Documentation
¶
Index ¶
- func Managers(r *http.Request) model.MetadataManagers
- func Var(r *http.Request, name string) (string, bool)
- func WebSecurity(next http.Handler) http.Handler
- func WithAuthentication(a Authenticator) mux.MiddlewareFunc
- func WithErrorSensitivity(sensitivity errawr.ErrorSensitivity) mux.MiddlewareFunc
- func WithManagers(m model.MetadataManagers) mux.MiddlewareFunc
- func WithTrustedProxyHops(n int) mux.MiddlewareFunc
- type Authenticator
- type Credential
- type KubernetesAuthenticator
- type KubernetesAuthenticatorClientFactoryFunc
- type KubernetesAuthenticatorOption
- func KubernetesAuthenticatorWithChainToVaultTransitIntermediary(client *vaultapi.Client, path, key string) KubernetesAuthenticatorOption
- func KubernetesAuthenticatorWithKeyResolver(key interface{}) KubernetesAuthenticatorOption
- func KubernetesAuthenticatorWithKubernetesIntermediary(client *authenticate.KubernetesInterface) KubernetesAuthenticatorOption
- func KubernetesAuthenticatorWithLogServiceIntermediary(client plspb.LogClient) KubernetesAuthenticatorOption
- func KubernetesAuthenticatorWithVaultResolver(addr, path, role string) KubernetesAuthenticatorOption
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func WithAuthentication ¶
func WithAuthentication(a Authenticator) mux.MiddlewareFunc
func WithErrorSensitivity ¶
func WithErrorSensitivity(sensitivity errawr.ErrorSensitivity) mux.MiddlewareFunc
func WithManagers ¶
func WithManagers(m model.MetadataManagers) mux.MiddlewareFunc
func WithTrustedProxyHops ¶
func WithTrustedProxyHops(n int) mux.MiddlewareFunc
Types ¶
type Authenticator ¶
type Authenticator interface {
// Authenticate performs the request mapping to a credential. If the request
// cannot be verified but no other error occurs, this method returns nil.
Authenticate(r *http.Request) (*Credential, error)
}
Authenticator maps an HTTP request to a credential, if possible.
type Credential ¶
type Credential struct {
Managers model.MetadataManagers
Tags []trackers.Tag
}
Credential represents a valid authentication request.
type KubernetesAuthenticator ¶
type KubernetesAuthenticator struct {
// contains filtered or unexported fields
}
func NewKubernetesAuthenticator ¶
func NewKubernetesAuthenticator(factory KubernetesAuthenticatorClientFactoryFunc, opts ...KubernetesAuthenticatorOption) *KubernetesAuthenticator
func (*KubernetesAuthenticator) Authenticate ¶
func (ka *KubernetesAuthenticator) Authenticate(r *http.Request) (*Credential, error)
type KubernetesAuthenticatorClientFactoryFunc ¶
type KubernetesAuthenticatorClientFactoryFunc func(token string) (kubernetes.Interface, error)
type KubernetesAuthenticatorOption ¶
type KubernetesAuthenticatorOption func(ka *KubernetesAuthenticator)
func KubernetesAuthenticatorWithChainToVaultTransitIntermediary ¶
func KubernetesAuthenticatorWithChainToVaultTransitIntermediary(client *vaultapi.Client, path, key string) KubernetesAuthenticatorOption
func KubernetesAuthenticatorWithKeyResolver ¶
func KubernetesAuthenticatorWithKeyResolver(key interface{}) KubernetesAuthenticatorOption
func KubernetesAuthenticatorWithKubernetesIntermediary ¶
func KubernetesAuthenticatorWithKubernetesIntermediary(client *authenticate.KubernetesInterface) KubernetesAuthenticatorOption
func KubernetesAuthenticatorWithLogServiceIntermediary ¶
func KubernetesAuthenticatorWithLogServiceIntermediary(client plspb.LogClient) KubernetesAuthenticatorOption
func KubernetesAuthenticatorWithVaultResolver ¶
func KubernetesAuthenticatorWithVaultResolver(addr, path, role string) KubernetesAuthenticatorOption
Source Files
¶
Click to show internal directories.
Click to hide internal directories.