kubeauth

package

v1.16.100 Latest Latest Go to latest Published: Aug 14, 2023 License: MPL-2.0 Imports: 32 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hernad/consul

Documentation ¶

Index ¶

type Config
type TestAPIServer
- func StartTestAPIServer(t testing.T) *TestAPIServer
type Validator
- func NewValidator(method *structs.ACLAuthMethod) (*Validator, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	// Host must be a host string, a host:port pair, or a URL to the base of
	// the Kubernetes API server.
	Host string `json:",omitempty"`

	// PEM encoded CA cert for use by the TLS client used to talk with the
	// Kubernetes API. Every line must end with a newline: \n
	CACert string `json:",omitempty"`

	// A service account JWT used to access the TokenReview API to validate
	// other JWTs during login. It also must be able to read ServiceAccount
	// annotations.
	ServiceAccountJWT string `json:",omitempty"`
	// contains filtered or unexported fields
}

type TestAPIServer ¶

type TestAPIServer struct {
	// contains filtered or unexported fields
}

TestAPIServer is a way to mock the Kubernetes API server as it is used by the consul kubernetes auth method.

POST /apis/authentication.k8s.io/v1/tokenreviews
GET /api/v1/namespaces/<NAMESPACE>/serviceaccounts/<NAME>

func StartTestAPIServer ¶

func StartTestAPIServer(t testing.T) *TestAPIServer

StartTestAPIServer creates a disposable TestAPIServer and binds it to a random free port.

func (*TestAPIServer) Addr ¶

func (s *TestAPIServer) Addr() string

Addr returns the current base URL for the running webserver.

func (*TestAPIServer) AuthorizeJWT ¶

func (s *TestAPIServer) AuthorizeJWT(jwt string)

AuthorizeJWT allowlists the given JWT as able to use the API server.

func (*TestAPIServer) CACert ¶

func (s *TestAPIServer) CACert() string

CACert returns the pem-encoded CA certificate used by the HTTPS server.

func (*TestAPIServer) ServeHTTP ¶

func (s *TestAPIServer) ServeHTTP(w http.ResponseWriter, req *http.Request)

func (*TestAPIServer) SetAllowedServiceAccount ¶

func (s *TestAPIServer) SetAllowedServiceAccount(
	namespace, name, uid, overrideAnnotation, jwt string,
)

SetAllowedServiceAccount configures the singular known Service Account installed in this API server. If any of namespace/name/uid/jwt are empty it removes anything previously configured.

It is up to the caller to ensure that the provided JWT matches the other data.

func (*TestAPIServer) Stop ¶

func (s *TestAPIServer) Stop()

Stop stops the running TestAPIServer.

type Validator ¶

type Validator struct {
	// contains filtered or unexported fields
}

Validator is the wrapper around the relevant portions of the Kubernetes API that also conforms to the authmethod.Validator interface.

func NewValidator ¶

func NewValidator(method *structs.ACLAuthMethod) (*Validator, error)

func (*Validator) Name ¶

func (v *Validator) Name() string

func (*Validator) NewIdentity ¶

func (v *Validator) NewIdentity() *authmethod.Identity

func (*Validator) Stop ¶

func (v *Validator) Stop()

func (*Validator) ValidateLogin ¶

func (v *Validator) ValidateLogin(ctx context.Context, loginToken string) (*authmethod.Identity, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL