263 lines
11 KiB
Go
263 lines
11 KiB
Go
/*
|
|
Copyright 2014 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package api
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"k8s.io/apimachinery/pkg/runtime"
|
|
)
|
|
|
|
// Where possible, json tags match the cli argument names.
|
|
// Top level config objects and all values required for proper functioning are not "omitempty". Any truly optional piece of config is allowed to be omitted.
|
|
|
|
// Config holds the information needed to build connect to remote kubernetes clusters as a given user
|
|
// IMPORTANT if you add fields to this struct, please update IsConfigEmpty()
|
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
type Config struct {
|
|
// Legacy field from pkg/api/types.go TypeMeta.
|
|
// TODO(jlowdermilk): remove this after eliminating downstream dependencies.
|
|
// +optional
|
|
Kind string `json:"kind,omitempty"`
|
|
// Legacy field from pkg/api/types.go TypeMeta.
|
|
// TODO(jlowdermilk): remove this after eliminating downstream dependencies.
|
|
// +optional
|
|
APIVersion string `json:"apiVersion,omitempty"`
|
|
// Preferences holds general information to be use for cli interactions
|
|
Preferences Preferences `json:"preferences"`
|
|
// Clusters is a map of referencable names to cluster configs
|
|
Clusters map[string]*Cluster `json:"clusters"`
|
|
// AuthInfos is a map of referencable names to user configs
|
|
AuthInfos map[string]*AuthInfo `json:"users"`
|
|
// Contexts is a map of referencable names to context configs
|
|
Contexts map[string]*Context `json:"contexts"`
|
|
// CurrentContext is the name of the context that you would like to use by default
|
|
CurrentContext string `json:"current-context"`
|
|
// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
|
|
// +optional
|
|
Extensions map[string]runtime.Object `json:"extensions,omitempty"`
|
|
}
|
|
|
|
// IMPORTANT if you add fields to this struct, please update IsConfigEmpty()
|
|
type Preferences struct {
|
|
// +optional
|
|
Colors bool `json:"colors,omitempty"`
|
|
// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
|
|
// +optional
|
|
Extensions map[string]runtime.Object `json:"extensions,omitempty"`
|
|
}
|
|
|
|
// Cluster contains information about how to communicate with a kubernetes cluster
|
|
type Cluster struct {
|
|
// LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized.
|
|
LocationOfOrigin string
|
|
// Server is the address of the kubernetes cluster (https://hostname:port).
|
|
Server string `json:"server"`
|
|
// InsecureSkipTLSVerify skips the validity check for the server's certificate. This will make your HTTPS connections insecure.
|
|
// +optional
|
|
InsecureSkipTLSVerify bool `json:"insecure-skip-tls-verify,omitempty"`
|
|
// CertificateAuthority is the path to a cert file for the certificate authority.
|
|
// +optional
|
|
CertificateAuthority string `json:"certificate-authority,omitempty"`
|
|
// CertificateAuthorityData contains PEM-encoded certificate authority certificates. Overrides CertificateAuthority
|
|
// +optional
|
|
CertificateAuthorityData []byte `json:"certificate-authority-data,omitempty"`
|
|
// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
|
|
// +optional
|
|
Extensions map[string]runtime.Object `json:"extensions,omitempty"`
|
|
}
|
|
|
|
// AuthInfo contains information that describes identity information. This is use to tell the kubernetes cluster who you are.
|
|
type AuthInfo struct {
|
|
// LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized.
|
|
LocationOfOrigin string
|
|
// ClientCertificate is the path to a client cert file for TLS.
|
|
// +optional
|
|
ClientCertificate string `json:"client-certificate,omitempty"`
|
|
// ClientCertificateData contains PEM-encoded data from a client cert file for TLS. Overrides ClientCertificate
|
|
// +optional
|
|
ClientCertificateData []byte `json:"client-certificate-data,omitempty"`
|
|
// ClientKey is the path to a client key file for TLS.
