a3bf13711c
I had to run `make generate`. Some API functions got additional parameters `Options` and `Context`. I used empty options and `context.TODO()` for now. Signed-off-by: leonnicolas <leonloechner@gmx.de>
232 lines
10 KiB
Go
232 lines
10 KiB
Go
/*
|
|
Copyright 2014 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package v1
|
|
|
|
import (
|
|
"k8s.io/apimachinery/pkg/runtime"
|
|
)
|
|
|
|
// Where possible, json tags match the cli argument names.
|
|
// Top level config objects and all values required for proper functioning are not "omitempty". Any truly optional piece of config is allowed to be omitted.
|
|
|
|
// Config holds the information needed to build connect to remote kubernetes clusters as a given user
|
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
type Config struct {
|
|
// Legacy field from pkg/api/types.go TypeMeta.
|
|
// TODO(jlowdermilk): remove this after eliminating downstream dependencies.
|
|
// +k8s:conversion-gen=false
|
|
// +optional
|
|
Kind string `json:"kind,omitempty"`
|
|
// Legacy field from pkg/api/types.go TypeMeta.
|
|
// TODO(jlowdermilk): remove this after eliminating downstream dependencies.
|
|
// +k8s:conversion-gen=false
|
|
// +optional
|
|
APIVersion string `json:"apiVersion,omitempty"`
|
|
// Preferences holds general information to be use for cli interactions
|
|
Preferences Preferences `json:"preferences"`
|
|
// Clusters is a map of referencable names to cluster configs
|
|
Clusters []NamedCluster `json:"clusters"`
|
|
// AuthInfos is a map of referencable names to user configs
|
|
AuthInfos []NamedAuthInfo `json:"users"`
|
|
// Contexts is a map of referencable names to context configs
|
|
Contexts []NamedContext `json:"contexts"`
|
|
// CurrentContext is the name of the context that you would like to use by default
|
|
CurrentContext string `json:"current-context"`
|
|
// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
|
|
// +optional
|
|
Extensions []NamedExtension `json:"extensions,omitempty"`
|
|
}
|
|
|
|
type Preferences struct {
|
|
// +optional
|
|
Colors bool `json:"colors,omitempty"`
|
|
// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
|
|
// +optional
|
|
Extensions []NamedExtension `json:"extensions,omitempty"`
|
|
}
|
|
|
|
// Cluster contains information about how to communicate with a kubernetes cluster
|
|
type Cluster struct {
|
|
// Server is the address of the kubernetes cluster (https://hostname:port).
|
|
Server string `json:"server"`
|
|
// TLSServerName is used to check server certificate. If TLSServerName is empty, the hostname used to contact the server is used.
|
|
// +optional
|
|
TLSServerName string `json:"tls-server-name,omitempty"`
|
|
// InsecureSkipTLSVerify skips the validity check for the server's certificate. This will make your HTTPS connections insecure.
|
|
// +optional
|
|
InsecureSkipTLSVerify bool `json:"insecure-skip-tls-verify,omitempty"`
|
|
// CertificateAuthority is the path to a cert file for the certificate authority.
|
|
// +optional
|
|
CertificateAuthority string `json:"certificate-authority,omitempty"`
|
|
// CertificateAuthorityData contains PEM-encoded certificate authority certificates. Overrides CertificateAuthority
|
|
// +optional
|
|
CertificateAuthorityData []byte `json:"certificate-authority-data,omitempty"`
|
|
// ProxyURL is the URL to the proxy to be used for all requests made by this
|
|
// client. URLs with "http", "https", and "socks5" schemes are supported. If
|
|
// this configuration is not provided or the empty string, the client
|
|
// attempts to construct a proxy configuration from http_proxy and
|
|
// https_proxy environment variables. If these environment variables are not
|
|
// set, the client does not attempt to proxy requests.
|
|
//
|
|
// socks5 proxying does not currently support spdy streaming endpoints (exec,
|
|
// attach, port forward).
|
|
// +optional
|
|
ProxyURL string `json:"proxy-url,omitempty"`
|
|
// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
|
|
// +optional
|
|
Extensions []NamedExtension `json:"extensions,omitempty"`
|
|
}
|
|
|
|
// AuthInfo contains information that describes identity information. This is use to tell the kubernetes cluster who you are.
|
|
type AuthInfo struct {
|
|
// ClientCertificate is the path to a client cert file for TLS.
|
|
// +optional
|
|
ClientCertificate string `json:"client-certificate,omitempty"`
|
|
// ClientCertificateData contains PEM-encoded data from a client cert file for TLS. Overrides ClientCertificate
|
|
// +optional
|
|
ClientCertificateData []byte `json:"client-certificate-data,omitempty"`
|
|
// ClientKey is the path to a client key file for TLS.
|
|
// +optional
|
|
ClientKey string `json:"client-key,omitempty"`
|
|
// ClientKeyData contains PEM-encoded data from a client key file for TLS. Overrides ClientKey
|
|
// +optional
|
|
ClientKeyData []byte `json:"client-key-data,omitempty" datapolicy:"security-key"`
|
|
// Token is the bearer token for authentication to the kubernetes cluster.
|
|
// +optional
|
|
Token string `json:"token,omitempty" datapolicy:"token"`
|
|
// TokenFile is a pointer to a file that contains a bearer token (as described above). If both Token and TokenFile are present, Token takes precedence.
