Documentation ¶
Index ¶
- type Config
- type TestAPIServer
- func (s *TestAPIServer) Addr() string
- func (s *TestAPIServer) AuthorizeJWT(jwt string)
- func (s *TestAPIServer) CACert() string
- func (s *TestAPIServer) ServeHTTP(w http.ResponseWriter, req *http.Request)
- func (s *TestAPIServer) SetAllowedServiceAccount(namespace, name, uid, overrideAnnotation, jwt string)
- func (s *TestAPIServer) Stop()
- type Validator
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { // Host must be a host string, a host:port pair, or a URL to the base of // the Kubernetes API server. Host string `json:",omitempty"` // PEM encoded CA cert for use by the TLS client used to talk with the // Kubernetes API. Every line must end with a newline: \n CACert string `json:",omitempty"` // A service account JWT used to access the TokenReview API to validate // other JWTs during login. It also must be able to read ServiceAccount // annotations. ServiceAccountJWT string `json:",omitempty"` // contains filtered or unexported fields }
type TestAPIServer ¶
type TestAPIServer struct {
// contains filtered or unexported fields
}
TestAPIServer is a way to mock the Kubernetes API server as it is used by the consul kubernetes auth method.
- POST /apis/authentication.k8s.io/v1/tokenreviews
- GET /api/v1/namespaces/<NAMESPACE>/serviceaccounts/<NAME>
func StartTestAPIServer ¶
func StartTestAPIServer(t *testing.T) *TestAPIServer
StartTestAPIServer creates a disposable TestAPIServer and binds it to a random free port.
func (*TestAPIServer) Addr ¶
func (s *TestAPIServer) Addr() string
Addr returns the current base URL for the running webserver.
func (*TestAPIServer) AuthorizeJWT ¶
func (s *TestAPIServer) AuthorizeJWT(jwt string)
AuthorizeJWT whitelists the given JWT as able to use the API server.
func (*TestAPIServer) CACert ¶
func (s *TestAPIServer) CACert() string
CACert returns the pem-encoded CA certificate used by the HTTPS server.
func (*TestAPIServer) ServeHTTP ¶
func (s *TestAPIServer) ServeHTTP(w http.ResponseWriter, req *http.Request)
func (*TestAPIServer) SetAllowedServiceAccount ¶
func (s *TestAPIServer) SetAllowedServiceAccount( namespace, name, uid, overrideAnnotation, jwt string, )
SetAllowedServiceAccount configures the singular known Service Account installed in this API server. If any of namespace/name/uid/jwt are empty it removes anything previously configured.
It is up to the caller to ensure that the provided JWT matches the other data.
type Validator ¶
type Validator struct {
// contains filtered or unexported fields
}
Validator is the wrapper around the relevant portions of the Kubernetes API that also conforms to the authmethod.Validator interface.
func NewValidator ¶
func NewValidator(method *structs.ACLAuthMethod) (*Validator, error)