Documentation ¶
Index ¶
Constants ¶
const ( // ImpersonateUserHeader is used to impersonate a particular user during an API server request ImpersonateUserHeader = "Impersonate-User" // ImpersonateGroupHeader is used to impersonate a particular group during an API server request. // It can be repeated multiplied times for multiple groups. ImpersonateGroupHeader = "Impersonate-Group" // ImpersonateUserExtraHeaderPrefix is a prefix for any header used to impersonate an entry in the // extra map[string][]string for user.Info. The key will be every after the prefix. // It can be repeated multiplied times for multiple map keys and the same key can be repeated multiple // times to have multiple elements in the slice under a single key ImpersonateUserExtraHeaderPrefix = "Impersonate-Extra-" )
const GroupName = "authentication.k8s.io"
GroupName is the group name use in this package
Variables ¶
var ( // SchemeBuilder points to a list of functions added to Scheme. SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) // AddToScheme applies all the stored functions to the scheme. AddToScheme = SchemeBuilder.AddToScheme )
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func Kind ¶
Kind takes an unqualified kind and returns a Group qualified GroupKind
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type BoundObjectReference ¶
type BoundObjectReference struct { // Kind of the referent. Valid kinds are 'Pod' and 'Secret'. Kind string // API version of the referent. APIVersion string // Name of the referent. Name string // UID of the referent. UID types.UID }
BoundObjectReference is a reference to an object that a token is bound to.
func (*BoundObjectReference) DeepCopy ¶
func (in *BoundObjectReference) DeepCopy() *BoundObjectReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BoundObjectReference.
func (*BoundObjectReference) DeepCopyInto ¶
func (in *BoundObjectReference) DeepCopyInto(out *BoundObjectReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExtraValue ¶
type ExtraValue []string
ExtraValue masks the value so protobuf can generate
func (ExtraValue) DeepCopy ¶
func (in ExtraValue) DeepCopy() ExtraValue
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue.
func (ExtraValue) DeepCopyInto ¶
func (in ExtraValue) DeepCopyInto(out *ExtraValue)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TokenRequest ¶
type TokenRequest struct { metav1.TypeMeta // ObjectMeta fulfills the metav1.ObjectMetaAccessor interface so that the stock // REST handler paths work metav1.ObjectMeta Spec TokenRequestSpec Status TokenRequestStatus }
TokenRequest requests a token for a given service account.
func (*TokenRequest) DeepCopy ¶
func (in *TokenRequest) DeepCopy() *TokenRequest
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequest.
func (*TokenRequest) DeepCopyInto ¶
func (in *TokenRequest) DeepCopyInto(out *TokenRequest)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TokenRequest) DeepCopyObject ¶
func (in *TokenRequest) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TokenRequestSpec ¶
type TokenRequestSpec struct { // Audiences are the intendend audiences of the token. A recipient of a // token must identify themself with an identifier in the list of // audiences of the token, and otherwise should reject the token. A // token issued for multiple audiences may be used to authenticate // against any of the audiences listed but implies a high degree of // trust between the target audiences. Audiences []string // ExpirationSeconds is the requested duration of validity of the request. The // token issuer may return a token with a different validity duration so a // client needs to check the 'expiration' field in a response. ExpirationSeconds int64 // BoundObjectRef is a reference to an object that the token will be bound to. // The token will only be valid for as long as the bound object exists. // NOTE: The API server's TokenReview endpoint will validate the // BoundObjectRef, but other audiences may not. Keep ExpirationSeconds // small if you want prompt revocation. BoundObjectRef *BoundObjectReference }
TokenRequestSpec contains client provided parameters of a token request.
func (*TokenRequestSpec) DeepCopy ¶
func (in *TokenRequestSpec) DeepCopy() *TokenRequestSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequestSpec.
