authenticatorfactory

package

v0.17.1 Latest Latest Go to latest Published: Jan 14, 2020 License: Apache-2.0 Imports: 17 Imported by: 212

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kubernetes/apiserver

Links

Open Source Insights

Documentation ¶

Index ¶

func NewFromTokens(tokens map[string]*user.DefaultInfo) authenticator.Request
type CAContentProvider
type DelegatingAuthenticatorConfig
- func (c DelegatingAuthenticatorConfig) New() (authenticator.Request, *spec.SecurityDefinitions, error)
type RequestHeaderConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewFromTokens ¶

func NewFromTokens(tokens map[string]*user.DefaultInfo) authenticator.Request

NewFromTokens returns an authenticator.Request or an error

Types ¶

type CAContentProvider ¶ added in v0.17.0

type CAContentProvider interface {
	// Name is just an identifier
	Name() string
	// CurrentCABundleContent provides ca bundle byte content
	CurrentCABundleContent() []byte
	// VerifyOptions provides VerifyOptions for authenticators
	VerifyOptions() (x509.VerifyOptions, bool)
}

CAContentProvider provides ca bundle byte content

type DelegatingAuthenticatorConfig ¶

type DelegatingAuthenticatorConfig struct {
	Anonymous bool

	// TokenAccessReviewClient is a client to do token review. It can be nil. Then every token is ignored.
	TokenAccessReviewClient authenticationclient.TokenReviewInterface

	// CacheTTL is the length of time that a token authentication answer will be cached.
	CacheTTL time.Duration

	// CAContentProvider are the options for verifying incoming connections using mTLS and directly assigning to users.
	// Generally this is the CA bundle file used to authenticate client certificates
	// If this is nil, then mTLS will not be used.
	ClientCertificateCAContentProvider CAContentProvider

	APIAudiences authenticator.Audiences

	RequestHeaderConfig *RequestHeaderConfig
}

DelegatingAuthenticatorConfig is the minimal configuration needed to create an authenticator built to delegate authentication to a kube API server

func (DelegatingAuthenticatorConfig) New ¶

func (c DelegatingAuthenticatorConfig) New() (authenticator.Request, *spec.SecurityDefinitions, error)

type RequestHeaderConfig ¶

type RequestHeaderConfig struct {
	// UsernameHeaders are the headers to check (in order, case-insensitively) for an identity. The first header with a value wins.
	UsernameHeaders headerrequest.StringSliceProvider
	// GroupHeaders are the headers to check (case-insensitively) for a group names.  All values will be used.
	GroupHeaders headerrequest.StringSliceProvider
	// ExtraHeaderPrefixes are the head prefixes to check (case-insentively) for filling in
	// the user.Info.Extra.  All values of all matching headers will be added.
	ExtraHeaderPrefixes headerrequest.StringSliceProvider
	// CAContentProvider the options for verifying incoming connections using mTLS.  Generally this points to CA bundle file which is used verify the identity of the front proxy.
	//	It may produce different options at will.
	CAContentProvider CAContentProvider
	// AllowedClientNames is a list of common names that may be presented by the authenticating front proxy.  Empty means: accept any.
	AllowedClientNames headerrequest.StringSliceProvider
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL