const ClusterAccess = {
props: [ 'cluster', 'token', 'state' ],
data() {
return {
accessType: "ssh",
signReqValidity: "1d",
sshSignReq: {
PubKey: "",
Principal: "root",
},
sshUserCert: null,
kubeSignReq: {
CSR: "",
User: "",
Group: "system:masters",
},
kubeUserCert: null,
downloadSet: null,
selectedAssets: {},
loading: false,
msg: null,
};
},
computed: {
availableAssets() {
return [
"kernel",
"initrd",
"uki",
"bootstrap.tar",
"boot.img.gz",
"boot.img",
"boot.qcow2",
"boot.vmdk",
"boot.iso",
"boot.tar",
"bootstrap-config",
"config",
"config.json",
"ipxe",
]
},
selectedAssetList() {
return this.availableAssets.filter(a => this.selectedAssets[a])
},
hostCount() {
return (this.state.Hosts||[]).filter(h => h.Cluster == this.cluster.Name).length
},
},
methods: {
sshCASign() {
event.preventDefault();
this.loading = true; this.msg = null;
fetch(`/clusters/${this.cluster.Name}/ssh/user-ca/sign`, {
method: 'POST',
body: JSON.stringify({ ...this.sshSignReq, Validity: this.signReqValidity }),
headers: { 'Authorization': 'Bearer ' + this.token, 'Content-Type': 'application/json' },
}).then((resp) => {
if (resp.ok) {
resp.blob().then((cert) => { this.sshUserCert = URL.createObjectURL(cert); this.loading = false })
} else {
resp.json().then((resp) => { this.msg = 'failed to sign: '+resp.message; this.loading = false })
}
})
.catch((e) => { this.msg = 'failed to sign: '+e; this.loading = false })
},
kubeCASign() {
event.preventDefault();
this.loading = true; this.msg = null;
fetch(`/clusters/${this.cluster.Name}/kube/sign`, {
method: 'POST',
body: JSON.stringify({ ...this.kubeSignReq, Validity: this.signReqValidity }),
headers: { 'Authorization': 'Bearer ' + this.token, 'Content-Type': 'application/json' },
}).then((resp) => {
if (resp.ok) {
resp.blob().then((cert) => { this.kubeUserCert = URL.createObjectURL(cert); this.loading = false })
} else {
resp.json().then((resp) => { this.msg = 'failed to sign: '+resp.message; this.loading = false })
}
})
.catch((e) => { this.msg = 'failed to sign: '+e; this.loading = false })
},
generateDownloadSet() {
event.preventDefault()
this.loading = true; this.msg = null;
const items = [{
Kind: "host",
Name: "c=" + this.cluster.Name,
Assets: this.selectedAssetList,
}]
fetch('/sign-download-set', {
method: 'POST',
body: JSON.stringify({Expiry: this.signReqValidity, Items: items}),
headers: { 'Authorization': 'Bearer ' + this.token, 'Content-Type': 'application/json' },
}).then((resp) => {
if (resp.ok) {
resp.json().then((set) => { this.downloadSet = set; this.loading = false })
} else {
resp.json().then((resp) => { this.msg = 'failed to generate: '+resp.message; this.loading = false })
}
}).catch((e) => { this.msg = 'failed to generate: '+e; this.loading = false })
},
readFile(e, onload) {
const file = e.target.files[0];
if (!file) { return; }
const reader = new FileReader();
reader.onload = () => { onload(reader.result) };
reader.onerror = () => { this.msg = "error reading file" };
reader.readAsText(file);
},
loadPubKey(e) {
this.readFile(e, (v) => {
this.sshSignReq.PubKey = v;
});
},
copyDownloadSetUrl() {
try {
navigator.clipboard.writeText(window.location.origin+'/public/download-set?set='+this.downloadSet)
this.$root.toast('copied!', 'info')
} catch (e) {
this.$root.toast('copy failed', 'error')
}
},
loadCSR(e) {
this.readFile(e, (v) => {
this.kubeSignReq.CSR = v;
});
},
},
template: `
Grant access to:
Validity: time range, ie: -5m:1w, 5m, 1M, 1y, 1d-1s, etc.
{{ msg }}
Grant download access
Generates a signed download set granting access to the selected assets for all {{ hostCount }} hosts in this cluster.
Available assets
{{" "}}
`
}