add kube CSR access
This commit is contained in:
Mikaël Cluseau
@ -7,12 +7,18 @@ export default {
|
||||
props: [ 'cluster', 'token', 'state' ],
|
||||
data() {
|
||||
return {
|
||||
signReqValidity: "1d",
|
||||
sshSignReq: {
|
||||
PubKey: "",
|
||||
Principal: "root",
|
||||
Validity: "+1d",
|
||||
},
|
||||
sshUserCert: null,
|
||||
kubeSignReq: {
|
||||
CSR: "",
|
||||
User: "anonymous",
|
||||
Group: "",
|
||||
},
|
||||
kubeUserCert: null,
|
||||
};
|
||||
},
|
||||
methods: {
|
||||
@ -20,12 +26,22 @@ export default {
|
||||
event.preventDefault();
|
||||
fetch(`/clusters/${this.cluster.Name}/ssh/user-ca/sign`, {
|
||||
method: 'POST',
|
||||
body: JSON.stringify(this.sshSignReq),
|
||||
body: JSON.stringify({ ...this.sshSignReq, Validity: this.signReqValidity }),
|
||||
headers: { 'Authorization': 'Bearer ' + this.token, 'Content-Type': 'application/json' },
|
||||
}).then((resp) => resp.blob())
|
||||
.then((cert) => { this.sshUserCert = URL.createObjectURL(cert) })
|
||||
.catch((e) => { alert('failed to sign: '+e); })
|
||||
},
|
||||
kubeCASign() {
|
||||
event.preventDefault();
|
||||
fetch(`/clusters/${this.cluster.Name}/kube/sign`, {
|
||||
method: 'POST',
|
||||
body: JSON.stringify({ ...this.kubeSignReq, Validity: this.signReqValidity }),
|
||||
headers: { 'Authorization': 'Bearer ' + this.token, 'Content-Type': 'application/json' },
|
||||
}).then((resp) => resp.blob())
|
||||
.then((cert) => { this.kubeUserCert = URL.createObjectURL(cert) })
|
||||
.catch((e) => { alert('failed to sign: '+e); })
|
||||
},
|
||||
},
|
||||
template: `
|
||||
<h3>Tokens</h3>
|
||||
@ -52,17 +68,34 @@ export default {
|
||||
</template></td>
|
||||
</tr></table>
|
||||
|
||||
<h3>SSH</h3>
|
||||
<form @submit="sshCASign()" action="">
|
||||
<p>User public key (OpenSSH format):<br/>
|
||||
<textarea v-model="sshSignReq.PubKey"></textarea>
|
||||
</p>
|
||||
<p>Principal: <input type="text" v-model="sshSignReq.Principal"/></p>
|
||||
<p>Validity: <input type="text" v-model="sshSignReq.Validity"/></p>
|
||||
<input type="submit" value="Sign key" />
|
||||
</form>
|
||||
<h3>Access</h3>
|
||||
|
||||
<p>Allow cluster access from a public key</p>
|
||||
<p>Certificate time validity: <input type="text" v-model="signReqValidity"/> <small>ie: -5m:1w, 5m, 1M, 1y, 1d-1s, etc.</p>
|
||||
|
||||
<h4>Grant SSH access</h4>
|
||||
|
||||
<p>Public key (OpenSSH format):<br/>
|
||||
<textarea v-model="sshSignReq.PubKey" style="width:64em;height:2lh"></textarea>
|
||||
</p>
|
||||
<p>Principal: <input type="text" v-model="sshSignReq.Principal"/></p>
|
||||
|
||||
<p><button @click="sshCASign">Sign SSH access request</button></p>
|
||||
<p v-if="sshUserCert">
|
||||
<a :href="sshUserCert" download="ssh-cert.pub">Get user SSH certificate</a>
|
||||
<a :href="sshUserCert" download="ssh-cert.pub">Get certificate</a>
|
||||
</p>
|
||||
|
||||
<h4>Grant Kubernetes API access</h4>
|
||||
|
||||
<p>Certificate signing request (PEM format):<br/>
|
||||
<textarea v-model="kubeSignReq.CSR" style="width:64em;height:7lh;"></textarea>
|
||||
</p>
|
||||
<p>User: <input type="text" v-model="kubeSignReq.User"/></p>
|
||||
<p>Group: <input type="text" v-model="kubeSignReq.Group"/></p>
|
||||
|
||||
<p><button @click="kubeCASign">Sign Kubernetes API access request</button></p>
|
||||
<p v-if="kubeUserCert">
|
||||
<a :href="kubeUserCert" download="kube-cert.pub">Get certificate</a>
|
||||
</p>
|
||||
`
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user