2019-01-18 01:50:10 +00:00
/ *
Copyright 2014 The Kubernetes Authors .
Licensed under the Apache License , Version 2.0 ( the "License" ) ;
you may not use this file except in compliance with the License .
You may obtain a copy of the License at
http : //www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing , software
distributed under the License is distributed on an "AS IS" BASIS ,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND , either express or implied .
See the License for the specific language governing permissions and
limitations under the License .
* /
package api
import (
2019-05-03 10:50:21 +00:00
"fmt"
2019-01-18 01:50:10 +00:00
"k8s.io/apimachinery/pkg/runtime"
)
// Where possible, json tags match the cli argument names.
// Top level config objects and all values required for proper functioning are not "omitempty". Any truly optional piece of config is allowed to be omitted.
// Config holds the information needed to build connect to remote kubernetes clusters as a given user
// IMPORTANT if you add fields to this struct, please update IsConfigEmpty()
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type Config struct {
// Legacy field from pkg/api/types.go TypeMeta.
// TODO(jlowdermilk): remove this after eliminating downstream dependencies.
2021-05-15 10:08:31 +00:00
// +k8s:conversion-gen=false
2019-01-18 01:50:10 +00:00
// +optional
Kind string ` json:"kind,omitempty" `
// Legacy field from pkg/api/types.go TypeMeta.
// TODO(jlowdermilk): remove this after eliminating downstream dependencies.
2021-05-15 10:08:31 +00:00
// +k8s:conversion-gen=false
2019-01-18 01:50:10 +00:00
// +optional
APIVersion string ` json:"apiVersion,omitempty" `
// Preferences holds general information to be use for cli interactions
Preferences Preferences ` json:"preferences" `
// Clusters is a map of referencable names to cluster configs
Clusters map [ string ] * Cluster ` json:"clusters" `
// AuthInfos is a map of referencable names to user configs
AuthInfos map [ string ] * AuthInfo ` json:"users" `
// Contexts is a map of referencable names to context configs
Contexts map [ string ] * Context ` json:"contexts" `
// CurrentContext is the name of the context that you would like to use by default
CurrentContext string ` json:"current-context" `
// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
// +optional
Extensions map [ string ] runtime . Object ` json:"extensions,omitempty" `
}
// IMPORTANT if you add fields to this struct, please update IsConfigEmpty()
type Preferences struct {
// +optional
Colors bool ` json:"colors,omitempty" `
// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
// +optional
Extensions map [ string ] runtime . Object ` json:"extensions,omitempty" `
}
// Cluster contains information about how to communicate with a kubernetes cluster
type Cluster struct {
// LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized.
2021-05-15 10:08:31 +00:00
// +k8s:conversion-gen=false
2019-01-18 01:50:10 +00:00
LocationOfOrigin string
// Server is the address of the kubernetes cluster (https://hostname:port).
Server string ` json:"server" `
2021-05-15 10:08:31 +00:00
// TLSServerName is used to check server certificate. If TLSServerName is empty, the hostname used to contact the server is used.
// +optional
TLSServerName string ` json:"tls-server-name,omitempty" `
2019-01-18 01:50:10 +00:00
// InsecureSkipTLSVerify skips the validity check for the server's certificate. This will make your HTTPS connections insecure.
// +optional
InsecureSkipTLSVerify bool ` json:"insecure-skip-tls-verify,omitempty" `
// CertificateAuthority is the path to a cert file for the certificate authority.
// +optional
CertificateAuthority string ` json:"certificate-authority,omitempty" `
// CertificateAuthorityData contains PEM-encoded certificate authority certificates. Overrides CertificateAuthority
// +optional
CertificateAuthorityData [ ] byte ` json:"certificate-authority-data,omitempty" `
2021-05-15 10:08:31 +00:00
// ProxyURL is the URL to the proxy to be used for all requests made by this
// client. URLs with "http", "https", and "socks5" schemes are supported. If
// this configuration is not provided or the empty string, the client
// attempts to construct a proxy configuration from http_proxy and
// https_proxy environment variables. If these environment variables are not
// set, the client does not attempt to proxy requests.
//
// socks5 proxying does not currently support spdy streaming endpoints (exec,
// attach, port forward).
// +optional
ProxyURL string ` json:"proxy-url,omitempty" `
2019-01-18 01:50:10 +00:00
// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
// +optional
Extensions map [ string ] runtime . Object ` json:"extensions,omitempty" `
}
// AuthInfo contains information that describes identity information. This is use to tell the kubernetes cluster who you are.
type AuthInfo struct {
// LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized.
2021-05-15 10:08:31 +00:00
// +k8s:conversion-gen=false
2019-01-18 01:50:10 +00:00
LocationOfOrigin string
// ClientCertificate is the path to a client cert file for TLS.
// +optional
ClientCertificate string ` json:"client-certificate,omitempty" `
// ClientCertificateData contains PEM-encoded data from a client cert file for TLS. Overrides ClientCertificate
// +optional
ClientCertificateData [ ] byte ` json:"client-certificate-data,omitempty" `
// ClientKey is the path to a client key file for TLS.
// +optional
ClientKey string ` json:"client-key,omitempty" `
// ClientKeyData contains PEM-encoded data from a client key file for TLS. Overrides ClientKey
// +optional
2021-05-15 10:08:31 +00:00
ClientKeyData [ ] byte ` json:"client-key-data,omitempty" datapolicy:"security-key" `
2019-01-18 01:50:10 +00:00
// Token is the bearer token for authentication to the kubernetes cluster.
// +optional
2021-05-15 10:08:31 +00:00
Token string ` json:"token,omitempty" datapolicy:"token" `
2019-01-18 01:50:10 +00:00
// TokenFile is a pointer to a file that contains a bearer token (as described above). If both Token and TokenFile are present, Token takes precedence.
// +optional
TokenFile string ` json:"tokenFile,omitempty" `
// Impersonate is the username to act-as.
// +optional
Impersonate string ` json:"act-as,omitempty" `
// ImpersonateGroups is the groups to imperonate.
// +optional
ImpersonateGroups [ ] string ` json:"act-as-groups,omitempty" `
// ImpersonateUserExtra contains additional information for impersonated user.
// +optional
ImpersonateUserExtra map [ string ] [ ] string ` json:"act-as-user-extra,omitempty" `
// Username is the username for basic authentication to the kubernetes cluster.
// +optional
Username string ` json:"username,omitempty" `
// Password is the password for basic authentication to the kubernetes cluster.
// +optional
2021-05-15 10:08:31 +00:00
Password string ` json:"password,omitempty" datapolicy:"password" `
2019-01-18 01:50:10 +00:00
// AuthProvider specifies a custom authentication plugin for the kubernetes cluster.
// +optional
AuthProvider * AuthProviderConfig ` json:"auth-provider,omitempty" `
// Exec specifies a custom exec-based authentication plugin for the kubernetes cluster.
// +optional
Exec * ExecConfig ` json:"exec,omitempty" `
// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
// +optional
Extensions map [ string ] runtime . Object ` json:"extensions,omitempty" `
}
// Context is a tuple of references to a cluster (how do I communicate with a kubernetes cluster), a user (how do I identify myself), and a namespace (what subset of resources do I want to work with)
type Context struct {
// LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized.
2021-05-15 10:08:31 +00:00
// +k8s:conversion-gen=false
2019-01-18 01:50:10 +00:00
LocationOfOrigin string
// Cluster is the name of the cluster for this context
Cluster string ` json:"cluster" `
// AuthInfo is the name of the authInfo for this context
AuthInfo string ` json:"user" `
// Namespace is the default namespace to use on unspecified requests
// +optional
Namespace string ` json:"namespace,omitempty" `
// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
// +optional
Extensions map [ string ] runtime . Object ` json:"extensions,omitempty" `
}
// AuthProviderConfig holds the configuration for a specified auth provider.
type AuthProviderConfig struct {
Name string ` json:"name" `
// +optional
Config map [ string ] string ` json:"config,omitempty" `
}
2019-05-03 10:50:21 +00:00
var _ fmt . Stringer = new ( AuthProviderConfig )
var _ fmt . GoStringer = new ( AuthProviderConfig )
// GoString implements fmt.GoStringer and sanitizes sensitive fields of
// AuthProviderConfig to prevent accidental leaking via logs.
func ( c AuthProviderConfig ) GoString ( ) string {
return c . String ( )
}
// String implements fmt.Stringer and sanitizes sensitive fields of
// AuthProviderConfig to prevent accidental leaking via logs.
func ( c AuthProviderConfig ) String ( ) string {
cfg := "<nil>"
if c . Config != nil {
cfg = "--- REDACTED ---"
}
return fmt . Sprintf ( "api.AuthProviderConfig{Name: %q, Config: map[string]string{%s}}" , c . Name , cfg )
}
2019-01-18 01:50:10 +00:00
// ExecConfig specifies a command to provide client credentials. The command is exec'd
// and outputs structured stdout holding credentials.
//
2021-05-15 10:08:31 +00:00
// See the client.authentication.k8s.io API group for specifications of the exact input
2019-01-18 01:50:10 +00:00
// and output format
type ExecConfig struct {
// Command to execute.
Command string ` json:"command" `
// Arguments to pass to the command when executing it.
