokenRefreshSpec contains token that is required by token refresh operation.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL