Directories ¶
Path | Synopsis |
---|---|
Package authenticators contains authenticator interfaces.
|
Package authenticators contains authenticator interfaces. |
Package certauthority implements a simple x509 certificate authority suitable for use in an aggregated API service.
|
Package certauthority implements a simple x509 certificate authority suitable for use in an aggregated API service. |
dynamiccertauthority
Package dynamiccertauthority implements a x509 certificate authority capable of issuing certificates from a dynamically updating CA keypair.
|
Package dynamiccertauthority implements a x509 certificate authority capable of issuing certificates from a dynamically updating CA keypair. |
concierge
|
|
impersonator
Package impersonator implements an HTTP server that reverse proxies all requests to the Kubernetes API server with impersonation headers set to match the calling user.
|
Package impersonator implements an HTTP server that reverse proxies all requests to the Kubernetes API server with impersonation headers set to match the calling user. |
scheme
Package scheme contains code to construct a proper runtime.Scheme for the Concierge aggregated API.
|
Package scheme contains code to construct a proper runtime.Scheme for the Concierge aggregated API. |
server
Package server is the command line entry point for pinniped-concierge.
|
Package server is the command line entry point for pinniped-concierge. |
config
|
|
concierge
Package concierge contains functionality to load/store Config's from/to some source.
|
Package concierge contains functionality to load/store Config's from/to some source. |
supervisor
Package supervisor contains functionality to load/store Config's from/to some source.
|
Package supervisor contains functionality to load/store Config's from/to some source. |
apicerts
Package apicerts contains controllers that work together to provide rotating API certs.
|
Package apicerts contains controllers that work together to provide rotating API certs. |
authenticator
Package authenticator contains helper code for dealing with *Authenticator CRDs.
|
Package authenticator contains helper code for dealing with *Authenticator CRDs. |
authenticator/authncache
Package authncache implements a cache of active authenticators.
|
Package authncache implements a cache of active authenticators. |
authenticator/cachecleaner
Package cachecleaner implements a controller for garbage collecting authenticators from an authenticator cache.
|
Package cachecleaner implements a controller for garbage collecting authenticators from an authenticator cache. |
authenticator/jwtcachefiller
Package jwtcachefiller implements a controller for filling an authncache.Cache with each added/updated JWTAuthenticator.
|
Package jwtcachefiller implements a controller for filling an authncache.Cache with each added/updated JWTAuthenticator. |
authenticator/webhookcachefiller
Package webhookcachefiller implements a controller for filling an authncache.Cache with each added/updated WebhookAuthenticator.
|
Package webhookcachefiller implements a controller for filling an authncache.Cache with each added/updated WebhookAuthenticator. |
issuerconfig
Package issuerconfig contains helpers for updating CredentialIssuer status entries.
|
Package issuerconfig contains helpers for updating CredentialIssuer status entries. |
kubecertagent
Package kubecertagent provides controllers that ensure a pod (the kube-cert-agent), is co-located with the Kubernetes controller manager so that Pinniped can access its signing keys.
|
Package kubecertagent provides controllers that ensure a pod (the kube-cert-agent), is co-located with the Kubernetes controller manager so that Pinniped can access its signing keys. |
supervisorconfig/generator
Package secretgenerator provides a supervisorSecretsController that can ensure existence of a generated secret.
|
Package secretgenerator provides a supervisorSecretsController that can ensure existence of a generated secret. |
supervisorconfig/ldapupstreamwatcher
Package ldapupstreamwatcher implements a controller which watches LDAPIdentityProviders.
|
Package ldapupstreamwatcher implements a controller which watches LDAPIdentityProviders. |
supervisorconfig/oidcupstreamwatcher
Package oidcupstreamwatcher implements a controller which watches OIDCIdentityProviders.
|
Package oidcupstreamwatcher implements a controller which watches OIDCIdentityProviders. |
Package controllermanager provides an entrypoint into running all of the controllers that run as a part of Pinniped.
|
Package controllermanager provides an entrypoint into running all of the controllers that run as a part of Pinniped. |
Package downward implements a client interface for interacting with Kubernetes "downwardAPI" volumes.
