keystone

package

v0.0.0-...-cdf4e82 Latest Latest Go to latest Published: Mar 22, 2018 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/jaypipes/cloud-provider-openstack

Links

Open Source Insights

Documentation ¶

Index ¶

type KeystoneAuthenticator
- func NewKeystoneAuthenticator(authURL string, caFile string) (*KeystoneAuthenticator, error)
- func (keystoneAuthenticator *KeystoneAuthenticator) AuthenticateToken(token string) (user.Info, bool, error)
type KeystoneAuthorizer
- func NewKeystoneAuthorizer(authURL string, caFile string, policyFile string) (*KeystoneAuthorizer, error)
- func (KeystoneAuthorizer *KeystoneAuthorizer) Authorize(a authorizer.Attributes) (authorized authorizer.Decision, reason string, err error)
type Match
type NonResourcePolicySpec
type Policy
type PolicyList
- func NewFromFile(path string) (PolicyList, error)
type ResourcePolicySpec

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type KeystoneAuthenticator ¶

type KeystoneAuthenticator struct {
	// contains filtered or unexported fields
}

KeystoneAuthenticator contacts openstack keystone to validate user's token passed in the request. The keystone endpoint is passed during apiserver startup

func NewKeystoneAuthenticator ¶

func NewKeystoneAuthenticator(authURL string, caFile string) (*KeystoneAuthenticator, error)

NewKeystoneAuthenticator returns a password authenticator that validates credentials using openstack keystone

func (*KeystoneAuthenticator) AuthenticateToken ¶

func (keystoneAuthenticator *KeystoneAuthenticator) AuthenticateToken(token string) (user.Info, bool, error)

AuthenticatePassword checks the token via Keystone call

type KeystoneAuthorizer ¶

type KeystoneAuthorizer struct {
	// contains filtered or unexported fields
}

func NewKeystoneAuthorizer ¶

func NewKeystoneAuthorizer(authURL string, caFile string, policyFile string) (*KeystoneAuthorizer, error)

func (*KeystoneAuthorizer) Authorize ¶

func (KeystoneAuthorizer *KeystoneAuthorizer) Authorize(a authorizer.Attributes) (authorized authorizer.Decision, reason string, err error)

type Match ¶

type Match struct {
	Type string `json:"type"`

	Value string `json:"value"`
}

type NonResourcePolicySpec ¶

type NonResourcePolicySpec struct {
	// Kubernetes resource API verb like: get, list, watch, create, update, delete, proxy.
	// "*" matches all verbs.
	Verb string `json:"verb"`

	// NonResourcePath matches non-resource request paths.
	// "*" matches all paths
	// "/foo/*" matches all subpaths of foo
	NonResourcePath *string `json:"path"`
}

type Policy ¶

type Policy struct {
	ResourceSpec *ResourcePolicySpec `json:"resource,omitempty"`

	NonResourceSpec *NonResourcePolicySpec `json:"nonresource,omitempty"`

	// One of user:foo, project:bar, role:baz, group:qux
	Match Match `json:"match"`
}

type PolicyList ¶

type PolicyList []*Policy

func NewFromFile ¶

func NewFromFile(path string) (PolicyList, error)

type ResourcePolicySpec ¶

type ResourcePolicySpec struct {
	// Kubernetes resource API verb like: get, list, watch, create, update, delete, proxy.
	// "*" matches all verbs.
	Verb string `json:"verb"`

	// Resource is the name of a resource.
	// "*" matches all resources
	Resource *string `json:"resource"`

	// APIGroup is the name of an API group.
	// "*" matches all API groups
	APIGroup *string `json:"version"`

	// Namespace is the name of a namespace.
	// "*" matches all namespaces (including unnamespaced requests)
	Namespace *string `json:"namespace"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL