Documentation
¶
Index ¶
- Constants
- Variables
- func ContextWithUserInfo(ctx context.Context, app *v1beta1.Application) context.Context
- func GetUserInfoInAnnotation(obj *metav1.ObjectMeta) user.Info
- func NewImpersonatingRoundTripper(rt http.RoundTripper) http.RoundTripper
- func SetUserInfoInAnnotation(obj *metav1.ObjectMeta, userInfo authv1.UserInfo)
Constants ¶
View Source
const ( // DefaultAuthenticateGroupPattern default value of groups patterns for authentication DefaultAuthenticateGroupPattern = types.KubeVelaName + ":*" )
Variables ¶
View Source
var ( // AuthenticationWithUser flag for enable the authentication of User in requests AuthenticationWithUser = false // AuthenticationDefaultUser the default user to use while no User is set in application AuthenticationDefaultUser = user.Anonymous // AuthenticationGroupPattern pattern for the authentication of Group in requests AuthenticationGroupPattern = DefaultAuthenticateGroupPattern )
Functions ¶
func ContextWithUserInfo ¶ added in v1.4.0
ContextWithUserInfo inject username & group from app annotations into context If serviceAccount is set and username is empty, identity will user the serviceAccount
func GetUserInfoInAnnotation ¶ added in v1.4.0
func GetUserInfoInAnnotation(obj *metav1.ObjectMeta) user.Info
GetUserInfoInAnnotation extract user info from annotations support compatibility for serviceAccount when name is empty
func NewImpersonatingRoundTripper ¶
func NewImpersonatingRoundTripper(rt http.RoundTripper) http.RoundTripper
NewImpersonatingRoundTripper will add an ImpersonateUser header to a request if the context has a specific user whom to act-as.
func SetUserInfoInAnnotation ¶ added in v1.4.0
func SetUserInfoInAnnotation(obj *metav1.ObjectMeta, userInfo authv1.UserInfo)
SetUserInfoInAnnotation set username and group from userInfo into annotations it will clear the existing service account annotation in avoid of permission leak
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.