local-server/html/ui/js/Cluster.js


import Downloads from './Downloads.js';
import GetCopy from './GetCopy.js';

export default {
    components: { Downloads, GetCopy },
    props: [ 'cluster', 'token', 'state' ],
    data() {
        return {
            signReqValidity: "1d",
            sshSignReq: {
                PubKey: "",
                Principal: "root",
            },
            sshUserCert: null,
            kubeSignReq: {
                CSR: "",
                User:   "",
                Group:  "system:masters",
            },
            kubeUserCert: null,
        };
    },
    methods: {
        sshCASign() {
            event.preventDefault();
            fetch(`/clusters/${this.cluster.Name}/ssh/user-ca/sign`, {
                method: 'POST',
                body: JSON.stringify({ ...this.sshSignReq, Validity: this.signReqValidity }),
                headers: { 'Authorization': 'Bearer ' + this.token, 'Content-Type': 'application/json' },
            }).then((resp) => {
                if (resp.ok) {
                    resp.blob().then((cert) => { this.sshUserCert = URL.createObjectURL(cert) })
                } else {
                    resp.json().then((resp) => alert('failed to sign: '+resp.message))
                }
              })
              .catch((e) => { alert('failed to sign: '+e); })
        },
        kubeCASign() {
            event.preventDefault();
            fetch(`/clusters/${this.cluster.Name}/kube/sign`, {
                method: 'POST',
                body: JSON.stringify({ ...this.kubeSignReq, Validity: this.signReqValidity }),
                headers: { 'Authorization': 'Bearer ' + this.token, 'Content-Type': 'application/json' },
            }).then((resp) => {
                if (resp.ok) {
                    resp.blob().then((cert) => { this.kubeUserCert = URL.createObjectURL(cert) })
                } else {
                    resp.json().then((resp) => alert('failed to sign: '+resp.message))
                }
              })
              .catch((e) => { alert('failed to sign: '+e); })
        },
    },
    template: `
  <h3>Tokens</h3>
  <section class="links">
    <GetCopy v-for="n in cluster.Tokens" :token="token" :name="n" :href="'/clusters/'+cluster.Name+'/tokens/'+n" />
  </section>

  <h3>Passwords</h3>
  <section class="links">
    <GetCopy v-for="n in cluster.Passwords" :token="token" :name="n" :href="'/clusters/'+cluster.Name+'/passwords/'+n" />
  </section>

  <h3>Downloads</h3>
  <Downloads :token="token" :state="state" kind="cluster" :name="cluster.Name" />

  <h3>CAs</h3>
  <table><tr><th>Name</th><th>Certificate</th><th>Signed certificates</th></tr>
  <tr v-for="ca in cluster.CAs">
    <td>{{ ca.Name }}</td>
    <td><GetCopy :token="token" name="cert" :href="'/clusters/'+cluster.Name+'/CAs/'+ca.Name+'/certificate'" /></td>
    <td><template v-for="signed in ca.Signed">
      {{" "}}
      <GetCopy :token="token" :name="signed" :href="'/clusters/'+cluster.Name+'/CAs/'+ca.Name+'/signed?name='+signed" />
    </template></td>
  </tr></table>

  <h3>Access</h3>

  <p>Allow cluster access from a public key</p>
  <p>Certificate time validity: <input type="text" v-model="signReqValidity"/> <small>ie: -5m:1w, 5m, 1M, 1y, 1d-1s, etc.</p>

  <h4>Grant SSH access</h4>

  <p>Public key (OpenSSH format):<br/>
     <textarea v-model="sshSignReq.PubKey" style="width:64em;height:2lh"></textarea>
  </p>
  <p>User: <input type="text" v-model="sshSignReq.Principal"/></p>

  <p><button @click="sshCASign">Sign SSH access (validity: {{signReqValidity}})</button>
    <template v-if="sshUserCert">
    =&gt; <a :href="sshUserCert" download="ssh-cert.pub">Get certificate</a>
    </template>
  </p>