// +optional
Args [ ] string ` json:"args" `
// Env defines additional environment variables to expose to the process. These
// are unioned with the host's environment, as well as variables client-go uses
// to pass argument to the plugin.
// +optional
Env [ ] ExecEnvVar ` json:"env" `
// Preferred input version of the ExecInfo. The returned ExecCredentials MUST use
// the same encoding version as the input.
APIVersion string ` json:"apiVersion,omitempty" `
2021-05-15 10:08:31 +00:00
// This text is shown to the user when the executable doesn't seem to be
// present. For example, `brew install foo-cli` might be a good InstallHint for
// foo-cli on Mac OS systems.
InstallHint string ` json:"installHint,omitempty" `
// ProvideClusterInfo determines whether or not to provide cluster information,
// which could potentially contain very large CA data, to this exec plugin as a
// part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set
// to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for
// reading this environment variable.
ProvideClusterInfo bool ` json:"provideClusterInfo" `
// Config holds additional config data that is specific to the exec
// plugin with regards to the cluster being authenticated to.
//
// This data is sourced from the clientcmd Cluster object's extensions[exec] field:
//
// clusters:
// - name: my-cluster
// cluster:
// ...
// extensions:
// - name: client.authentication.k8s.io/exec # reserved extension name for per cluster exec config
// extension:
// audience: 06e3fbd18de8 # arbitrary config
//
// In some environments, the user config may be exactly the same across many clusters
// (i.e. call this exec plugin) minus some details that are specific to each cluster
// such as the audience. This field allows the per cluster config to be directly
// specified with the cluster info. Using this field to store secret data is not
// recommended as one of the prime benefits of exec plugins is that no secrets need
// to be stored directly in the kubeconfig.
// +k8s:conversion-gen=false
Config runtime . Object
2019-01-18 01:50:10 +00:00
}
2019-05-03 10:50:21 +00:00
var _ fmt . Stringer = new ( ExecConfig )
var _ fmt . GoStringer = new ( ExecConfig )
// GoString implements fmt.GoStringer and sanitizes sensitive fields of
// ExecConfig to prevent accidental leaking via logs.
func ( c ExecConfig ) GoString ( ) string {
return c . String ( )
}
// String implements fmt.Stringer and sanitizes sensitive fields of ExecConfig
// to prevent accidental leaking via logs.
func ( c ExecConfig ) String ( ) string {
var args [ ] string
if len ( c . Args ) > 0 {
args = [ ] string { "--- REDACTED ---" }
}
env := "[]ExecEnvVar(nil)"
if len ( c . Env ) > 0 {
env = "[]ExecEnvVar{--- REDACTED ---}"
}
2021-05-15 10:08:31 +00:00
config := "runtime.Object(nil)"
if c . Config != nil {
config = "runtime.Object(--- REDACTED ---)"
}
return fmt . Sprintf ( "api.ExecConfig{Command: %q, Args: %#v, Env: %s, APIVersion: %q, ProvideClusterInfo: %t, Config: %s}" , c . Command , args , env , c . APIVersion , c . ProvideClusterInfo , config )
2019-05-03 10:50:21 +00:00
}
2019-01-18 01:50:10 +00:00
// ExecEnvVar is used for setting environment variables when executing an exec-based
// credential plugin.
type ExecEnvVar struct {
Name string ` json:"name" `
Value string ` json:"value" `
}
// NewConfig is a convenience function that returns a new Config object with non-nil maps
func NewConfig ( ) * Config {
return & Config {
Preferences : * NewPreferences ( ) ,
Clusters : make ( map [ string ] * Cluster ) ,
AuthInfos : make ( map [ string ] * AuthInfo ) ,
Contexts : make ( map [ string ] * Context ) ,
Extensions : make ( map [ string ] runtime . Object ) ,
}
}
// NewContext is a convenience function that returns a new Context
// object with non-nil maps
func NewContext ( ) * Context {
return & Context { Extensions : make ( map [ string ] runtime . Object ) }
}
// NewCluster is a convenience function that returns a new Cluster
// object with non-nil maps
func NewCluster ( ) * Cluster {
return & Cluster { Extensions : make ( map [ string ] runtime . Object ) }
}
// NewAuthInfo is a convenience function that returns a new AuthInfo
// object with non-nil maps
func NewAuthInfo ( ) * AuthInfo {
return & AuthInfo {
Extensions : make ( map [ string ] runtime . Object ) ,
ImpersonateUserExtra : make ( map [ string ] [ ] string ) ,
}
}
// NewPreferences is a convenience function that returns a new
// Preferences object with non-nil maps
func NewPreferences ( ) * Preferences {
return & Preferences { Extensions : make ( map [ string ] runtime . Object ) }
}