github.com/niedbalski/juju@v0.0.0-20190215020005-8ff100488e47/caas/kubernetes/provider/credentials.go (about) 1 // Copyright 2018 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package provider 5 6 import ( 7 "github.com/juju/errors" 8 9 "github.com/juju/juju/caas/kubernetes/clientconfig" 10 "github.com/juju/juju/cloud" 11 "github.com/juju/juju/environs" 12 ) 13 14 const ( 15 CredAttrUsername = "username" 16 CredAttrPassword = "password" 17 CredAttrClientCertificateData = "ClientCertificateData" 18 CredAttrClientKeyData = "ClientKeyData" 19 CredAttrToken = "Token" 20 ) 21 22 var k8sCredentialSchemas = map[cloud.AuthType]cloud.CredentialSchema{ 23 cloud.UserPassAuthType: { 24 { 25 Name: CredAttrUsername, 26 CredentialAttr: cloud.CredentialAttr{Description: "The username to authenticate with."}, 27 }, { 28 Name: CredAttrPassword, 29 CredentialAttr: cloud.CredentialAttr{ 30 Description: "The password for the specified username.", 31 Hidden: true, 32 }, 33 }, 34 }, 35 cloud.OAuth2WithCertAuthType: { 36 { 37 Name: CredAttrClientCertificateData, 38 CredentialAttr: cloud.CredentialAttr{ 39 Description: "the kubernetes certificate data", 40 }, 41 }, 42 { 43 Name: CredAttrClientKeyData, 44 CredentialAttr: cloud.CredentialAttr{ 45 Description: "the kubernetes private key data", 46 Hidden: true, 47 }, 48 }, 49 { 50 Name: CredAttrToken, 51 CredentialAttr: cloud.CredentialAttr{ 52 Description: "the kubernetes token", 53 Hidden: true, 54 }, 55 }, 56 }, 57 cloud.CertificateAuthType: { 58 { 59 Name: CredAttrClientCertificateData, 60 CredentialAttr: cloud.CredentialAttr{ 61 Description: "the kubernetes certificate data", 62 }, 63 }, 64 { 65 Name: CredAttrToken, 66 CredentialAttr: cloud.CredentialAttr{ 67 Description: "the kubernetes service account bearer token", 68 Hidden: true, 69 }, 70 }, 71 }, 72 } 73 74 type environProviderCredentials struct{} 75 76 // CredentialSchemas is part of the environs.ProviderCredentials interface. 77 func (environProviderCredentials) CredentialSchemas() map[cloud.AuthType]cloud.CredentialSchema { 78 return k8sCredentialSchemas 79 } 80 81 func (environProviderCredentials) supportedAuthTypes() cloud.AuthTypes { 82 var ats cloud.AuthTypes 83 for k := range k8sCredentialSchemas { 84 ats = append(ats, k) 85 } 86 return ats 87 } 88 89 // DetectCredentials is part of the environs.ProviderCredentials interface. 90 func (environProviderCredentials) DetectCredentials() (*cloud.CloudCredential, error) { 91 clientConfigFunc, err := clientconfig.NewClientConfigReader("kubernetes") 92 if err != nil { 93 return nil, errors.Trace(err) 94 } 95 caasConfig, err := clientConfigFunc(nil, "", "", nil) 96 if err != nil { 97 return nil, errors.Trace(err) 98 } 99 100 if len(caasConfig.Contexts) == 0 { 101 return nil, errors.NotFoundf("k8s cluster definitions") 102 } 103 104 defaultContext := caasConfig.Contexts[caasConfig.CurrentContext] 105 result := &cloud.CloudCredential{ 106 AuthCredentials: caasConfig.Credentials, 107 DefaultCredential: defaultContext.CredentialName, 108 } 109 return result, nil 110 } 111 112 // FinalizeCredential is part of the environs.ProviderCredentials interface. 113 func (environProviderCredentials) FinalizeCredential(_ environs.FinalizeCredentialContext, args environs.FinalizeCredentialParams) (*cloud.Credential, error) { 114 return &args.Credential, nil 115 }