  <h4>Grant Kubernetes API access</h4>

  <p>Certificate signing request (PEM format):<br/>
     <textarea v-model="kubeSignReq.CSR" style="width:64em;height:7lh;"></textarea>
  </p>
  <p>User: <input type="text" v-model="kubeSignReq.User"/></p>
  <p>Group: <input type="text" v-model="kubeSignReq.Group"/></p>

  <p><button @click="kubeCASign">Sign Kubernetes API access (validity: {{signReqValidity}})</button>
    <template v-if="kubeUserCert">
      =&gt; <a :href="kubeUserCert" download="kube-cert.pub">Get certificate</a>
    </template>
  </p>
`
}
downloads API, UI 2023-02-07 21:29:19 +01:00
			`import Downloads from './Downloads.js';`
secrets migration & restitution 2023-02-12 11:58:26 +01:00			`import GetCopy from './GetCopy.js';`
downloads API, UI 2023-02-07 21:29:19 +01:00
			`export default {`
secrets migration & restitution 2023-02-12 11:58:26 +01:00			`components: { Downloads, GetCopy },`
downloads API, UI 2023-02-07 21:29:19 +01:00			`props: [ 'cluster', 'token', 'state' ],`
rework ui 2025-06-29 00:12:12 +02:00			`data() {`
			`return {`
add kube CSR access 2025-07-02 21:47:08 +02:00			`signReqValidity: "1d",`
rework ui 2025-06-29 00:12:12 +02:00			`sshSignReq: {`
			`PubKey: "",`
			`Principal: "root",`
			`},`
			`sshUserCert: null,`
add kube CSR access 2025-07-02 21:47:08 +02:00			`kubeSignReq: {`
			`CSR: "",`
improve cert-signing ux 2026-01-19 17:57:15 +01:00			`User: "",`
			`Group: "system:masters",`
add kube CSR access 2025-07-02 21:47:08 +02:00			`},`
			`kubeUserCert: null,`
rework ui 2025-06-29 00:12:12 +02:00			`};`
			`},`
			`methods: {`
			`sshCASign() {`
			`event.preventDefault();`
			fetch(`/clusters/${this.cluster.Name}/ssh/user-ca/sign`, {
			`method: 'POST',`
add kube CSR access 2025-07-02 21:47:08 +02:00			`body: JSON.stringify({ ...this.sshSignReq, Validity: this.signReqValidity }),`
rework ui 2025-06-29 00:12:12 +02:00			`headers: { 'Authorization': 'Bearer ' + this.token, 'Content-Type': 'application/json' },`
improve cert-signing ux 2026-01-19 17:57:15 +01:00			`}).then((resp) => {`
			`if (resp.ok) {`
			`resp.blob().then((cert) => { this.sshUserCert = URL.createObjectURL(cert) })`
			`} else {`
			`resp.json().then((resp) => alert('failed to sign: '+resp.message))`
			`}`
			`})`
rework ui 2025-06-29 00:12:12 +02:00			`.catch((e) => { alert('failed to sign: '+e); })`
			`},`
add kube CSR access 2025-07-02 21:47:08 +02:00			`kubeCASign() {`
			`event.preventDefault();`
			fetch(`/clusters/${this.cluster.Name}/kube/sign`, {
			`method: 'POST',`
			`body: JSON.stringify({ ...this.kubeSignReq, Validity: this.signReqValidity }),`
			`headers: { 'Authorization': 'Bearer ' + this.token, 'Content-Type': 'application/json' },`
improve cert-signing ux 2026-01-19 17:57:15 +01:00			`}).then((resp) => {`
			`if (resp.ok) {`
			`resp.blob().then((cert) => { this.kubeUserCert = URL.createObjectURL(cert) })`
			`} else {`
			`resp.json().then((resp) => alert('failed to sign: '+resp.message))`
			`}`
			`})`
add kube CSR access 2025-07-02 21:47:08 +02:00			`.catch((e) => { alert('failed to sign: '+e); })`
			`},`
rework ui 2025-06-29 00:12:12 +02:00			`},`
downloads API, UI 2023-02-07 21:29:19 +01:00			template: `
rework ui 2025-06-29 00:12:12 +02:00			`<h3>Tokens</h3>`
secrets migration & restitution 2023-02-12 11:58:26 +01:00			`<section class="links">`
			`<GetCopy v-for="n in cluster.Tokens" :token="token" :name="n" :href="'/clusters/'+cluster.Name+'/tokens/'+n" />`
			`</section>`
rework ui 2025-06-29 00:12:12 +02:00
			`<h3>Passwords</h3>`
secrets migration & restitution 2023-02-12 11:58:26 +01:00			`<section class="links">`
			`<GetCopy v-for="n in cluster.Passwords" :token="token" :name="n" :href="'/clusters/'+cluster.Name+'/passwords/'+n" />`
			`</section>`
rework ui 2025-06-29 00:12:12 +02:00
			`<h3>Downloads</h3>`
			`<Downloads :token="token" :state="state" kind="cluster" :name="cluster.Name" />`

