Documentation ¶
Index ¶
- Constants
- func DebugWrappers(rt http.RoundTripper) http.RoundTripper
- func HTTPWrappersForConfig(config *Config, rt http.RoundTripper) (http.RoundTripper, error)
- func New(config *Config) (http.RoundTripper, error)
- func NewAuthProxyRoundTripper(username string, groups []string, extra map[string][]string, ...) http.RoundTripper
- func NewBasicAuthRoundTripper(username, password string, rt http.RoundTripper) http.RoundTripper
- func NewBearerAuthRoundTripper(bearer string, rt http.RoundTripper) http.RoundTripper
- func NewImpersonatingRoundTripper(impersonate ImpersonationConfig, delegate http.RoundTripper) http.RoundTripper
- func NewUserAgentRoundTripper(agent string, rt http.RoundTripper) http.RoundTripper
- func SetAuthProxyHeaders(req *http.Request, username string, groups []string, extra map[string][]string)
- func TLSConfigFor(c *Config) (*tls.Config, error)
- type Config
- type ImpersonationConfig
- type TLSConfig
Constants ¶
const ( // ImpersonateUserHeader is used to impersonate a particular user during an API server request ImpersonateUserHeader = "Impersonate-User" // ImpersonateGroupHeader is used to impersonate a particular group during an API server request. // It can be repeated multiplied times for multiple groups. ImpersonateGroupHeader = "Impersonate-Group" // ImpersonateUserExtraHeaderPrefix is a prefix for a header used to impersonate an entry in the // extra map[string][]string for user.Info. The key for the `extra` map is suffix. // The same key can be repeated multiple times to have multiple elements in the slice under a single key. // For instance: // Impersonate-Extra-Foo: one // Impersonate-Extra-Foo: two // results in extra["Foo"] = []string{"one", "two"} ImpersonateUserExtraHeaderPrefix = "Impersonate-Extra-" )
These correspond to the headers used in pkg/apis/authentication. We don't want the package dependency, but you must not change the values.
Variables ¶
This section is empty.
Functions ¶
func DebugWrappers ¶
func DebugWrappers(rt http.RoundTripper) http.RoundTripper
DebugWrappers wraps a round tripper and logs based on the current log level.
func HTTPWrappersForConfig ¶
func HTTPWrappersForConfig(config *Config, rt http.RoundTripper) (http.RoundTripper, error)
HTTPWrappersForConfig wraps a round tripper with any relevant layered behavior from the config. Exposed to allow more clients that need HTTP-like behavior but then must hijack the underlying connection (like WebSocket or HTTP2 clients). Pure HTTP clients should use the RoundTripper returned from New.
func New ¶
func New(config *Config) (http.RoundTripper, error)
New returns an http.RoundTripper that will provide the authentication or transport level security defined by the provided Config.
func NewAuthProxyRoundTripper ¶
func NewAuthProxyRoundTripper(username string, groups []string, extra map[string][]string, rt http.RoundTripper) http.RoundTripper
NewAuthProxyRoundTripper provides a roundtripper which will add auth proxy fields to requests for authentication terminating proxy cases assuming you pull the user from the context: username is the user.Info.GetName() of the user groups is the user.Info.GetGroups() of the user extra is the user.Info.GetExtra() of the user extra can contain any additional information that the authenticator thought was interesting, for example authorization scopes. In order to faithfully round-trip through an impersonation flow, these keys MUST be lowercase.
func NewBasicAuthRoundTripper ¶
func NewBasicAuthRoundTripper(username, password string, rt http.RoundTripper) http.RoundTripper
NewBasicAuthRoundTripper will apply a BASIC auth authorization header to a request unless it has already been set.
func NewBearerAuthRoundTripper ¶
func NewBearerAuthRoundTripper(bearer string, rt http.RoundTripper) http.RoundTripper
NewBearerAuthRoundTripper adds the provided bearer token to a request unless the authorization header has already been set.
func NewImpersonatingRoundTripper ¶
func NewImpersonatingRoundTripper(impersonate ImpersonationConfig, delegate http.RoundTripper) http.RoundTripper
NewImpersonatingRoundTripper will add an Act-As header to a request unless it has already been set.
func NewUserAgentRoundTripper ¶
func NewUserAgentRoundTripper(agent string, rt http.RoundTripper) http.RoundTripper
Types ¶
type Config ¶
type Config struct { // UserAgent is an optional field that specifies the caller of this // request. UserAgent string // The base TLS configuration for this transport. TLS TLSConfig // Username and password for basic authentication Username string Password string // Bearer token for authentication BearerToken string // Impersonate is the config that this Config will impersonate using Impersonate ImpersonationConfig // Transport may be used for custom HTTP behavior. This attribute may // not be specified with the TLS client certificate options. Use // WrapTransport for most client level operations. Transport http.RoundTripper // WrapTransport will be invoked for custom HTTP behavior after the // underlying transport is initialized (either the transport created // from TLSClientConfig, Transport, or http.DefaultTransport). The // config may layer other RoundTrippers on top of the returned // RoundTripper. WrapTransport func(rt http.RoundTripper) http.RoundTripper // Dial specifies the dial function for creating unencrypted TCP connections. Dial func(ctx context.Context, network, address string) (net.Conn, error) }
Config holds various options for establishing a transport.
func (*Config) HasBasicAuth ¶
HasBasicAuth returns whether the configuration has basic authentication or not.
func (*Config) HasCertAuth ¶
HasCertAuth returns whether the configuration has certificate authentication or not.
func (*Config) HasCertCallback ¶
HasCertCallbacks returns whether the configuration has certificate callback or not.
func (*Config) HasTokenAuth ¶
HasTokenAuth returns whether the configuration has token authentication or not.
type ImpersonationConfig ¶
type ImpersonationConfig struct { // UserName matches user.Info.GetName() UserName string // Groups matches user.Info.GetGroups() Groups []string // Extra matches user.Info.GetExtra() Extra map[string][]string }
ImpersonationConfig has all the available impersonation options
type TLSConfig ¶
type TLSConfig struct { CAFile string // Path of the PEM-encoded server trusted root certificates. CertFile string // Path of the PEM-encoded client certificate. KeyFile string // Path of the PEM-encoded client key. Insecure bool // Server should be accessed without verifying the certificate. For testing only. ServerName string // Override for the server name passed to the server for SNI and used to verify certificates. CAData []byte // Bytes of the PEM-encoded server trusted root certificates. Supercedes CAFile. CertData []byte // Bytes of the PEM-encoded client certificate. Supercedes CertFile. KeyData []byte // Bytes of the PEM-encoded client key. Supercedes KeyFile. GetCert func() (*tls.Certificate, error) // Callback that returns a TLS client certificate. CertData, CertFile, KeyData and KeyFile supercede this field. }
TLSConfig holds the information needed to set up a TLS transport.