Skip to content

Commit 14deb6b

Browse files
ormequormequ
authored
Add CA certificates to OIDC parameters (#81)
1 parent c15fe83 commit 14deb6b

File tree

2 files changed

+44
-0
lines changed

2 files changed

+44
-0
lines changed

pkg/v1/cluster/schemas.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -215,6 +215,10 @@ type OIDC struct {
215215
// GroupsClaim represents optional JWT claim to use as the user's group. By default, `groups`.
216216
// Will be placed in `--oidc-groups-claim` flag.
217217
GroupsClaim string `json:"groups_claim"`
218+
219+
// CACerts represent optional custom CA certs chain in X509 PEM format of provider's SSL certificate.
220+
// Will be written to file on masters which will be passed in `--oidc-ca-file` kube-apiserver flag.
221+
CACerts string `json:"ca_certs,omitempty"`
218222
}
219223

220224
// KubeconfigFields is a struct that contains Kubeconfigs parsed fields and raw kubeconfig.

pkg/v1/cluster/testing/fixtures.go

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,7 @@ const testGetClusterResponseRaw = `
5050
"provider_name": "keycloak",
5151
"client_id": "kubernetes",
5252
"groups_claim": "groups",
53+
"ca_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
5354
"issuer_url": "https://example.com/",
5455
"username_claim": "email"
5556
}
@@ -101,6 +102,7 @@ var expectedGetClusterResponse = &cluster.View{
101102
ClientID: "kubernetes",
102103
UsernameClaim: "email",
103104
GroupsClaim: "groups",
105+
CACerts: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
104106
},
105107
},
106108
}
@@ -147,6 +149,7 @@ const testGetZonalClusterResponseRaw = `
147149
"provider_name": "keycloak",
148150
"client_id": "kubernetes",
149151
"groups_claim": "groups",
152+
"ca_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
150153
"issuer_url": "https://example.com/",
151154
"username_claim": "email"
152155
}
@@ -196,6 +199,7 @@ var expectedGetZonalClusterResponse = &cluster.View{
196199
ClientID: "kubernetes",
197200
UsernameClaim: "email",
198201
GroupsClaim: "groups",
202+
CACerts: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
199203
},
200204
},
201205
}
@@ -237,6 +241,7 @@ const testListClustersResponseRaw = `
237241
"provider_name": "keycloak",
238242
"client_id": "kubernetes",
239243
"groups_claim": "groups",
244+
"ca_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
240245
"issuer_url": "https://example.com/",
241246
"username_claim": "email"
242247
}
@@ -275,6 +280,7 @@ const testListClustersResponseRaw = `
275280
"provider_name": "keycloak",
276281
"client_id": "kubernetes",
277282
"groups_claim": "groups",
283+
"ca_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
278284
"issuer_url": "https://example.com/",
279285
"username_claim": "email"
280286
}
@@ -313,6 +319,7 @@ const testListClustersResponseRaw = `
313319
"provider_name": "keycloak",
314320
"client_id": "kubernetes",
315321
"groups_claim": "groups",
322+
"ca_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
316323
"issuer_url": "https://example.com/",
317324
"username_claim": "email"
318325
}
@@ -351,6 +358,7 @@ const testListClustersResponseRaw = `
351358
"provider_name": "keycloak",
352359
"client_id": "kubernetes",
353360
"groups_claim": "groups",
361+
"ca_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
354362
"issuer_url": "https://example.com/",
355363
"username_claim": "email"
356364
}
@@ -389,6 +397,7 @@ const testListClustersResponseRaw = `
389397
"provider_name": "keycloak",
390398
"client_id": "kubernetes",
391399
"groups_claim": "groups",
400+
"ca_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
392401
"issuer_url": "https://example.com/",
393402
"username_claim": "email"
394403
}
@@ -427,6 +436,7 @@ const testListClustersResponseRaw = `
427436
"provider_name": "keycloak",
428437
"client_id": "kubernetes",
429438
"groups_claim": "groups",
439+
"ca_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
430440
"issuer_url": "https://example.com/",
431441
"username_claim": "email"
432442
}
@@ -465,6 +475,7 @@ const testListClustersResponseRaw = `
465475
"provider_name": "keycloak",
466476
"client_id": "kubernetes",
467477
"groups_claim": "groups",
478+
"ca_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
468479
