This repository has been archived by the owner on Mar 14, 2024. It is now read-only.
/
key_pairs_client.go
121 lines (92 loc) · 4.39 KB
/
key_pairs_client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
// Code generated by go-swagger; DO NOT EDIT.
package key_pairs
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"github.com/go-openapi/runtime"
strfmt "github.com/go-openapi/strfmt"
)
// New creates a new key pairs API client.
func New(transport runtime.ClientTransport, formats strfmt.Registry) *Client {
return &Client{transport: transport, formats: formats}
}
/*
Client for key pairs API
*/
type Client struct {
transport runtime.ClientTransport
formats strfmt.Registry
}
/*
AddKeyPair creates key pair
This operation allows to create a new key pair for accessing a specific cluster.
A key pair consists of an unencrypted private RSA key and an X.509 certificate. In addition, when obtaining a key pair for a cluster, the cluster's certificate authority file (CA certificate) is delivered, which is required by TLS clients to establish trust to the cluster.
In addition to the credentials itself, a key pair has some metadata like a unique ID, a creation timestamp and a free text `description` that you can use at will, for example to note for whom a key pair has been issued.
### Customizing the certificate's subject for K8s RBAC
It is possible to set the Common Name and Organization fields of the generated certificate's subject.
- `cn_prefix`: The certificate's common name uses this format: `<cn_prefix>.user.<clusterdomain>`.
`clusterdomain` is specific to your cluster and is not editable.
The `cn_prefix` however is editable. When left blank it will default
to the email address of the Giant Swarm user that is performing the
create key pair request.
The common name is used as the username for requests to the Kubernetes API. This allows you
to set up role-based access controls.
- `certificate_organizations`: This will set the certificate's `organization` fields. Use a comma separated list of values.
The Kubernetes API will use these values as group memberships.
__Note:__ The actual credentials coming with the key pair (key, certificate) can only be accessed once, as the result of the `POST` request that triggers their creation. This restriction exists to minimize the risk of credentials being leaked. If you fail to capture the credentials upon creation, you'll have to repeat the creation request.
*/
func (a *Client) AddKeyPair(params *AddKeyPairParams, authInfo runtime.ClientAuthInfoWriter) (*AddKeyPairOK, error) {
// TODO: Validate the params before sending
if params == nil {
params = NewAddKeyPairParams()
}
result, err := a.transport.Submit(&runtime.ClientOperation{
ID: "addKeyPair",
Method: "POST",
PathPattern: "/v4/clusters/{cluster_id}/key-pairs/",
ProducesMediaTypes: []string{"application/json"},
ConsumesMediaTypes: []string{"application/json"},
Schemes: []string{"https"},
Params: params,
Reader: &AddKeyPairReader{formats: a.formats},
AuthInfo: authInfo,
Context: params.Context,
Client: params.HTTPClient,
})
if err != nil {
return nil, err
}
return result.(*AddKeyPairOK), nil
}
/*
GetKeyPairs gets key pairs
Returns a list of information on all key pairs of a cluster as an array.
The individual array items contain metadata on the key pairs, but neither the key nor the certificate. These can only be obtained upon creation, using the [addKeypair](#operation/addKeyPair) operation.
*/
func (a *Client) GetKeyPairs(params *GetKeyPairsParams, authInfo runtime.ClientAuthInfoWriter) (*GetKeyPairsOK, error) {
// TODO: Validate the params before sending
if params == nil {
params = NewGetKeyPairsParams()
}
result, err := a.transport.Submit(&runtime.ClientOperation{
ID: "getKeyPairs",
Method: "GET",
PathPattern: "/v4/clusters/{cluster_id}/key-pairs/",
ProducesMediaTypes: []string{"application/json"},
ConsumesMediaTypes: []string{"application/json"},
Schemes: []string{"https"},
Params: params,
Reader: &GetKeyPairsReader{formats: a.formats},
AuthInfo: authInfo,
Context: params.Context,
Client: params.HTTPClient,
})
if err != nil {
return nil, err
}
return result.(*GetKeyPairsOK), nil
}
// SetTransport changes the transport on the client
func (a *Client) SetTransport(transport runtime.ClientTransport) {
a.transport = transport
}