Documentation ¶
Index ¶
Constants ¶
const ( Roles = "alpha.kubernetes.io/identity/roles" ProjectID = "alpha.kubernetes.io/identity/project/id" ProjectName = "alpha.kubernetes.io/identity/project/name" DomainID = "alpha.kubernetes.io/identity/user/domain/id" DomainName = "alpha.kubernetes.io/identity/user/domain/name" )
const ( TypeUser string = "user" TypeGroup string = "group" TypeProject string = "project" TypeRole string = "role" )
Supported types for policy match.
const ( Projects = "projects" RoleAssignments = "role_assignments" )
By now only project syncing is supported TODO(mfedosin): Implement syncing of role assignments, system role assignments, and user groups
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Authenticator ¶
type Authenticator struct {
// contains filtered or unexported fields
}
Authenticator contacts openstack keystone to validate user's token passed in the request. The keystone endpoint is passed during apiserver startup
func (*Authenticator) AuthenticateToken ¶
AuthenticateToken checks the token via Keystone call
type Authorizer ¶
type Authorizer struct {
// contains filtered or unexported fields
}
Authorizer contacts openstack keystone to check whether the user can perform requested operations. The keystone endpoint and policy list are passed during apiserver startup
func (*Authorizer) Authorize ¶
func (a *Authorizer) Authorize(attributes authorizer.Attributes) (authorized authorizer.Decision, reason string, err error)
Authorize checks whether the user can perform an operation
type Config ¶
type Config struct { Address string CertFile string KeyFile string KeystoneURL string KeystoneCA string PolicyFile string PolicyConfigMapName string SyncConfigFile string SyncConfigMapName string Kubeconfig string }
Config configures a keystone webhook server
func (*Config) ValidateFlags ¶
ValidateFlags validates whether flags are set up correctly
type KeystoneAuth ¶
type KeystoneAuth struct {
// contains filtered or unexported fields
}
KeystoneAuth manages authentication and authorization
func NewKeystoneAuth ¶
func NewKeystoneAuth(c *Config) (*KeystoneAuth, error)
NewKeystoneAuth returns a new KeystoneAuth controller
func (*KeystoneAuth) Handler ¶
func (k *KeystoneAuth) Handler(w http.ResponseWriter, r *http.Request)
Handler serves the http requests
type Options ¶
type Options struct { AuthOptions gophercloud.AuthOptions ClientCertPath string ClientKeyPath string ClientCAPath string }