"issuer_url": "https://example.com/",
469480
"username_claim": "email"
470481
}
@@ -503,6 +514,7 @@ const testListClustersResponseRaw = `
503514
"provider_name": "keycloak",
504515
"client_id": "kubernetes",
505516
"groups_claim": "groups",
517+
"ca_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
506518
"issuer_url": "https://example.com/",
507519
"username_claim": "email"
508520
}
@@ -541,6 +553,7 @@ const testListClustersResponseRaw = `
541553
"provider_name": "keycloak",
542554
"client_id": "kubernetes",
543555
"groups_claim": "groups",
556+
"ca_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
544557
"issuer_url": "https://example.com/",
545558
"username_claim": "email"
546559
}
@@ -579,6 +592,7 @@ const testListClustersResponseRaw = `
579592
"provider_name": "keycloak",
580593
"client_id": "kubernetes",
581594
"groups_claim": "groups",
595+
"ca_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
582596
"issuer_url": "https://example.com/",
583597
"username_claim": "email"
584598
}
@@ -617,6 +631,7 @@ const testListClustersResponseRaw = `
617631
"provider_name": "keycloak",
618632
"client_id": "kubernetes",
619633
"groups_claim": "groups",
634+
"ca_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
620635
"issuer_url": "https://example.com/",
621636
"username_claim": "email"
622637
}
@@ -655,6 +670,7 @@ const testListClustersResponseRaw = `
655670
"provider_name": "keycloak",
656671
"client_id": "kubernetes",
657672
"groups_claim": "groups",
673+
"ca_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
658674
"issuer_url": "https://example.com/",
659675
"username_claim": "email"
660676
}
@@ -693,6 +709,7 @@ const testListClustersResponseRaw = `
693709
"provider_name": "keycloak",
694710
"client_id": "kubernetes",
695711
"groups_claim": "groups",
712+
"ca_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
696713
"issuer_url": "https://example.com/",
697714
"username_claim": "email"
698715
}
@@ -731,6 +748,7 @@ const testListClustersResponseRaw = `
731748
"provider_name": "keycloak",
732749
"client_id": "kubernetes",
733750
"groups_claim": "groups",
751+
"ca_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
734752
"issuer_url": "https://example.com/",
735753
"username_claim": "email"
736754
}
@@ -769,6 +787,7 @@ const testListClustersResponseRaw = `
769787
"provider_name": "keycloak",
770788
"client_id": "kubernetes",
771789
"groups_claim": "groups",
790+
"ca_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
772791
"issuer_url": "https://example.com/",
773792
"username_claim": "email"
774793
}
@@ -807,6 +826,7 @@ const testListClustersResponseRaw = `
807826
"provider_name": "keycloak",
808827
"client_id": "kubernetes",
809828
"groups_claim": "groups",
829+
"ca_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
810830
"issuer_url": "https://example.com/",
811831
"username_claim": "email"
812832
}
@@ -853,6 +873,7 @@ var expectedListClustersResponse = []*cluster.View{
853873
ClientID: "kubernetes",
854874
UsernameClaim: "email",
855875
GroupsClaim: "groups",
876+
CACerts: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
856877
},
857878
},
858879
},
@@ -891,6 +912,7 @@ var expectedListClustersResponse = []*cluster.View{
891912
ClientID: "kubernetes",
892913
UsernameClaim: "email",
893914
GroupsClaim: "groups",
915+
CACerts: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
894916
},
895917
},
896918
},
@@ -929,6 +951,7 @@ var expectedListClustersResponse = []*cluster.View{
929951
ClientID: "kubernetes",
930952
UsernameClaim: "email",
931953
GroupsClaim: "groups",
954+
CACerts: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
932955
},
933956
},
934957
},
@@ -967,6 +990,7 @@ var expectedListClustersResponse = []*cluster.View{
967990
ClientID: "kubernetes",
968991
UsernameClaim: "email",
969992
GroupsClaim: "groups",
993+
CACerts: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
970994
},
971995
},
972996
},
@@ -1005,6 +1029,7 @@ var expectedListClustersResponse = []*cluster.View{
10051029
ClientID: "kubernetes",
10061030
UsernameClaim: "email",
10071031
GroupsClaim: "groups",
1032+
CACerts: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
10081033
},
10091034
},
10101035
},
@@ -1043,6 +1068,7 @@ var expectedListClustersResponse = []*cluster.View{
