Documentation
¶
Overview ¶
Kubernetes HTTP auth middleware for managing access via client ID (service account token) present in request header.
Index ¶
Constants ¶
View Source
const (
AuthStatusContextKey contextKey = "k8s-http-auth.middleware.status"
)
Variables ¶
View Source
var ( JSONNotImplementedHandler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { w.Header().Set("Content-Type", "application/json") w.WriteHeader(http.StatusNotImplemented) _ = json.NewEncoder(w).Encode(map[string]string{ "error": "not implemented", "details": strings.Join([]string{ "you are likely seeing this because there is no \"next\" handler", "available in the k8s-http-auth middleware", }, " "), }) }) w.Header().Set("Content-Type", "application/json") w.WriteHeader(http.StatusUnauthorized) _ = json.NewEncoder(w).Encode(map[string]string{"error": "unauthorized"}) }) )
Functions ¶
This section is empty.
Types ¶
type Middleware ¶
type Middleware interface { http.Handler // WithNext accepts the "next" http.Handler in the middleware // stack and returns the wrapping Middleware. WithNext(http.Handler) Middleware }
Middleware is an http.Handler that knows how to wrap another http.Handler as in a middleware chain.
func New ¶
func New(rev reviewer.TokenReviewCreator, opts *Options) Middleware
New creates a Middleware for use with an http mux (router).
type Options ¶
type Options struct { // Audiences are passed directly with a token review when // validating a request. Audiences []string // IDHeader is the header key checked when validating a // request. IDHeader string // authorized. The handler is expected to run // http.ResponseWriter.WriteHeader. If not provided, the // default will be JSONUnauthorizedHandler. UnauthorizedHandler http.Handler }
Options may be passed to New when creating a middleware func type.
Click to show internal directories.
Click to hide internal directories.