Documentation ¶
Index ¶
- Constants
- type AnnotationSchemaIDPOIDC
- type Config
- type EnqueueRequestsForSecretEvent
- func (h *EnqueueRequestsForSecretEvent) Create(e event.CreateEvent, queue workqueue.RateLimitingInterface)
- func (h *EnqueueRequestsForSecretEvent) Delete(e event.DeleteEvent, queue workqueue.RateLimitingInterface)
- func (h *EnqueueRequestsForSecretEvent) Generic(event.GenericEvent, workqueue.RateLimitingInterface)
- func (h *EnqueueRequestsForSecretEvent) Update(e event.UpdateEvent, queue workqueue.RateLimitingInterface)
- type IDPCognito
- type IDPOIDC
- type Module
- type OnUnauthenticatedRequest
- type Type
Constants ¶
const ( AnnotationAuthType string = "auth-type" AnnotationAuthScope string = "auth-scope" AnnotationAuthSessionCookie string = "auth-session-cookie" AnnotationAuthSessionTimeout string = "auth-session-timeout" AnnotationAuthOnUnauthenticatedRequest string = "auth-on-unauthenticated-request" AnnotationAuthIDPCognito string = "auth-idp-cognito" AnnotationAuthIDPOIDC string = "auth-idp-oidc" )
const ( DefaultAuthType = TypeNone DefaultAuthScope = "openid" DefaultAuthSessionCookie = "AWSELBAuthSessionCookie" DefaultAuthSessionTimeout = 604800 DefaultAuthOnUnauthenticatedRequest = OnUnauthenticatedRequestAuthenticate )
const FieldAuthOIDCSecret = "authOIDCSecret"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AnnotationSchemaIDPOIDC ¶
type AnnotationSchemaIDPOIDC struct { Issuer string AuthorizationEndpoint string TokenEndpoint string UserInfoEndpoint string SecretName string }
the annotation schema for configuring IDPOIDC You can specify clientId & ClientSecret directly, or configure it as k8s secret The secret should be in same namespace as ingress/service and configured as "clientId: base64(ClientId) clientSecret: base64(ClientSecret)"
type Config ¶
type Config struct { Type Type Scope string SessionCookie string SessionTimeout int64 OnUnauthenticatedRequest OnUnauthenticatedRequest IDPCognito IDPCognito IDPOIDC IDPOIDC }
authentication configuration
type EnqueueRequestsForSecretEvent ¶
type EnqueueRequestsForSecretEvent struct { Cache cache.Cache IngressChan chan<- event.GenericEvent ServiceChan chan<- event.GenericEvent }
func (*EnqueueRequestsForSecretEvent) Create ¶
func (h *EnqueueRequestsForSecretEvent) Create(e event.CreateEvent, queue workqueue.RateLimitingInterface)
Create is called in response to an create event - e.g. Pod Creation.
func (*EnqueueRequestsForSecretEvent) Delete ¶
func (h *EnqueueRequestsForSecretEvent) Delete(e event.DeleteEvent, queue workqueue.RateLimitingInterface)
Delete is called in response to a delete event - e.g. Pod Deleted.
func (*EnqueueRequestsForSecretEvent) Generic ¶
func (h *EnqueueRequestsForSecretEvent) Generic(event.GenericEvent, workqueue.RateLimitingInterface)
Generic is called in response to an event of an unknown type or a synthetic event triggered as a cron or external trigger request - e.g. reconcile Autoscaling, or a Webhook.
func (*EnqueueRequestsForSecretEvent) Update ¶
func (h *EnqueueRequestsForSecretEvent) Update(e event.UpdateEvent, queue workqueue.RateLimitingInterface)
Update is called in response to an update event - e.g. Pod Updated.
type IDPCognito ¶
configuration for IDP of Cognito
type IDPOIDC ¶
type IDPOIDC struct { Issuer string AuthorizationEndpoint string TokenEndpoint string UserInfoEndpoint string ClientId string ClientSecret string }
configuration for IDP of OIDC
type Module ¶
type Module interface { // Init setup index & watch functionality. Init(controller controller.Controller, ingressChan chan<- event.GenericEvent, serviceChan chan<- event.GenericEvent) error // NewConfig builds authentication config for ingress & ingressBackend. NewConfig(ctx context.Context, ingress *extensions.Ingress, backend extensions.IngressBackend, protocol string) (Config, error) }
Authentication module interface
type OnUnauthenticatedRequest ¶
type OnUnauthenticatedRequest string
const ( OnUnauthenticatedRequestAuthenticate OnUnauthenticatedRequest = "authenticate" OnUnauthenticatedRequestAllow OnUnauthenticatedRequest = "allow" OnUnauthenticatedRequestDeny OnUnauthenticatedRequest = "deny" )