|
|
// +optional
|
|
TokenFile string `json:"tokenFile,omitempty"`
|
|
// Impersonate is the username to imperonate. The name matches the flag.
|
|
// +optional
|
|
Impersonate string `json:"as,omitempty"`
|
|
// ImpersonateGroups is the groups to imperonate.
|
|
// +optional
|
|
ImpersonateGroups []string `json:"as-groups,omitempty"`
|
|
// ImpersonateUserExtra contains additional information for impersonated user.
|
|
// +optional
|
|
ImpersonateUserExtra map[string][]string `json:"as-user-extra,omitempty"`
|
|
// Username is the username for basic authentication to the kubernetes cluster.
|
|
// +optional
|
|
Username string `json:"username,omitempty"`
|
|
// Password is the password for basic authentication to the kubernetes cluster.
|
|
// +optional
|
|
Password string `json:"password,omitempty" datapolicy:"password"`
|
|
// AuthProvider specifies a custom authentication plugin for the kubernetes cluster.
|
|
// +optional
|
|
AuthProvider *AuthProviderConfig `json:"auth-provider,omitempty"`
|
|
// Exec specifies a custom exec-based authentication plugin for the kubernetes cluster.
|
|
// +optional
|
|
Exec *ExecConfig `json:"exec,omitempty"`
|
|
// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
|
|
// +optional
|
|
Extensions []NamedExtension `json:"extensions,omitempty"`
|
|
}
|
|
|
|
// Context is a tuple of references to a cluster (how do I communicate with a kubernetes cluster), a user (how do I identify myself), and a namespace (what subset of resources do I want to work with)
|
|
type Context struct {
|
|
// Cluster is the name of the cluster for this context
|
|
Cluster string `json:"cluster"`
|
|
// AuthInfo is the name of the authInfo for this context
|
|
AuthInfo string `json:"user"`
|
|
// Namespace is the default namespace to use on unspecified requests
|
|
// +optional
|
|
Namespace string `json:"namespace,omitempty"`
|
|
// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
|
|
// +optional
|
|
Extensions []NamedExtension `json:"extensions,omitempty"`
|
|
}
|
|
|
|
// NamedCluster relates nicknames to cluster information
|
|
type NamedCluster struct {
|
|
// Name is the nickname for this Cluster
|
|
Name string `json:"name"`
|
|
// Cluster holds the cluster information
|
|
Cluster Cluster `json:"cluster"`
|
|
}
|
|
|
|
// NamedContext relates nicknames to context information
|
|
type NamedContext struct {
|
|
// Name is the nickname for this Context
|
|
Name string `json:"name"`
|
|
// Context holds the context information
|
|
Context Context `json:"context"`
|
|
}
|
|
|
|
// NamedAuthInfo relates nicknames to auth information
|
|
type NamedAuthInfo struct {
|
|
// Name is the nickname for this AuthInfo
|
|
Name string `json:"name"`
|
|
// AuthInfo holds the auth information
|
|
AuthInfo AuthInfo `json:"user"`
|
|
}
|
|
|
|
// NamedExtension relates nicknames to extension information
|
|
type NamedExtension struct {
|
|
// Name is the nickname for this Extension
|
|
Name string `json:"name"`
|
|
// Extension holds the extension information
|
|
Extension runtime.RawExtension `json:"extension"`
|
|
}
|
|
|
|
// AuthProviderConfig holds the configuration for a specified auth provider.
|
|
type AuthProviderConfig struct {
|
|
Name string `json:"name"`
|
|
Config map[string]string `json:"config"`
|
|
}
|
|
|
|
// ExecConfig specifies a command to provide client credentials. The command is exec'd
|
|
// and outputs structured stdout holding credentials.
|
|
//
|
|
// See the client.authentication.k8s.io API group for specifications of the exact input
|
|
// and output format
|
|
type ExecConfig struct {
|
|
// Command to execute.
|
|
Command string `json:"command"`
|
|
// Arguments to pass to the command when executing it.
|
|
// +optional
|
|
Args []string `json:"args"`
|
|
// Env defines additional environment variables to expose to the process. These
|
|
// are unioned with the host's environment, as well as variables client-go uses
|
|
// to pass argument to the plugin.
|
|
// +optional
|
|
Env []ExecEnvVar `json:"env"`
|
|
|
|
// Preferred input version of the ExecInfo. The returned ExecCredentials MUST use
|
|
// the same encoding version as the input.
|
|
APIVersion string `json:"apiVersion,omitempty"`
|
|
|
|
// This text is shown to the user when the executable doesn't seem to be
|
|
// present. For example, `brew install foo-cli` might be a good InstallHint for
|
|
// foo-cli on Mac OS systems.
|
|
InstallHint string `json:"installHint,omitempty"`
|
|
|
|
// ProvideClusterInfo determines whether or not to provide cluster information,
|
|
// which could potentially contain very large CA data, to this exec plugin as a
|
|
// part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set
|
|
// to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for
|
|
// reading this environment variable.
|
|
ProvideClusterInfo bool `json:"provideClusterInfo"`
|
|
}
|
|
|
|
// ExecEnvVar is used for setting environment variables when executing an exec-based
|
|
// credential plugin.
|
|
type ExecEnvVar struct {
|
|
Name string `json:"name"`
|
|
Value string `json:"value"`
|
|
}
|