k8s

package
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 25, 2026 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewRestConfig 

func NewRestConfig(endpoint, caCert, token string) (*rest.Config, error)

NewRestConfig creates a REST config from integration credentials with rate limiting It builds an in-memory kubeconfig without file I/O Configures 50 QPS / 100 burst to prevent throttling in multi-cluster setups

func TestConnection 

func TestConnection(ctx context.Context, endpoint, caCert, token string) error

TestConnection validates K8s API server reachability by attempting to list namespaces DEPRECATED: Use ValidateConnection() for phase-labeled error detection It creates a REST config, establishes a clientset, and performs a minimal API call

func ValidateIntegration 

func ValidateIntegration(name, endpoint, caCert, bearerToken string) error

ValidateIntegration validates integration credentials before storage It enforces HTTPS endpoints, PEM certificate format, and X.509 validity

Types

type ConnectionValidationError 

type ConnectionValidationError struct {
	Phase   ValidationPhase
	Message string
}

ConnectionValidationError represents a connection validation failure with phase context

func ValidateConnection 

func ValidateConnection(ctx context.Context, endpoint, caCert, token string) *ConnectionValidationError

ValidateConnection performs sequential validation: certificate → reachability → authentication Returns ConnectionValidationError with phase label on failure, nil on success Uses discovery.ServerVersion() for lightweight server check (no RBAC permissions required)

func (*ConnectionValidationError) Error 

func (e *ConnectionValidationError) Error() string

type CreateIntegrationRequest 

type CreateIntegrationRequest struct {
	// Name is the human-readable name for this integration
	Name string `json:"name"`
	// Endpoint is the HTTPS URL of the Kubernetes API server
	Endpoint string `json:"endpoint"`
	// CACert is the CA certificate in PEM format
	CACert string `json:"ca_cert"`
	// BearerToken is the service account token
	BearerToken string `json:"bearer_token"`
}

CreateIntegrationRequest represents the payload for creating a new integration

type Integration 

type Integration struct {
	// ID is the unique identifier (UUID) for this integration
	ID string `json:"id"`
	// Name is the human-readable name for this integration
	Name string `json:"name"`
	// Endpoint is the HTTPS URL of the Kubernetes API server (e.g., https://cluster.example.com:6443)
	Endpoint string `json:"endpoint"`
	// CACert is the CA certificate in PEM format for verifying the API server's TLS certificate
	CACert string `json:"ca_cert"`
	// BearerToken is the service account token for authenticating with the API server
	// SECURITY: This field is write-only - never returned in API responses (handled in Plan 02)
	BearerToken string `json:"bearer_token,omitempty"`
	// Status represents the current connection state
	// Derived from LastError: empty = Connected, non-empty = Disconnected
	Status IntegrationStatus `json:"status"`
	// CreatedAt is the timestamp when this integration was created
	CreatedAt time.Time `json:"created_at"`
	// UpdatedAt is the timestamp when this integration was last modified
	UpdatedAt time.Time `json:"updated_at"`
	// LastError stores the most recent validation error message (empty if healthy)
	// Only the message is stored, not the timestamp (per CONTEXT.md decision)
	LastError string `json:"last_error,omitempty"`
	// LastErrorPhase identifies which validation phase failed: "reachability", "certificate", "authentication"
	// Empty string indicates no error (integration is healthy)
	LastErrorPhase string `json:"last_error_phase,omitempty"`
}

Integration represents a Kubernetes cluster integration configuration

type IntegrationStatus 

type IntegrationStatus string

IntegrationStatus represents the current connection state of an integration 

const (
	// StatusPending indicates integration is created but not yet verified
	StatusPending IntegrationStatus = "Pending"
	// StatusConnected indicates integration is reachable and healthy
	StatusConnected IntegrationStatus = "Connected"
	// StatusDegraded indicates integration has intermittent connectivity issues
	StatusDegraded IntegrationStatus = "Degraded"
	// StatusDisconnected indicates integration is unreachable
	StatusDisconnected IntegrationStatus = "Disconnected"
)

type Storage 

type Storage struct {
	// contains filtered or unexported fields
}

Storage provides CRUD operations for Kubernetes integration credentials using NATS KV

func NewStorage 

func NewStorage(js jetstream.JetStream) (*Storage, error)

NewStorage creates a new Storage instance with NATS KV persistence It creates or updates the "neuwerk-integrations" bucket with FileStorage and Replicas=1

func (*Storage) Create 

func (s *Storage) Create(ctx context.Context, req *CreateIntegrationRequest) (*Integration, error)

Create stores a new integration in NATS KV It generates a new UUID for the integration and checks for key conflicts

func (*Storage) Delete 

func (s *Storage) Delete(ctx context.Context, id string) error

Delete removes an integration from NATS KV It verifies the integration exists before deleting

func (*Storage) Get 

func (s *Storage) Get(ctx context.Context, id string) (*Integration, error)

Get retrieves an integration by ID from NATS KV

func (*Storage) List 

func (s *Storage) List(ctx context.Context) ([]*Integration, error)

List retrieves all integrations with the kubernetes: prefix from NATS KV It skips entries that fail to unmarshal (partial list return for resilience)

func (*Storage) Update 

func (s *Storage) Update(ctx context.Context, id string, req *UpdateIntegrationRequest) (*Integration, error)

Update modifies an existing integration in NATS KV It verifies the integration exists before updating

type UpdateIntegrationRequest 

type UpdateIntegrationRequest struct {
	// Name is the human-readable name for this integration (optional - omitted to preserve existing)
	Name string `json:"name,omitempty"`
	// Endpoint is the HTTPS URL of the Kubernetes API server (optional - omitted to preserve existing)
	Endpoint string `json:"endpoint,omitempty"`
	// CACert is the CA certificate in PEM format (optional - omitted to preserve existing)
	CACert string `json:"ca_cert,omitempty"`
	// BearerToken is the service account token (optional - nil pointer preserves existing)
	BearerToken *string `json:"bearer_token,omitempty"`
	// Status is the connection status (optional - set by handlers after validation)
	Status *IntegrationStatus `json:"status,omitempty"`
	// LastError is the last validation error (optional - set by handlers after validation)
	LastError *string `json:"last_error,omitempty"`
	// LastErrorPhase is the validation phase that failed (optional - set by handlers after validation)
	LastErrorPhase *string `json:"last_error_phase,omitempty"`
}

UpdateIntegrationRequest represents the payload for updating an existing integration

type ValidationError 

type ValidationError struct {
	Field   string
	Message string
}

ValidationError represents a validation error with field context Follows the pattern from pkg/api/validation.go

func (*ValidationError) Error 

func (e *ValidationError) Error() string

type ValidationPhase 

type ValidationPhase string

ValidationPhase identifies which stage of connection validation failed 

const (
	PhaseReachability   ValidationPhase = "reachability"
	PhaseCertificate    ValidationPhase = "certificate"
	PhaseAuthentication ValidationPhase = "authentication"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.