-
Notifications
You must be signed in to change notification settings - Fork 53
/
agent_config.go
100 lines (88 loc) · 3.08 KB
/
agent_config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
package v1beta1
import (
"github.com/rancher/opni/pkg/config/meta"
"github.com/rancher/opni/pkg/tokens"
)
type AgentConfig struct {
meta.TypeMeta `json:",inline"`
Spec AgentConfigSpec `json:"spec,omitempty"`
}
type TrustStrategyKind string
const (
TrustStrategyPKP TrustStrategyKind = "pkp"
TrustStrategyCACerts TrustStrategyKind = "cacerts"
TrustStrategyInsecure TrustStrategyKind = "insecure"
)
type AgentConfigSpec struct {
// The address which the agent will listen on for incoming connections.
// This should be in the format "host:port" or ":port", and must not
// include a scheme.
ListenAddress string `json:"listenAddress,omitempty"`
// The address of the gateway's public GRPC API. This should be of the format
// "host:port" with no scheme.
GatewayAddress string `json:"gatewayAddress,omitempty"`
// The name of the identity provider to use. Defaults to "kubernetes".
IdentityProvider string `json:"identityProvider,omitempty"`
// The type of trust strategy to use for verifying the authenticity of the
// gateway server. Defaults to "pkp".
TrustStrategy TrustStrategyKind `json:"trustStrategy,omitempty"`
// Configuration for agent keyring storage.
Storage StorageSpec `json:"storage,omitempty"`
Rules *RulesSpec `json:"rules,omitempty"`
Bootstrap *BootstrapSpec `json:"bootstrap,omitempty"`
LogLevel string `json:"logLevel,omitempty"`
Plugins PluginsSpec `json:"plugins,omitempty"`
Keyring KeyringSpec `json:"keyring,omitempty"`
}
type BootstrapSpec struct {
// Address of the internal management GRPC API. Used for auto-bootstrapping
// when direct management api access is available, such as when running in
// the main cluster.
InClusterManagementAddress *string `json:"inClusterManagementAddress,omitempty"`
// An optional display name to assign to the cluster when creating it.
// This value corresponds to the label `opni.io/name`, and can be modified
// at any time after the cluster is created.
FriendlyName *string `json:"friendlyName,omitempty"`
// Bootstrap token
Token string `json:"token,omitempty"`
// List of public key pins. Used when the trust strategy is "pkp".
Pins []string `json:"pins,omitempty"`
// List of paths to CA Certs. Used when the trust strategy is "cacerts".
// If empty, the system certs will be used.
CACerts []string `json:"caCerts,omitempty"`
}
func (s *AgentConfigSpec) ContainsBootstrapCredentials() bool {
if s.Bootstrap == nil {
return false
}
if s.Bootstrap.InClusterManagementAddress != nil {
return s.Bootstrap.Token == "" &&
len(s.Bootstrap.Pins) == 0 &&
len(s.Bootstrap.CACerts) == 0
}
_, err := tokens.ParseHex(s.Bootstrap.Token)
if err != nil {
return false
}
switch s.TrustStrategy {
case TrustStrategyPKP:
return len(s.Bootstrap.Pins) > 0
case TrustStrategyCACerts:
return len(s.Bootstrap.CACerts) > 0
}
return false
}
func (s *AgentConfigSpec) SetDefaults() {
if s == nil {
return
}
if s.IdentityProvider == "" {
s.IdentityProvider = "kubernetes"
}
if s.ListenAddress == "" {
s.ListenAddress = ":8080"
}
if s.TrustStrategy == "" {
s.TrustStrategy = "pkp"
}
}