Documentation
¶
Overview ¶
Package utils contains small utility functions without much logic wrapping the major APIs of the core auth package for ease of use in the controllers. These functions also import the provider packages to wrap switch-case choice of provider implementations. Because of that, these functions cannot be placed in the core package as they would cause a cyclic dependency given that the provider packages also import the core package.
Index ¶
- func GetArtifactRegistryCredentials(ctx context.Context, providerName string, artifactRepository string, ...) (authn.Authenticator, error)
- func GetRESTConfig(ctx context.Context, kubeConfigRef meta.KubeConfigReference, namespace string, ...) (*rest.Config, error)
- func ProviderByName[T any](name string) (T, error)
- type GitCredentials
- type RESTConfigFetcher
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetArtifactRegistryCredentials ¶
func GetArtifactRegistryCredentials(ctx context.Context, providerName string, artifactRepository string, opts ...auth.Option) (authn.Authenticator, error)
GetArtifactRegistryCredentials retrieves the registry credentials for the specified artifact repository and provider.
func GetRESTConfig ¶ added in v0.21.0
func GetRESTConfig(ctx context.Context, kubeConfigRef meta.KubeConfigReference, namespace string, ctrlClient client.Client, opts ...auth.Option) (*rest.Config, error)
GetRESTConfig retrieves a *rest.Config for the given meta.KubeConfigReference, namespace, controller-runtime client and options. It's a convenience wrapper for auth.GetRESTConfig so controllers can pass a meta.KubeConfigReference object directly without converting it to auth.Option(s).
Additionally, the resulting *rest.Config will call auth.GetRESTConfig for every HTTP request to the remote cluster. This is needed for long-running operations that wait on resources until a potentially long timeout is reached, like kstatus health checks, and whatever Helm does. The timeout may be longer than a token's lifetime, so tokens can expire during such operations. auth.GetRESTConfig will create a fresh token if that happens.
With the resulting *rest.Config, if a cache is not set in the options, a fresh token will be created for every HTTP request sent to the remote cluster.
func ProviderByName ¶
ProviderByName looks up the implemented providers by name and type.
Types ¶
type GitCredentials ¶ added in v0.14.0
GitCredentials contains authentication data needed in order to access a Git repository.
func GetGitCredentials ¶ added in v0.14.0
func GetGitCredentials(ctx context.Context, providerName string, opts ...auth.Option) (*GitCredentials, error)
GetGitCredentials looks up by the implemented providers that support Git and returns the credentials for the provider.
type RESTConfigFetcher ¶ added in v0.21.0
type RESTConfigFetcher func(ctx context.Context, ref meta.KubeConfigReference, namespace string, ctrlClient client.Client) (*rest.Config, error)
RESTConfigFetcher is a function that retrieves a *rest.Config for a given meta.KubeConfigReference, a namespace, and a controller-runtime client.
func GetRESTConfigFetcher ¶ added in v0.21.0
func GetRESTConfigFetcher(opts ...auth.Option) RESTConfigFetcher
GetRESTConfigFetcher is a convenience function for controllers that use the runtime/client.(*Impersonator) to create controller-runtime clients. To keep runtime decoupled from auth, this function closes over the controller-provided options and returns a function that can be called by runtime without runtime needing to know about the type auth.Option. Usage example:
provider := authutils.GetRESTConfigFetcher(opts...) impersonatorOpts = append(impersonatorOpts, runtimeclient.WithKubeConfig(ref, kubeConfOpts, namespace, provider))
Controllers that don't use the runtime/client.(*Impersonator) can simply call GetRESTConfig directly, passing the options as variadic arguments.
Source Files