|
Package downward implements a client interface for interacting with Kubernetes "downwardAPI" volumes. |
Package dynamiccert provides a simple way of communicating a dynamically updating PEM-encoded certificate and key.
|
Package dynamiccert provides a simple way of communicating a dynamically updating PEM-encoded certificate and key. |
Package endpointaddr implements parsing and validation of "<host>[:<port>]" strings for Pinniped APIs.
|
Package endpointaddr implements parsing and validation of "<host>[:<port>]" strings for Pinniped APIs. |
Package execcredcache implements a cache for Kubernetes ExecCredential data.
|
Package execcredcache implements a cache for Kubernetes ExecCredential data. |
httputil
|
|
httperr
Package httperr contains some helpers for nicer error handling in http.Handler implementations.
|
Package httperr contains some helpers for nicer error handling in http.Handler implementations. |
securityheader
Package securityheader implements an HTTP middleware for setting security-related response headers.
|
Package securityheader implements an HTTP middleware for setting security-related response headers. |
Package oidc contains common OIDC functionality needed by Pinniped.
|
Package oidc contains common OIDC functionality needed by Pinniped. |
auth
Package auth provides a handler for the OIDC authorization endpoint.
|
Package auth provides a handler for the OIDC authorization endpoint. |
callback
Package callback provides a handler for the OIDC callback endpoint.
|
Package callback provides a handler for the OIDC callback endpoint. |
clientregistry
Package clientregistry defines Pinniped's OAuth2/OIDC clients.
|
Package clientregistry defines Pinniped's OAuth2/OIDC clients. |
discovery
Package discovery provides a handler for the OIDC discovery endpoint.
|
Package discovery provides a handler for the OIDC discovery endpoint. |
downstreamsession
Package downstreamsession provides some shared helpers for creating downstream OIDC sessions.
|
Package downstreamsession provides some shared helpers for creating downstream OIDC sessions. |
dynamiccodec
Package dynamiccodec provides a type that can encode information using a just-in-time signing and (optionally) encryption secret.
|
Package dynamiccodec provides a type that can encode information using a just-in-time signing and (optionally) encryption secret. |
idpdiscovery
Package idpdiscovery provides a handler for the upstream IDP discovery endpoint.
|
Package idpdiscovery provides a handler for the upstream IDP discovery endpoint. |
jwks
Package discovery provides a handler for the OIDC discovery endpoint.
|
Package discovery provides a handler for the OIDC discovery endpoint. |
provider/formposthtml
Package formposthtml defines HTML templates used by the Supervisor.
|
Package formposthtml defines HTML templates used by the Supervisor. |
token
Package token provides a handler for the OIDC token endpoint.
|
Package token provides a handler for the OIDC token endpoint. |
Package plog implements a thin layer over klog to help enforce pinniped's logging convention.
|
Package plog implements a thin layer over klog to help enforce pinniped's logging convention. |
registry
|
|
credentialrequest
Package credentialrequest provides REST functionality for the CredentialRequest resource.
|
Package credentialrequest provides REST functionality for the CredentialRequest resource. |
Package testutil contains shared test utilities for the Pinniped project.
|
Package testutil contains shared test utilities for the Pinniped project. |
fakekubeapi
Package fakekubeapi contains a *very* simple httptest.Server that can be used to stand in for a real Kube API server in tests.
|
Package fakekubeapi contains a *very* simple httptest.Server that can be used to stand in for a real Kube API server in tests. |
testlogger
Package testlogger implements a logr.Logger suitable for writing test assertions.
|
Package testlogger implements a logr.Logger suitable for writing test assertions. |
Package upstreamldap implements an abstraction of upstream LDAP IDP interactions.
|
Package upstreamldap implements an abstraction of upstream LDAP IDP interactions. |
Package upstreamoidc implements an abstraction of upstream OIDC provider interactions.
|
Package upstreamoidc implements an abstraction of upstream OIDC provider interactions. |
Click to show internal directories.
Click to hide internal directories.