Documentation
¶
Index ¶
- Constants
- func NewTokenCredential(ctx context.Context, opts ...auth.Option) azcore.TokenCredential
- type AKSClient
- type Environment
- type Implementation
- type Provider
- func (p Provider) GetAccessTokenOptionsForArtifactRepository(artifactRepository string) ([]auth.Option, error)
- func (Provider) GetAccessTokenOptionsForCluster(opts ...auth.Option) ([][]auth.Option, error)
- func (Provider) GetAudiences(context.Context, corev1.ServiceAccount) ([]string, error)
- func (Provider) GetIdentity(serviceAccount corev1.ServiceAccount) (string, error)
- func (Provider) GetName() string
- func (p Provider) NewArtifactRegistryCredentials(ctx context.Context, registry string, accessToken auth.Token, ...) (*auth.ArtifactRegistryCredentials, error)
- func (p Provider) NewControllerToken(ctx context.Context, opts ...auth.Option) (auth.Token, error)
- func (p Provider) NewRESTConfig(ctx context.Context, accessTokens []auth.Token, opts ...auth.Option) (*auth.RESTConfig, error)
- func (p Provider) NewTokenForServiceAccount(ctx context.Context, oidcToken string, serviceAccount corev1.ServiceAccount, ...) (auth.Token, error)
- func (Provider) ParseArtifactRepository(artifactRepository string) (string, error)
- type Token
Constants ¶
View Source
const ( // https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/service-principal-managed-identity?view=azure-devops#q-can-i-add-a-managed-identity-from-a-different-tenant-to-my-organization ScopeDevOps = "499b84ac-1321-427f-aa17-267ca6975798/.default" // https://github.com/Azure/azure-sdk-for-go/blob/f5dfe3b53fe63aacd3aeba948bbe21d961edf376/sdk/storage/azqueue/internal/shared/shared.go#L18 ScopeBlobStorage = "https://storage.azure.com/.default" // https://github.com/Azure/azure-sdk-for-go/blob/f5dfe3b53fe63aacd3aeba948bbe21d961edf376/sdk/messaging/azeventhubs/internal/sbauth/token_provider.go#L99 ScopeEventHubs = "https://eventhubs.azure.net//.default" )
View Source
const ProviderName = "azure"
ProviderName is the name of the Azure authentication provider.
Variables ¶
This section is empty.
Functions ¶
func NewTokenCredential ¶ added in v0.11.0
NewTokenCredential creates a new token credential for the given options.
Types ¶
type AKSClient ¶ added in v0.21.0
type AKSClient interface {
Get(ctx context.Context, resourceGroupName string, resourceName string, options *armcontainerservice.ManagedClustersClientGetOptions) (armcontainerservice.ManagedClustersClientGetResponse, error)
ListClusterUserCredentials(ctx context.Context, resourceGroupName string, resourceName string, options *armcontainerservice.ManagedClustersClientListClusterUserCredentialsOptions) (armcontainerservice.ManagedClustersClientListClusterUserCredentialsResponse, error)
}
AKSClient provides the required methods of the AKS client.
type Environment ¶ added in v0.24.0
type Environment struct {
ContainerRegistryDNSSuffix string `json:"containerRegistryDNSSuffix,omitempty"`
ResourceManagerEndpoint string `json:"resourceManagerEndpoint,omitempty"`
TokenAudience string `json:"tokenAudience,omitempty"`
}
Environment is used to read the Azure environment configuration from a JSON file, it is a subset of the struct defined in https://github.com/kubernetes-sigs/cloud-provider-azure/blob/e68bd888a7616d52f45f39238691f32821884120/pkg/azclient/cloud.go#L152-L185 with exact same field names and json annotations. We define this struct here for two reasons:
- We are not aware of any libraries we could import this struct from.
- We don't use all the fields defined in the original struct.
type Implementation ¶ added in v0.11.0
type Implementation interface {
NewDefaultAzureCredential(options *azidentity.DefaultAzureCredentialOptions) (azcore.TokenCredential, error)
NewDefaultAzureCredentialWithoutShellOut(options *azidentity.DefaultAzureCredentialOptions) (azcore.TokenCredential, error)
NewClientAssertionCredential(tenantID string, clientID string, getAssertion func(context.Context) (string, error), options *azidentity.ClientAssertionCredentialOptions) (azcore.TokenCredential, error)
ExchangeAADAccessTokenForACRRefreshToken(ctx context.Context, client *azcontainerregistry.AuthenticationClient, grantType azcontainerregistry.PostContentSchemaGrantType, service string, options *azcontainerregistry.AuthenticationClientExchangeAADAccessTokenForACRRefreshTokenOptions) (azcontainerregistry.AuthenticationClientExchangeAADAccessTokenForACRRefreshTokenResponse, error)
NewManagedClustersClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (AKSClient, error)
}
Implementation provides the required methods of the Azure libraries.
type Provider ¶ added in v0.11.0
type Provider struct{ Implementation }
Provider implements the auth.Provider interface for Azure authentication.
func (Provider) GetAccessTokenOptionsForArtifactRepository ¶ added in v0.21.0
func (p Provider) GetAccessTokenOptionsForArtifactRepository(artifactRepository string) ([]auth.Option, error)
GetAccessTokenOptionsForArtifactRepository implements auth.Provider.
func (Provider) GetAccessTokenOptionsForCluster ¶ added in v0.21.0
GetAccessTokenOptionsForCluster implements auth.Provider.
func (Provider) GetAudiences ¶ added in v0.21.0
GetAudiences implements auth.Provider.
func (Provider) GetIdentity ¶ added in v0.11.0
func (Provider) GetIdentity(serviceAccount corev1.ServiceAccount) (string, error)
GetIdentity implements auth.Provider.
func (Provider) NewArtifactRegistryCredentials ¶ added in v0.12.0
func (p Provider) NewArtifactRegistryCredentials(ctx context.Context, registry string, accessToken auth.Token, opts ...auth.Option) (*auth.ArtifactRegistryCredentials, error)
NewArtifactRegistryCredentials implements auth.Provider.
func (Provider) NewControllerToken ¶ added in v0.12.0
NewControllerToken implements auth.Provider.
func (Provider) NewRESTConfig ¶ added in v0.21.0
func (p Provider) NewRESTConfig(ctx context.Context, accessTokens []auth.Token, opts ...auth.Option) (*auth.RESTConfig, error)
NewRESTConfig implements auth.Provider.
type Token ¶ added in v0.11.0
type Token struct{ azcore.AccessToken }
Token is the Azure token.
func (*Token) GetDuration ¶ added in v0.11.0
GetDuration implements auth.Token.
Source Files
Click to show internal directories.
Click to hide internal directories.