10431068
ClientID: "kubernetes",
10441069
UsernameClaim: "email",
10451070
GroupsClaim: "groups",
1071+
CACerts: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
10461072
},
10471073
},
10481074
},
@@ -1081,6 +1107,7 @@ var expectedListClustersResponse = []*cluster.View{
10811107
ClientID: "kubernetes",
10821108
UsernameClaim: "email",
10831109
GroupsClaim: "groups",
1110+
CACerts: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
10841111
},
10851112
},
10861113
},
@@ -1119,6 +1146,7 @@ var expectedListClustersResponse = []*cluster.View{
11191146
ClientID: "kubernetes",
11201147
UsernameClaim: "email",
11211148
GroupsClaim: "groups",
1149+
CACerts: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
11221150
},
11231151
},
11241152
},
@@ -1157,6 +1185,7 @@ var expectedListClustersResponse = []*cluster.View{
11571185
ClientID: "kubernetes",
11581186
UsernameClaim: "email",
11591187
GroupsClaim: "groups",
1188+
CACerts: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
11601189
},
11611190
},
11621191
},
@@ -1195,6 +1224,7 @@ var expectedListClustersResponse = []*cluster.View{
11951224
ClientID: "kubernetes",
11961225
UsernameClaim: "email",
11971226
GroupsClaim: "groups",
1227+
CACerts: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
11981228
},
11991229
},
12001230
},
@@ -1233,6 +1263,7 @@ var expectedListClustersResponse = []*cluster.View{
12331263
ClientID: "kubernetes",
12341264
UsernameClaim: "email",
12351265
GroupsClaim: "groups",
1266+
CACerts: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
12361267
},
12371268
},
12381269
},
@@ -1271,6 +1302,7 @@ var expectedListClustersResponse = []*cluster.View{
12711302
ClientID: "kubernetes",
12721303
UsernameClaim: "email",
12731304
GroupsClaim: "groups",
1305+
CACerts: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
12741306
},
12751307
},
12761308
},
@@ -1309,6 +1341,7 @@ var expectedListClustersResponse = []*cluster.View{
13091341
ClientID: "kubernetes",
13101342
UsernameClaim: "email",
13111343
GroupsClaim: "groups",
1344+
CACerts: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
13121345
},
13131346
},
13141347
},
@@ -1347,6 +1380,7 @@ var expectedListClustersResponse = []*cluster.View{
13471380
ClientID: "kubernetes",
13481381
UsernameClaim: "email",
13491382
GroupsClaim: "groups",
1383+
CACerts: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
13501384
},
13511385
},
13521386
},
@@ -1385,6 +1419,7 @@ var expectedListClustersResponse = []*cluster.View{
13851419
ClientID: "kubernetes",
13861420
UsernameClaim: "email",
13871421
GroupsClaim: "groups",
1422+
CACerts: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
13881423
},
13891424
},
13901425
},
@@ -1423,6 +1458,7 @@ var expectedListClustersResponse = []*cluster.View{
14231458
ClientID: "kubernetes",
14241459
UsernameClaim: "email",
14251460
GroupsClaim: "groups",
1461+
CACerts: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
14261462
},
14271463
},
14281464
},
@@ -1473,6 +1509,7 @@ const testCreateClusterOptsRaw = `
14731509
"provider_name": "keycloak",
14741510
"client_id": "kubernetes",
14751511
"groups_claim": "groups",
1512+
"ca_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
14761513
"issuer_url": "https://example.com/",
14771514
"username_claim": "email"
14781515
}
@@ -1522,6 +1559,7 @@ var testCreateClusterOpts = &cluster.CreateOpts{
15221559
ClientID: "kubernetes",
15231560
UsernameClaim: "email",
15241561
GroupsClaim: "groups",
1562+
CACerts: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
15251563
},
15261564
},
15271565
}
@@ -1567,6 +1605,7 @@ const testCreateClusterResponseRaw = `
15671605
"provider_name": "keycloak",
15681606
"client_id": "kubernetes",
15691607
"groups_claim": "groups",
1608+
"ca_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
15701609
"issuer_url": "https://example.com/",
15711610
"username_claim": "email"
15721611
}
@@ -1611,6 +1650,7 @@ var expectedCreateClusterResponse = &cluster.View{
16111650
ClientID: "kubernetes",
16121651
UsernameClaim: "email",
16131652
GroupsClaim: "groups",
1653+
CACerts: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tS0tLQo=",
16141654
},
16151655
},
16161656
PrivateKubeAPI: false,

0 commit comments

Comments
 (0)