const ClusterAccess = { props: [ 'cluster', 'token', 'state' ], data() { return { accessType: "ssh", signReqValidity: "1d", sshSignReq: { PubKey: "", Principal: "root", }, sshUserCert: null, kubeSignReq: { CSR: "", User: "", Group: "system:masters", }, kubeUserCert: null, downloadSet: null, selectedAssets: {}, }; }, computed: { availableAssets() { return [ "kernel", "initrd", "uki", "bootstrap.tar", "boot.img.gz", "boot.img", "boot.qcow2", "boot.vmdk", "boot.iso", "boot.tar", "bootstrap-config", "config", "config.json", "ipxe", ] }, selectedAssetList() { return this.availableAssets.filter(a => this.selectedAssets[a]) }, hostCount() { return (this.state.Hosts||[]).filter(h => h.Cluster == this.cluster.Name).length }, }, methods: { sshCASign() { event.preventDefault(); fetch(`/clusters/${this.cluster.Name}/ssh/user-ca/sign`, { method: 'POST', body: JSON.stringify({ ...this.sshSignReq, Validity: this.signReqValidity }), headers: { 'Authorization': 'Bearer ' + this.token, 'Content-Type': 'application/json' }, }).then((resp) => { if (resp.ok) { resp.blob().then((cert) => { this.sshUserCert = URL.createObjectURL(cert) }) } else { resp.json().then((resp) => alert('failed to sign: '+resp.message)) } }) .catch((e) => { alert('failed to sign: '+e); }) }, kubeCASign() { event.preventDefault(); fetch(`/clusters/${this.cluster.Name}/kube/sign`, { method: 'POST', body: JSON.stringify({ ...this.kubeSignReq, Validity: this.signReqValidity }), headers: { 'Authorization': 'Bearer ' + this.token, 'Content-Type': 'application/json' }, }).then((resp) => { if (resp.ok) { resp.blob().then((cert) => { this.kubeUserCert = URL.createObjectURL(cert) }) } else { resp.json().then((resp) => alert('failed to sign: '+resp.message)) } }) .catch((e) => { alert('failed to sign: '+e); }) }, generateDownloadSet() { event.preventDefault() const hosts = this.hostCount ? (this.state.Hosts||[]).filter(h => h.Cluster == this.cluster.Name) : [] const items = hosts.map(h => ({ Kind: "host", Name: h.Name, Assets: this.selectedAssetList, })) fetch('/sign-download-set', { method: 'POST', body: JSON.stringify({Expiry: this.signReqValidity, Items: items}), headers: { 'Authorization': 'Bearer ' + this.token, 'Content-Type': 'application/json' }, }).then((resp) => { if (resp.ok) { resp.json().then((set) => { this.downloadSet = set }) } else { resp.json().then((resp) => alert('failed to generate: '+resp.message)) } }).catch((e) => { alert('failed to generate: '+e) }) }, readFile(e, onload) { const file = e.target.files[0]; if (!file) { return; } const reader = new FileReader(); reader.onload = () => { onload(reader.result) }; reader.onerror = () => { alert("error reading file"); }; reader.readAsText(file); }, loadPubKey(e) { this.readFile(e, (v) => { this.sshSignReq.PubKey = v; }); }, loadCSR(e) { this.readFile(e, (v) => { this.kubeSignReq.CSR = v; }); }, }, template: `

Access

Grant access to:

Validity: time range, ie: -5m:1w, 5m, 1M, 1y, 1d-1s, etc.

Grant SSH access

User:

Public key (OpenSSH format):

Grant Kubernetes API access

User: (by default, from the CSR)

Group:

Certificate signing request (PEM format):

Grant download access

Generates a signed download set granting access to the selected assets for all {{ hostCount }} hosts in this cluster.

Available assets

Open download set page

` }