			`<h3>CAs</h3>`
secrets migration 2023-02-15 08:49:34 +01:00			`<table><tr><th>Name</th><th>Certificate</th><th>Signed certificates</th></tr>`
			`<tr v-for="ca in cluster.CAs">`
			`<td>{{ ca.Name }}</td>`
			`<td><GetCopy :token="token" name="cert" :href="'/clusters/'+cluster.Name+'/CAs/'+ca.Name+'/certificate'" /></td>`
			`<td><template v-for="signed in ca.Signed">`
			`{{" "}}`
			`<GetCopy :token="token" :name="signed" :href="'/clusters/'+cluster.Name+'/CAs/'+ca.Name+'/signed?name='+signed" />`
			`</template></td>`
			`</tr></table>`
rework ui 2025-06-29 00:12:12 +02:00
add kube CSR access 2025-07-02 21:47:08 +02:00			`<h3>Access</h3>`

			`<p>Allow cluster access from a public key</p>`
			`<p>Certificate time validity: <input type="text" v-model="signReqValidity"/> <small>ie: -5m:1w, 5m, 1M, 1y, 1d-1s, etc.</p>`

			`<h4>Grant SSH access</h4>`

			`<p>Public key (OpenSSH format):<br/>`
			`<textarea v-model="sshSignReq.PubKey" style="width:64em;height:2lh"></textarea>`
			`</p>`
improve cert-signing ux 2026-01-19 17:57:15 +01:00			`<p>User: <input type="text" v-model="sshSignReq.Principal"/></p>`
add kube CSR access 2025-07-02 21:47:08 +02:00
improve cert-signing ux 2026-01-19 17:57:15 +01:00			`<p><button @click="sshCASign">Sign SSH access (validity: {{signReqValidity}})</button>`
			`<template v-if="sshUserCert">`
			`=> <a :href="sshUserCert" download="ssh-cert.pub">Get certificate</a>`
			`</template>`
add kube CSR access 2025-07-02 21:47:08 +02:00			`</p>`

			`<h4>Grant Kubernetes API access</h4>`

			`<p>Certificate signing request (PEM format):<br/>`
			`<textarea v-model="kubeSignReq.CSR" style="width:64em;height:7lh;"></textarea>`
			`</p>`
			`<p>User: <input type="text" v-model="kubeSignReq.User"/></p>`
			`<p>Group: <input type="text" v-model="kubeSignReq.Group"/></p>`

improve cert-signing ux 2026-01-19 17:57:15 +01:00			`<p><button @click="kubeCASign">Sign Kubernetes API access (validity: {{signReqValidity}})</button>`
			`<template v-if="kubeUserCert">`
			`=> <a :href="kubeUserCert" download="kube-cert.pub">Get certificate</a>`
			`</template>`
rework ui 2025-06-29 00:12:12 +02:00			`</p>`
downloads API, UI 2023-02-07 21:29:19 +01:00			`
			`}`