Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsValidServiceAccountKeyFile ¶
func IsValidServiceAccountKeyFile(file string) bool
IsValidServiceAccountKeyFile returns true if a valid public RSA key can be read from the given file
func New ¶
func New(config AuthenticatorConfig) (authenticator.Request, *spec.SecurityDefinitions, error)
New returns an authenticator.Request or an error that supports the standard Kubernetes authentication mechanisms.
func NewAuthenticatorFromTokens ¶ added in v1.5.0
func NewAuthenticatorFromTokens(tokens map[string]*user.DefaultInfo) authenticator.Request
newAuthenticatorFromToken returns an authenticator.Request or an error
Types ¶
type AuthenticatorConfig ¶
type AuthenticatorConfig struct {
Anonymous bool
AnyToken bool
BasicAuthFile string
ClientCAFile string
TokenAuthFile string
OIDCIssuerURL string
OIDCClientID string
OIDCCAFile string
OIDCUsernameClaim string
OIDCGroupsClaim string
ServiceAccountKeyFiles []string
ServiceAccountLookup bool
ServiceAccountTokenGetter serviceaccount.ServiceAccountTokenGetter
KeystoneURL string
KeystoneCAFile string
WebhookTokenAuthnConfigFile string
WebhookTokenAuthnCacheTTL time.Duration
RequestHeaderConfig *RequestHeaderConfig
}
type RequestHeaderConfig ¶ added in v1.5.0
type RequestHeaderConfig struct {
// UsernameHeaders are the headers to check (in order, case-insensitively) for an identity. The first header with a value wins.
UsernameHeaders []string
// ClientCA points to CA bundle file which is used verify the identity of the front proxy
ClientCA string
// AllowedClientNames is a list of common names that may be presented by the authenticating front proxy. Empty means: accept any.
AllowedClientNames []string
}
Source Files
Click to show internal directories.
Click to hide internal directories.