func (*TokenRequestSpec) DeepCopyInto ¶
func (in *TokenRequestSpec) DeepCopyInto(out *TokenRequestSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TokenRequestStatus ¶
type TokenRequestStatus struct { // Token is the opaque bearer token. Token string `datapolicy:"token"` // ExpirationTimestamp is the time of expiration of the returned token. ExpirationTimestamp metav1.Time }
TokenRequestStatus is the result of a token request.
func (*TokenRequestStatus) DeepCopy ¶
func (in *TokenRequestStatus) DeepCopy() *TokenRequestStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequestStatus.
func (*TokenRequestStatus) DeepCopyInto ¶
func (in *TokenRequestStatus) DeepCopyInto(out *TokenRequestStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TokenReview ¶
type TokenReview struct { metav1.TypeMeta // ObjectMeta fulfills the metav1.ObjectMetaAccessor interface so that the stock // REST handler paths work metav1.ObjectMeta // Spec holds information about the request being evaluated Spec TokenReviewSpec // Status is filled in by the server and indicates whether the request can be authenticated. Status TokenReviewStatus }
TokenReview attempts to authenticate a token to a known user.
func (*TokenReview) DeepCopy ¶
func (in *TokenReview) DeepCopy() *TokenReview
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenReview.
func (*TokenReview) DeepCopyInto ¶
func (in *TokenReview) DeepCopyInto(out *TokenReview)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TokenReview) DeepCopyObject ¶
func (in *TokenReview) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TokenReviewSpec ¶
type TokenReviewSpec struct { // Token is the opaque bearer token. Token string `datapolicy:"token"` // Audiences is a list of the identifiers that the resource server presented // with the token identifies as. Audience-aware token authenticators will // verify that the token was intended for at least one of the audiences in // this list. If no audiences are provided, the audience will default to the // audience of the Kubernetes apiserver. Audiences []string }
TokenReviewSpec is a description of the token authentication request.
func (*TokenReviewSpec) DeepCopy ¶
func (in *TokenReviewSpec) DeepCopy() *TokenReviewSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenReviewSpec.
func (*TokenReviewSpec) DeepCopyInto ¶
func (in *TokenReviewSpec) DeepCopyInto(out *TokenReviewSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TokenReviewStatus ¶
type TokenReviewStatus struct { // Authenticated indicates that the token was associated with a known user. Authenticated bool // User is the UserInfo associated with the provided token. User UserInfo // Audiences are audience identifiers chosen by the authenticator that are // compatible with both the TokenReview and token. An identifier is any // identifier in the intersection of the TokenReviewSpec audiences and the // token's audiences. A client of the TokenReview API that sets the // spec.audiences field should validate that a compatible audience identifier // is returned in the status.audiences field to ensure that the TokenReview // server is audience aware. If a TokenReview returns an empty // status.audience field where status.authenticated is "true", the token is // valid against the audience of the Kubernetes API server. Audiences []string // Error indicates that the token couldn't be checked Error string }
TokenReviewStatus is the result of the token authentication request. This type mirrors the authentication.Token interface
func (*TokenReviewStatus) DeepCopy ¶
func (in *TokenReviewStatus) DeepCopy() *TokenReviewStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenReviewStatus.
func (*TokenReviewStatus) DeepCopyInto ¶
func (in *TokenReviewStatus) DeepCopyInto(out *TokenReviewStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type UserInfo ¶
type UserInfo struct { // The name that uniquely identifies this user among all active users. Username string // A unique value that identifies this user across time. If this user is // deleted and another user by the same name is added, they will have // different UIDs. UID string // The names of groups this user is a part of. Groups []string // Any additional information provided by the authenticator. Extra map[string]ExtraValue }
UserInfo holds the information about the user needed to implement the user.Info interface.
func (*UserInfo) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserInfo.
Directories ¶
Path | Synopsis |
---|---|
Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
|
Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery. |
Package validation contains methods to validate kinds in the authentication.k8s.io API group.
|
Package validation contains methods to validate kinds in the authentication.k8s.io API group. |