server

Documentation

Index

• Constants
• type AuthRequest
  • func (ar AuthRequest) String() string
• type AuthScope
• type AuthServer
  • func NewAuthServer(c *Config) (*AuthServer, error)
  • func (as *AuthServer) Authenticate(ar *AuthRequest) (bool, api.Labels, kubernetes.Client, error)
  • func (as *AuthServer) Authorize(client kubernetes.Client, ar *AuthRequest) ([]AuthzResult, error)
  • func (as *AuthServer) CreateToken(ar *AuthRequest, ares []AuthzResult) (string, error)
  • func (as *AuthServer) ParseRequest(req *http.Request) (*AuthRequest, error)
  • func (as *AuthServer) ServeHTTP(rw http.ResponseWriter, req *http.Request)
  • func (as *AuthServer) Stop()
• type AuthzResult
• type Config
  • func LoadConfig(fileName string) (*Config, error)
• type ServerConfig
• type TokenConfig

Constants

const (
	DefaultMaxRequestsPerAccount    = 1000
	DefaultMaxRequestsPerIP         = 1000
	DefaultReqLimitersResetInterval = 1 * time.Hour
)

Types

type AuthRequest

type AuthRequest struct {
	RemoteConnAddr string
	RemoteAddr     string
	RemoteIP       net.IP
	User           string
	Password       api.PasswordString
	Account        string
	Service        string
	Scopes         []AuthScope
	Labels         api.Labels
}

func (AuthRequest) String

func (ar AuthRequest) String() string

type AuthScope

type AuthScope struct {
	Type    string
	Class   string
	Name    string
	Actions []string
}

type AuthServer

type AuthServer struct {
	// contains filtered or unexported fields
}

func NewAuthServer

func NewAuthServer(c *Config) (*AuthServer, error)

func (*AuthServer) Authenticate

func (as *AuthServer) Authenticate(ar *AuthRequest) (bool, api.Labels, kubernetes.Client, error)

func (*AuthServer) Authorize

func (as *AuthServer) Authorize(client kubernetes.Client, ar *AuthRequest) ([]AuthzResult, error)

func (*AuthServer) CreateToken

func (as *AuthServer) CreateToken(ar *AuthRequest, ares []AuthzResult) (string, error)

CreateToken https://github.com/docker/distribution/blob/master/docs/spec/auth/token.md#example

func (*AuthServer) ParseRequest

func (as *AuthServer) ParseRequest(req *http.Request) (*AuthRequest, error)

func (*AuthServer) ServeHTTP

func (as *AuthServer) ServeHTTP(rw http.ResponseWriter, req *http.Request)

func (*AuthServer) Stop

func (as *AuthServer) Stop()

type AuthzResult

type AuthzResult struct {
	// contains filtered or unexported fields
}

type Config

type Config struct {
	Server ServerConfig `yaml:"server"`
	Token  TokenConfig  `yaml:"token"`
}

func LoadConfig

func LoadConfig(fileName string) (*Config, error)

type ServerConfig

type ServerConfig struct {
	ListenAddress string `yaml:"addr,omitempty"`
	PathPrefix    string `yaml:"path_prefix,omitempty"`

	MaxRequestsPerIP         int           `yaml:"max_requests_per_ip,omitempty"`
	MaxRequestsPerAccount    int           `yaml:"max_requests_per_account,omitempty"`
	ReqLimitersResetInterval time.Duration `yaml:"req_limiters_reset_interval,omitempty"`
	WhiteIPCidrList          []string      `yaml:"white_ip_cidr_list,omitempty"`
	WhiteUserList            []string      `yaml:"white_user_list,omitempty"`
}

nolint:revive

type TokenConfig

type TokenConfig struct {
	Issuer     string `yaml:"issuer,omitempty"`
	CertFile   string `yaml:"certificate,omitempty"`
	KeyFile    string `yaml:"key,omitempty"`
	Expiration int64  `yaml:"expiration,omitempty"`
	// contains filtered or unexported fields
}