Documentation
¶
Index ¶
- type ClientCertAuthenticationOptions
- type DelegatingAuthenticationOptions
- type DelegatingAuthorizationOptions
- type OpenShiftProvider
- func (p *OpenShiftProvider) Bind(flags *flag.FlagSet)
- func (p *OpenShiftProvider) Complete(data *providers.ProviderData, reviewURL *url.URL) error
- func (p *OpenShiftProvider) GetEmailAddress(s *providers.SessionState) (string, error)
- func (p *OpenShiftProvider) GetLoginURL() (*url.URL, error)
- func (p *OpenShiftProvider) GetRedeemURL() (*url.URL, error)
- func (p *OpenShiftProvider) GetReviewCAs() []string
- func (p *OpenShiftProvider) LoadDefaults(serviceAccount string, reviewJSON, reviewByHostJSON, resources string) (*providers.ProviderData, error)
- func (p *OpenShiftProvider) Redeem(redeemURL *url.URL, redirectURL, code string) (s *providers.SessionState, err error)
- func (p *OpenShiftProvider) ReviewUser(name, accessToken, host string) error
- func (p *OpenShiftProvider) SetClientCAFile(file string)
- func (p *OpenShiftProvider) SetReviewCAs(cas []string)
- func (p *OpenShiftProvider) ValidateRequest(req *http.Request) (*providers.SessionState, error)
- type RequestHeaderAuthenticationOptions
- type StringSlice
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ClientCertAuthenticationOptions ¶
type ClientCertAuthenticationOptions struct {
// ClientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates
ClientCA string
}
type DelegatingAuthenticationOptions ¶
type DelegatingAuthenticationOptions struct {
// RemoteKubeConfigFile is the file to use to connect to a "normal" kube API server which hosts the
// TokenAccessReview.authentication.k8s.io endpoint for checking tokens.
RemoteKubeConfigFile string
// CacheTTL is the length of time that a token authentication answer will be cached.
CacheTTL time.Duration
ClientCert ClientCertAuthenticationOptions
RequestHeader RequestHeaderAuthenticationOptions
SkipInClusterLookup bool
}
DelegatingAuthenticationOptions provides an easy way for composing API servers to delegate their authentication to the root kube API server. The API federator will act as a front proxy and direction connections will be able to delegate to the core kube API server
func NewDelegatingAuthenticationOptions ¶
func NewDelegatingAuthenticationOptions() *DelegatingAuthenticationOptions
func (*DelegatingAuthenticationOptions) AddFlags ¶
func (s *DelegatingAuthenticationOptions) AddFlags(fs *flag.FlagSet)
func (*DelegatingAuthenticationOptions) ToAuthenticationConfig ¶
func (s *DelegatingAuthenticationOptions) ToAuthenticationConfig() (authenticatorfactory.DelegatingAuthenticatorConfig, error)
func (*DelegatingAuthenticationOptions) Validate ¶
func (s *DelegatingAuthenticationOptions) Validate() []error
type DelegatingAuthorizationOptions ¶
type DelegatingAuthorizationOptions struct {
// RemoteKubeConfigFile is the file to use to connect to a "normal" kube API server which hosts the
// SubjectAccessReview.authorization.k8s.io endpoint for checking tokens.
RemoteKubeConfigFile string
// AllowCacheTTL is the length of time that a successful authorization response will be cached
AllowCacheTTL time.Duration
// DenyCacheTTL is the length of time that an unsuccessful authorization response will be cached.
// You generally want more responsive, "deny, try again" flows.
DenyCacheTTL time.Duration
}
DelegatingAuthorizationOptions provides an easy way for composing API servers to delegate their authorization to the root kube API server
func NewDelegatingAuthorizationOptions ¶
func NewDelegatingAuthorizationOptions() *DelegatingAuthorizationOptions
func (*DelegatingAuthorizationOptions) AddFlags ¶
func (s *DelegatingAuthorizationOptions) AddFlags(fs *flag.FlagSet)
func (*DelegatingAuthorizationOptions) ToAuthorizationConfig ¶
func (s *DelegatingAuthorizationOptions) ToAuthorizationConfig() (authorizerfactory.DelegatingAuthorizerConfig, error)
func (*DelegatingAuthorizationOptions) Validate ¶
func (s *DelegatingAuthorizationOptions) Validate() []error
type OpenShiftProvider ¶
type OpenShiftProvider struct {
*providers.ProviderData
ReviewURL *url.URL
ReviewCAs []string
AuthenticationOptions DelegatingAuthenticationOptions
AuthorizationOptions DelegatingAuthorizationOptions
// contains filtered or unexported fields
}
func New ¶
func New() *OpenShiftProvider
func (*OpenShiftProvider) Bind ¶
func (p *OpenShiftProvider) Bind(flags *flag.FlagSet)
func (*OpenShiftProvider) Complete ¶
func (p *OpenShiftProvider) Complete(data *providers.ProviderData, reviewURL *url.URL) error
Complete performs final setup on the provider or returns an error.
func (*OpenShiftProvider) GetEmailAddress ¶
func (p *OpenShiftProvider) GetEmailAddress(s *providers.SessionState) (string, error)
func (*OpenShiftProvider) GetLoginURL ¶
func (p *OpenShiftProvider) GetLoginURL() (*url.URL, error)
func (*OpenShiftProvider) GetRedeemURL ¶
func (p *OpenShiftProvider) GetRedeemURL() (*url.URL, error)
func (*OpenShiftProvider) GetReviewCAs ¶
func (p *OpenShiftProvider) GetReviewCAs() []string
func (*OpenShiftProvider) LoadDefaults ¶
func (p *OpenShiftProvider) LoadDefaults(serviceAccount string, reviewJSON, reviewByHostJSON, resources string) (*providers.ProviderData, error)
LoadDefaults accepts configuration and loads defaults from the environment, or returns an error. The provider may partially initialize config for subsequent calls.
func (*OpenShiftProvider) Redeem ¶
func (p *OpenShiftProvider) Redeem(redeemURL *url.URL, redirectURL, code string) (s *providers.SessionState, err error)
Copied up only to set a different client CA
func (*OpenShiftProvider) ReviewUser ¶
func (p *OpenShiftProvider) ReviewUser(name, accessToken, host string) error
func (*OpenShiftProvider) SetClientCAFile ¶
func (p *OpenShiftProvider) SetClientCAFile(file string)
func (*OpenShiftProvider) SetReviewCAs ¶
func (p *OpenShiftProvider) SetReviewCAs(cas []string)
func (*OpenShiftProvider) ValidateRequest ¶
func (p *OpenShiftProvider) ValidateRequest(req *http.Request) (*providers.SessionState, error)
type RequestHeaderAuthenticationOptions ¶
type RequestHeaderAuthenticationOptions struct {
UsernameHeaders StringSlice
GroupHeaders StringSlice
ExtraHeaderPrefixes StringSlice
ClientCAFile string
AllowedNames StringSlice
}
func (*RequestHeaderAuthenticationOptions) AddFlags ¶
func (s *RequestHeaderAuthenticationOptions) AddFlags(fs *flag.FlagSet)
func (*RequestHeaderAuthenticationOptions) ToAuthenticationRequestHeaderConfig ¶
func (s *RequestHeaderAuthenticationOptions) ToAuthenticationRequestHeaderConfig() *authenticatorfactory.RequestHeaderConfig
ToAuthenticationRequestHeaderConfig returns a RequestHeaderConfig config object for these options if necessary, nil otherwise.
type StringSlice ¶
type StringSlice []string
func (*StringSlice) Set ¶
func (s *StringSlice) Set(value string) error
func (*StringSlice) String ¶
func (s *StringSlice) String() string
Source Files
Click to show internal directories.
Click to hide internal directories.