|
|
// +optional
|
|
ClientKey string `json:"client-key,omitempty"`
|
|
// ClientKeyData contains PEM-encoded data from a client key file for TLS. Overrides ClientKey
|
|
// +optional
|
|
ClientKeyData []byte `json:"client-key-data,omitempty"`
|
|
// Token is the bearer token for authentication to the kubernetes cluster.
|
|
// +optional
|
|
Token string `json:"token,omitempty"`
|
|
// TokenFile is a pointer to a file that contains a bearer token (as described above). If both Token and TokenFile are present, Token takes precedence.
|
|
// +optional
|
|
TokenFile string `json:"tokenFile,omitempty"`
|
|
// Impersonate is the username to act-as.
|
|
// +optional
|
|
Impersonate string `json:"act-as,omitempty"`
|
|
// ImpersonateGroups is the groups to imperonate.
|
|
// +optional
|
|
ImpersonateGroups []string `json:"act-as-groups,omitempty"`
|
|
// ImpersonateUserExtra contains additional information for impersonated user.
|
|
// +optional
|
|
ImpersonateUserExtra map[string][]string `json:"act-as-user-extra,omitempty"`
|
|
// Username is the username for basic authentication to the kubernetes cluster.
|
|
// +optional
|
|
Username string `json:"username,omitempty"`
|
|
// Password is the password for basic authentication to the kubernetes cluster.
|
|
// +optional
|
|
Password string `json:"password,omitempty"`
|
|
// AuthProvider specifies a custom authentication plugin for the kubernetes cluster.
|
|
// +optional
|
|
AuthProvider *AuthProviderConfig `json:"auth-provider,omitempty"`
|
|
// Exec specifies a custom exec-based authentication plugin for the kubernetes cluster.
|
|
// +optional
|
|
Exec *ExecConfig `json:"exec,omitempty"`
|
|
// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
|
|
// +optional
|
|
Extensions map[string]runtime.Object `json:"extensions,omitempty"`
|
|
}
|
|
|
|
// Context is a tuple of references to a cluster (how do I communicate with a kubernetes cluster), a user (how do I identify myself), and a namespace (what subset of resources do I want to work with)
|
|
type Context struct {
|
|
// LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized.
|
|
LocationOfOrigin string
|
|
// Cluster is the name of the cluster for this context
|
|
Cluster string `json:"cluster"`
|
|
// AuthInfo is the name of the authInfo for this context
|
|
AuthInfo string `json:"user"`
|
|
// Namespace is the default namespace to use on unspecified requests
|
|
// +optional
|
|
Namespace string `json:"namespace,omitempty"`
|
|
// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
|
|
// +optional
|
|
Extensions map[string]runtime.Object `json:"extensions,omitempty"`
|
|
}
|
|
|
|
// AuthProviderConfig holds the configuration for a specified auth provider.
|
|
type AuthProviderConfig struct {
|
|
Name string `json:"name"`
|
|
// +optional
|
|
Config map[string]string `json:"config,omitempty"`
|
|
}
|
|
|
|
var _ fmt.Stringer = new(AuthProviderConfig)
|
|
var _ fmt.GoStringer = new(AuthProviderConfig)
|
|
|
|
// GoString implements fmt.GoStringer and sanitizes sensitive fields of
|
|
// AuthProviderConfig to prevent accidental leaking via logs.
|
|
func (c AuthProviderConfig) GoString() string {
|
|
return c.String()
|
|
}
|
|
|
|
// String implements fmt.Stringer and sanitizes sensitive fields of
|
|
// AuthProviderConfig to prevent accidental leaking via logs.
|
|
func (c AuthProviderConfig) String() string {
|
|
cfg := "<nil>"
|
|
if c.Config != nil {
|
|
cfg = "--- REDACTED ---"
|
|
}
|
|
return fmt.Sprintf("api.AuthProviderConfig{Name: %q, Config: map[string]string{%s}}", c.Name, cfg)
|
|
}
|
|
|
|
// ExecConfig specifies a command to provide client credentials. The command is exec'd
|
|
// and outputs structured stdout holding credentials.
|
|
//
|
|
// See the client.authentiction.k8s.io API group for specifications of the exact input
|
|
// and output format
|
|
type ExecConfig struct {
|
|
// Command to execute.
|
|
Command string `json:"command"`
|
|
// Arguments to pass to the command when executing it.
|
|
// +optional
|
|
Args []string `json:"args"`
|
|
// Env defines additional environment variables to expose to the process. These
|
|
// are unioned with the host's environment, as well as variables client-go uses
|
|
// to pass argument to the plugin.
|
|
// +optional
|
|
Env []ExecEnvVar `json:"env"`
|
|
|
|
// Preferred input version of the ExecInfo. The returned ExecCredentials MUST use
|
|
// the same encoding version as the input.
|
|
APIVersion string `json:"apiVersion,omitempty"`
|
|
}
|
|
|
|
var _ fmt.Stringer = new(ExecConfig)
|
|
var _ fmt.GoStringer = new(ExecConfig)
|
|
|
|
// GoString implements fmt.GoStringer and sanitizes sensitive fields of
|
|
// ExecConfig to prevent accidental leaking via logs.
|
|
func (c ExecConfig) GoString() string {
|
|
return c.String()
|
|
}
|
|
|
|
// String implements fmt.Stringer and sanitizes sensitive fields of ExecConfig
|
|
// to prevent accidental leaking via logs.
|
|
func (c ExecConfig) String() string {
|
|
var args []string
|
|
if len(c.Args) > 0 {
|
|
args = []string{"--- REDACTED ---"}
|
|
}
|
|
env := "[]ExecEnvVar(nil)"
|
|
if len(c.Env) > 0 {
|
|
env = "[]ExecEnvVar{--- REDACTED ---}"
|
|
}
|
|
return fmt.Sprintf("api.AuthProviderConfig{Command: %q, Args: %#v, Env: %s, APIVersion: %q}", c.Command, args, env, c.APIVersion)
|
|
}
|
|
|
|
// ExecEnvVar is used for setting environment variables when executing an exec-based
|
|
// credential plugin.
|
|
type ExecEnvVar struct {
|
|
Name string `json:"name"`
|
|
Value string `json:"value"`
|
|
}
|
|
|
|
// NewConfig is a convenience function that returns a new Config object with non-nil maps
|
|
func NewConfig() *Config {
|
|
return &Config{
|
|
Preferences: *NewPreferences(),
|
|
Clusters: make(map[string]*Cluster),
|
|
AuthInfos: make(map[string]*AuthInfo),
|
|
Contexts: make(map[string]*Context),
|
|
Extensions: make(map[string]runtime.Object),
|
|
}
|
|
}
|
|
|
|
// NewContext is a convenience function that returns a new Context
|
|
// object with non-nil maps
|
|
func NewContext() *Context {
|
|
return &Context{Extensions: make(map[string]runtime.Object)}
|
|
}
|
|
|
|
// NewCluster is a convenience function that returns a new Cluster
|
|
// object with non-nil maps
|
|
func NewCluster() *Cluster {
|
|
return &Cluster{Extensions: make(map[string]runtime.Object)}
|
|
}
|
|
|
|
// NewAuthInfo is a convenience function that returns a new AuthInfo
|
|
// object with non-nil maps
|
|
func NewAuthInfo() *AuthInfo {
|
|
return &AuthInfo{
|
|
Extensions: make(map[string]runtime.Object),
|
|
ImpersonateUserExtra: make(map[string][]string),
|
|
}
|
|
}
|
|
|
|
// NewPreferences is a convenience function that returns a new
|
|
// Preferences object with non-nil maps
|
|
func NewPreferences() *Preferences {
|
|
return &Preferences{Extensions: make(map[string]runtime.Object)}
|
|
}
|