Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsValidServiceAccountKeyFile ¶
IsValidServiceAccountKeyFile returns true if a valid public RSA key can be read from the given file
func New ¶
func New(config AuthenticatorConfig) (authenticator.Request, *spec.SecurityDefinitions, error)
New returns an authenticator.Request or an error that supports the standard Kubernetes authentication mechanisms.
func NewAuthenticatorFromTokens ¶
func NewAuthenticatorFromTokens(tokens map[string]*user.DefaultInfo) authenticator.Request
newAuthenticatorFromToken returns an authenticator.Request or an error
Types ¶
type AuthenticatorConfig ¶
type AuthenticatorConfig struct { Anonymous bool AnyToken bool BasicAuthFile string ClientCAFile string TokenAuthFile string OIDCIssuerURL string OIDCClientID string OIDCCAFile string OIDCUsernameClaim string OIDCGroupsClaim string ServiceAccountKeyFiles []string ServiceAccountLookup bool ServiceAccountTokenGetter serviceaccount.ServiceAccountTokenGetter KeystoneURL string WebhookTokenAuthnConfigFile string WebhookTokenAuthnCacheTTL time.Duration RequestHeaderConfig *RequestHeaderConfig }
type RequestHeaderConfig ¶
type RequestHeaderConfig struct { // UsernameHeaders are the headers to check (in order, case-insensitively) for an identity. The first header with a value wins. UsernameHeaders []string // ClientCA points to CA bundle file which is used verify the identity of the front proxy ClientCA string // AllowedClientNames is a list of common names that may be presented by the authenticating front proxy. Empty means: accept any. AllowedClientNames []string }
Click to show internal directories.
Click to hide internal directories.