auth

package
v1.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 2, 2019 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source
const (
	AnnotationAuthType                     string = "auth-type"
	AnnotationAuthScope                    string = "auth-scope"
	AnnotationAuthSessionCookie            string = "auth-session-cookie"
	AnnotationAuthSessionTimeout           string = "auth-session-timeout"
	AnnotationAuthOnUnauthenticatedRequest string = "auth-on-unauthenticated-request"
	AnnotationAuthIDPCognito               string = "auth-idp-cognito"
	AnnotationAuthIDPOIDC                  string = "auth-idp-oidc"
)
View Source
const (
	DefaultAuthType                     = TypeNone
	DefaultAuthScope                    = "openid"
	DefaultAuthSessionCookie            = "AWSELBAuthSessionCookie"
	DefaultAuthSessionTimeout           = 604800
	DefaultAuthOnUnauthenticatedRequest = OnUnauthenticatedRequestAuthenticate
)
View Source
const FieldAuthOIDCSecret = "authOIDCSecret"

Variables

This section is empty.

Functions

This section is empty.

Types

type AnnotationSchemaIDPOIDC

type AnnotationSchemaIDPOIDC struct {
	AuthenticationRequestExtraParams AuthenticationRequestExtraParams
	AuthorizationEndpoint            string
	Issuer                           string
	TokenEndpoint                    string
	UserInfoEndpoint                 string

	SecretName string
}

the annotation schema for configuring IDPOIDC You can specify clientId & ClientSecret directly, or configure it as k8s secret The secret should be in same namespace as ingress/service and configured as "clientId: base64(ClientId) clientSecret: base64(ClientSecret)"

type AuthenticationRequestExtraParams added in v1.1.3

type AuthenticationRequestExtraParams map[string]string

parameters are specified as strings multiple values for a parameter are not supported

type Config

type Config struct {
	Type                     Type
	Scope                    string
	SessionCookie            string
	SessionTimeout           int64
	OnUnauthenticatedRequest OnUnauthenticatedRequest

	IDPCognito IDPCognito
	IDPOIDC    IDPOIDC
}

authentication configuration

type EnqueueRequestsForSecretEvent

type EnqueueRequestsForSecretEvent struct {
	Cache       cache.Cache
	IngressChan chan<- event.GenericEvent
	ServiceChan chan<- event.GenericEvent
}

func (*EnqueueRequestsForSecretEvent) Create

Create is called in response to an create event - e.g. Pod Creation.

func (*EnqueueRequestsForSecretEvent) Delete

Delete is called in response to a delete event - e.g. Pod Deleted.

func (*EnqueueRequestsForSecretEvent) Generic

Generic is called in response to an event of an unknown type or a synthetic event triggered as a cron or external trigger request - e.g. reconcile Autoscaling, or a Webhook.

func (*EnqueueRequestsForSecretEvent) Update

Update is called in response to an update event - e.g. Pod Updated.

type IDPCognito

type IDPCognito struct {
	AuthenticationRequestExtraParams AuthenticationRequestExtraParams
	UserPoolArn                      string
	UserPoolClientId                 string
	UserPoolDomain                   string
}

configuration for IDP of Cognito

type IDPOIDC

type IDPOIDC struct {
	AuthenticationRequestExtraParams AuthenticationRequestExtraParams
	AuthorizationEndpoint            string
	ClientId                         string
	ClientSecret                     string
	Issuer                           string
	TokenEndpoint                    string
	UserInfoEndpoint                 string
}

configuration for IDP of OIDC

type Module

type Module interface {
	// Init setup index & watch functionality.
	Init(controller controller.Controller, ingressChan chan<- event.GenericEvent, serviceChan chan<- event.GenericEvent) error

	// NewConfig builds authentication config for ingress & ingressBackend.
	NewConfig(ctx context.Context, ingress *extensions.Ingress, backend extensions.IngressBackend, protocol string) (Config, error)
}

Authentication module interface

func NewModule

func NewModule(cache cache.Cache) Module

NewModule constructs new Authentication module

type OnUnauthenticatedRequest

type OnUnauthenticatedRequest string
const (
	OnUnauthenticatedRequestAuthenticate OnUnauthenticatedRequest = "authenticate"
	OnUnauthenticatedRequestAllow        OnUnauthenticatedRequest = "allow"
	OnUnauthenticatedRequestDeny         OnUnauthenticatedRequest = "deny"
)

type Type

type Type string

authentication type

const (
	TypeNone    Type = "none"
	TypeCognito Type = "cognito"
	TypeOIDC    Type = "oidc"
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL