Documentation
¶
Overview ¶
Kubernetes HTTP auth middleware for managing access via client ID (service account token) present in request header.
Index ¶
Constants ¶
View Source
const (
AuthStatusContextKey contextKey = "k8s-http-auth.middleware.status"
)
Variables ¶
View Source
var ( JSONNotImplementedHandler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { w.Header().Set("Content-Type", "application/json") w.WriteHeader(http.StatusNotImplemented) _ = json.NewEncoder(w).Encode(map[string]string{ "error": "not implemented", "details": strings.Join([]string{ "you are likely seeing this because there is no \"next\" handler", "available in the k8s-http-auth middleware", }, " "), }) }) w.Header().Set("Content-Type", "application/json") w.WriteHeader(http.StatusUnauthorized) _ = json.NewEncoder(w).Encode(map[string]string{"error": "unauthorized"}) }) )
Functions ¶
This section is empty.
Types ¶
type Middleware ¶
type Middleware interface {
http.Handler
// WithNext accepts the "next" http.Handler in the middleware
// stack and returns the wrapping Middleware.
WithNext(http.Handler) Middleware
}
Middleware is an http.Handler that knows how to wrap another http.Handler as in a middleware chain.
func New ¶
func New(rev reviewer.TokenReviewCreator, opts *Options) Middleware
New creates a Middleware for use with an http mux (router).
type Options ¶
type Options struct {
// Audiences are passed directly with a token review when
// validating a request.
Audiences []string
// IDHeader is the header key checked when validating a
// request.
IDHeader string
// authorized. The handler is expected to run
// http.ResponseWriter.WriteHeader. If not provided, the
// default will be JSONUnauthorizedHandler.
UnauthorizedHandler http.Handler
}
Options may be passed to New when creating a middleware func type.
Source Files
Click to show internal directories.
Click to hide internal directories.