Documentation
¶
Index ¶
- func NewRestConfig(endpoint, caCert, token string) (*rest.Config, error)
- func TestConnection(ctx context.Context, endpoint, caCert, token string) error
- func ValidateIntegration(name, endpoint, caCert, bearerToken string) error
- type ConnectionValidationError
- type CreateIntegrationRequest
- type Integration
- type IntegrationStatus
- type Storage
- func (s *Storage) Create(ctx context.Context, req *CreateIntegrationRequest) (*Integration, error)
- func (s *Storage) Delete(ctx context.Context, id string) error
- func (s *Storage) Get(ctx context.Context, id string) (*Integration, error)
- func (s *Storage) List(ctx context.Context) ([]*Integration, error)
- func (s *Storage) Update(ctx context.Context, id string, req *UpdateIntegrationRequest) (*Integration, error)
- type UpdateIntegrationRequest
- type ValidationError
- type ValidationPhase
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewRestConfig ¶
NewRestConfig creates a REST config from integration credentials with rate limiting It builds an in-memory kubeconfig without file I/O Configures 50 QPS / 100 burst to prevent throttling in multi-cluster setups
func TestConnection ¶
TestConnection validates K8s API server reachability by attempting to list namespaces DEPRECATED: Use ValidateConnection() for phase-labeled error detection It creates a REST config, establishes a clientset, and performs a minimal API call
func ValidateIntegration ¶
ValidateIntegration validates integration credentials before storage It enforces HTTPS endpoints, PEM certificate format, and X.509 validity
Types ¶
type ConnectionValidationError ¶
type ConnectionValidationError struct {
Phase ValidationPhase
Message string
}
ConnectionValidationError represents a connection validation failure with phase context
func ValidateConnection ¶
func ValidateConnection(ctx context.Context, endpoint, caCert, token string) *ConnectionValidationError
ValidateConnection performs sequential validation: certificate → reachability → authentication Returns ConnectionValidationError with phase label on failure, nil on success Uses discovery.ServerVersion() for lightweight server check (no RBAC permissions required)
func (*ConnectionValidationError) Error ¶
func (e *ConnectionValidationError) Error() string
type CreateIntegrationRequest ¶
type CreateIntegrationRequest struct {
// Name is the human-readable name for this integration
Name string `json:"name"`
// Endpoint is the HTTPS URL of the Kubernetes API server
Endpoint string `json:"endpoint"`
// CACert is the CA certificate in PEM format
CACert string `json:"ca_cert"`
// BearerToken is the service account token
BearerToken string `json:"bearer_token"`
}
CreateIntegrationRequest represents the payload for creating a new integration
type Integration ¶
type Integration struct {
// ID is the unique identifier (UUID) for this integration
ID string `json:"id"`
// Name is the human-readable name for this integration
Name string `json:"name"`
// Endpoint is the HTTPS URL of the Kubernetes API server (e.g., https://cluster.example.com:6443)
Endpoint string `json:"endpoint"`
// CACert is the CA certificate in PEM format for verifying the API server's TLS certificate
CACert string `json:"ca_cert"`
// BearerToken is the service account token for authenticating with the API server
// SECURITY: This field is write-only - never returned in API responses (handled in Plan 02)
BearerToken string `json:"bearer_token,omitempty"`
// Status represents the current connection state
// Derived from LastError: empty = Connected, non-empty = Disconnected
Status IntegrationStatus `json:"status"`
// CreatedAt is the timestamp when this integration was created
CreatedAt time.Time `json:"created_at"`
// UpdatedAt is the timestamp when this integration was last modified
UpdatedAt time.Time `json:"updated_at"`
// LastError stores the most recent validation error message (empty if healthy)
// Only the message is stored, not the timestamp (per CONTEXT.md decision)
LastError string `json:"last_error,omitempty"`
// LastErrorPhase identifies which validation phase failed: "reachability", "certificate", "authentication"
// Empty string indicates no error (integration is healthy)
LastErrorPhase string `json:"last_error_phase,omitempty"`
}
Integration represents a Kubernetes cluster integration configuration
type IntegrationStatus ¶
type IntegrationStatus string
IntegrationStatus represents the current connection state of an integration
const ( // StatusPending indicates integration is created but not yet verified StatusPending IntegrationStatus = "Pending" // StatusConnected indicates integration is reachable and healthy StatusConnected IntegrationStatus = "Connected" // StatusDegraded indicates integration has intermittent connectivity issues StatusDegraded IntegrationStatus = "Degraded" // StatusDisconnected indicates integration is unreachable StatusDisconnected IntegrationStatus = "Disconnected" )
type Storage ¶
type Storage struct {
// contains filtered or unexported fields
}
Storage provides CRUD operations for Kubernetes integration credentials using NATS KV
func NewStorage ¶
NewStorage creates a new Storage instance with NATS KV persistence It creates or updates the "neuwerk-integrations" bucket with FileStorage and Replicas=1
func (*Storage) Create ¶
func (s *Storage) Create(ctx context.Context, req *CreateIntegrationRequest) (*Integration, error)
Create stores a new integration in NATS KV It generates a new UUID for the integration and checks for key conflicts
func (*Storage) Delete ¶
Delete removes an integration from NATS KV It verifies the integration exists before deleting
func (*Storage) List ¶
func (s *Storage) List(ctx context.Context) ([]*Integration, error)
List retrieves all integrations with the kubernetes: prefix from NATS KV It skips entries that fail to unmarshal (partial list return for resilience)
func (*Storage) Update ¶
func (s *Storage) Update(ctx context.Context, id string, req *UpdateIntegrationRequest) (*Integration, error)
Update modifies an existing integration in NATS KV It verifies the integration exists before updating
type UpdateIntegrationRequest ¶
type UpdateIntegrationRequest struct {
// Name is the human-readable name for this integration (optional - omitted to preserve existing)
Name string `json:"name,omitempty"`
// Endpoint is the HTTPS URL of the Kubernetes API server (optional - omitted to preserve existing)
Endpoint string `json:"endpoint,omitempty"`
// CACert is the CA certificate in PEM format (optional - omitted to preserve existing)
CACert string `json:"ca_cert,omitempty"`
// BearerToken is the service account token (optional - nil pointer preserves existing)
BearerToken *string `json:"bearer_token,omitempty"`
// Status is the connection status (optional - set by handlers after validation)
Status *IntegrationStatus `json:"status,omitempty"`
// LastError is the last validation error (optional - set by handlers after validation)
LastError *string `json:"last_error,omitempty"`
// LastErrorPhase is the validation phase that failed (optional - set by handlers after validation)
LastErrorPhase *string `json:"last_error_phase,omitempty"`
}
UpdateIntegrationRequest represents the payload for updating an existing integration
type ValidationError ¶
ValidationError represents a validation error with field context Follows the pattern from pkg/api/validation.go
func (*ValidationError) Error ¶
func (e *ValidationError) Error() string
type ValidationPhase ¶
type ValidationPhase string
ValidationPhase identifies which stage of connection validation failed
const ( PhaseReachability ValidationPhase = "reachability" PhaseCertificate ValidationPhase = "certificate" PhaseAuthentication ValidationPhase = "authentication" )
Source Files