api

package

v0.0.0-...-675700b Latest Latest Go to latest Published: Nov 8, 2023 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/labring/sealos

Documentation ¶

Index ¶

Variables
type AuthRequestInfo
- func (ai AuthRequestInfo) String() string
type Authenticator
type Authorizer
type Labels
type PasswordString
- func (ps PasswordString) String() string

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrNoMatch = errors.New("did not match any rule")

View Source

var ErrWrongPass = errors.New("wrong password for user")

Functions ¶

This section is empty.

Types ¶

type AuthRequestInfo ¶

type AuthRequestInfo struct {
	Account    string
	Type       string
	Name       string
	Service    string
	IP         net.IP
	Actions    []string
	Labels     Labels
	Kubeconfig string
}

func (AuthRequestInfo) String ¶

func (ai AuthRequestInfo) String() string

String Rewrite String method to prevent password leakage via print AuthRequestInfo

type Authenticator ¶

type Authenticator interface {
	// Authenticate Given a username and a password (plain text), responds with the result or an error.
	// Error should only be reported if request could not be serviced, not if it should be denied.
	// A special ErrNoMatch error is returned if the authorizer could not reach a decision,
	// e.g. none of the rules matched.
	// Another special ErrWrongPass error is returned if the authorizer failed to authenticate.
	// Implementations must be goroutine-safe.
	Authenticate(user string, password PasswordString) (bool, Labels, kubernetes.Client, error)

	// Stop Finalize resources in preparation for shutdown.
	// When this call is made there are guaranteed to be no Authenticate requests in flight
	// and there will be no more calls made to this instance.
	Stop()
}

Authenticator Authentication plugin interface.

type Authorizer ¶

type Authorizer interface {
	// Authorize performs authorization given the request information.
	// It returns a set of authorized actions (of the set requested), which can be empty/nil.
	// Error should only be reported if request could not be serviced, not if it should be denied.
	// A special ErrNoMatch error is returned if the authorizer could not reach a decision,
	// e.g. none of the rules matched.
	// Implementations must be goroutine-safe.
	Authorize(client kubernetes.Client, ai *AuthRequestInfo) ([]string, error)

	// Stop Finalize resources in preparation for shutdown.
	// When this call is made there are guaranteed to be no Authenticate requests in flight
	// and there will be no more calls made to this instance.
	Stop()
}

Authorizer interface performs authorization of the request. It is invoked after authentication, so it can be assumed that the requestor has presented satisfactory credentials for Account. Principally, it answers the question: is this Account allowed to perform these Actions on this Type.Name subject in the give Service?

type Labels ¶

type Labels map[string][]string

type PasswordString ¶

type PasswordString string

func (PasswordString) String ¶

func (ps PasswordString) String() string

String Rewrite String method to prevent password leakage via print PasswordString

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL