Documentation
¶
Index ¶
- Constants
- Variables
- func AddLdapCredintialsVolumesAndVolumeMounts(bindCredentials commonsv1alpha1.Credentials) (ldapSecretVolume *corev1.Volume, ldapSecretVolumeMount *corev1.VolumeMount)
- func CreateOidcProviderHintSecurityEnvKey(proivderHint OIDCIdentityProvierHit, metadataItem string) string
- func ExtractLdapCredintialsAndExportCommand() string
- func GetScheme(oidcProvider *authv1alpha1.OIDCProvider) string
- func IsTls(oidcProvider *authv1alpha1.OIDCProvider) bool
- type AuthenticationConfigGenerator
- type AuthenticationProvider
- type AuthenticationResult
- type AuthenticationType
- type GithubMetadata
- type KeycloakMetadata
- type LDAPAuthenticationConfigGenerator
- type OIDCIdentityProvierHit
- type OidcAuthenticationConfigGenerator
- type OidcProviderMetadataExtractor
Constants ¶
View Source
const ( RedirectUri = "http://127.0.0.1:12345/dolphinscheduler/redirect/login/oauth2" CallbackUri = "http://127.0.0.1:12345/dolphinscheduler/ui/login" OidcClientIdKey = "CLIENT_ID" OidcSecretKey = "CLIENT_SECRET" )
View Source
const ( // security.authentication.type SecurityAuthenticationType = "SECURITY_AUTHENTICATION_TYPE" LdapBindCredintialsUser = "SECURITY_AUTHENTICATION_LDAP_USERNAME" LdapBindCredintialsPass = "SECURITY_AUTHENTICATION_LDAP_PASSWORD" LdapUserAdmin = "SECURITY_AUTHENTICATION_LDAP_USER_ADMIN" LdapSecretUserKey = "user" LdapSecretPassKey = "password" )
export ldap bind user and password by k8s-search
Variables ¶
View Source
var ( SUPPORTED_AUTHENTICATION_CLASS_PROVIDERS = []AuthenticationType{LDAP, OIDC} SUPPORTED_OIDC_PROVIDERS = []OIDCIdentityProvierHit{Github} )
View Source
var AuthenticationProviderOption func(*AuthenticationProvider)
Functions ¶
func AddLdapCredintialsVolumesAndVolumeMounts ¶
func AddLdapCredintialsVolumesAndVolumeMounts(bindCredentials commonsv1alpha1.Credentials) (ldapSecretVolume *corev1.Volume, ldapSecretVolumeMount *corev1.VolumeMount)
func CreateOidcProviderHintSecurityEnvKey ¶
func CreateOidcProviderHintSecurityEnvKey(proivderHint OIDCIdentityProvierHit, metadataItem string) string
func ExtractLdapCredintialsAndExportCommand ¶
func ExtractLdapCredintialsAndExportCommand() string
Types ¶
type AuthenticationProvider ¶
type AuthenticationProvider struct {
AuthType AuthenticationType
IdentityProviderHint OIDCIdentityProvierHit
OidcCredentialSecret *dolphinv1alpha1.OidcCredentialSecretSpec
Provider *authv1alpha1.AuthenticationProvider
}
func NewLdapProvider ¶
func NewLdapProvider( authType AuthenticationType, provider *authv1alpha1.AuthenticationProvider) *AuthenticationProvider
func NewOidcProvider ¶
func NewOidcProvider( authType AuthenticationType, providerHint OIDCIdentityProvierHit, oidcCredentialSecret *dolphinv1alpha1.OidcCredentialSecretSpec, provider *authv1alpha1.AuthenticationProvider) *AuthenticationProvider
type AuthenticationResult ¶
type AuthenticationResult struct {
// dolphin scheduler security configuration
// this will override the default security configuration in application.yaml
Config map[string]interface{}
CredintialsSecrets []string
// ldap bind credentials secret volume
LdapVolume *corev1.Volume
// ldap bind credentials secret volume mount
LdapVolumeMount *corev1.VolumeMount
// ldap bind credentials secret name
LdapBindCredintialsName string
}
func Authentication ¶
func Authentication( ctx context.Context, client *client.Client, authSpec []dolphinv1alpha1.AuthenticationSpec) (result AuthenticationResult, err error)
Authentication generates the authentication configuration for the Scheduler. It resolves the AuthenticationClass and based on the provider in the AuthenticationClass, it generates the configuration for the Scheduler. Supported providers are LDAP and OIDC. For OIDC, only Keycloak is supported.
type AuthenticationType ¶
type AuthenticationType string
const ( LDAP AuthenticationType = "LDAP" OIDC AuthenticationType = "OIDC" TLS AuthenticationType = "TLS" Static AuthenticationType = "STATIC" )
type GithubMetadata ¶
type GithubMetadata struct {
*authv1alpha1.AuthenticationProvider
}
func NewGithubMetadata ¶
func NewGithubMetadata(providerSpec *authv1alpha1.AuthenticationProvider) *GithubMetadata
func (*GithubMetadata) AuthorizationUri ¶
func (g *GithubMetadata) AuthorizationUri() string
func (*GithubMetadata) ProviderHint ¶
func (g *GithubMetadata) ProviderHint() OIDCIdentityProvierHit
ProviderHint implements OidcProviderMetadataExtractor.
func (*GithubMetadata) TokenUri ¶
func (g *GithubMetadata) TokenUri() string
func (*GithubMetadata) UserInfoUri ¶
func (g *GithubMetadata) UserInfoUri() string
type KeycloakMetadata ¶
type KeycloakMetadata struct {
*authv1alpha1.AuthenticationProvider
// contains filtered or unexported fields
}
func NewKeycloakMetadata ¶
func NewKeycloakMetadata(providerSpec *authv1alpha1.AuthenticationProvider) *KeycloakMetadata
func (*KeycloakMetadata) AuthorizationUri ¶
func (k *KeycloakMetadata) AuthorizationUri() string
AuthorizationUri implements OidcProviderMetadataExtractor.
func (*KeycloakMetadata) ProviderHint ¶
func (k *KeycloakMetadata) ProviderHint() OIDCIdentityProvierHit
ProviderHint implements OidcProviderMetadataExtractor.
func (*KeycloakMetadata) TokenUri ¶
func (k *KeycloakMetadata) TokenUri() string
TokenUri implements OidcProviderMetadataExtractor.
func (*KeycloakMetadata) UserInfoUri ¶
func (k *KeycloakMetadata) UserInfoUri() string
UserInfoUri implements OidcProviderMetadataExtractor.
type LDAPAuthenticationConfigGenerator ¶
type LDAPAuthenticationConfigGenerator struct {
authv1alpha1.LDAPProvider
}
func NewLDAPAuthenticationConfigGenerator ¶
func NewLDAPAuthenticationConfigGenerator(ldap *authv1alpha1.LDAPProvider) *LDAPAuthenticationConfigGenerator
func (*LDAPAuthenticationConfigGenerator) Generate ¶
func (l *LDAPAuthenticationConfigGenerator) Generate() (map[string]interface{}, error)
Generate implements AuthenticationConfigGenerator.
type OIDCIdentityProvierHit ¶
type OIDCIdentityProvierHit string
OIDCIdentityProvierHit is a string that indicates the identity provider.
const ( Keycloak OIDCIdentityProvierHit = "keycloak" Github OIDCIdentityProvierHit = "github" )
const ( // DEFAULT_OIDC_PROVIDER is the assumed OIDC provider if no hint is given in the AuthClass DEFAULT_OIDC_PROVIDER OIDCIdentityProvierHit = Keycloak )
type OidcAuthenticationConfigGenerator ¶
type OidcAuthenticationConfigGenerator struct {
AuthenticationProvider
}
func NewOidcAuthenticationConfigGenerator ¶
func NewOidcAuthenticationConfigGenerator(oidcProvider *AuthenticationProvider) *OidcAuthenticationConfigGenerator
func (*OidcAuthenticationConfigGenerator) Generate ¶
func (o *OidcAuthenticationConfigGenerator) Generate() (map[string]interface{}, error)
Generate implements euthenticationConfigGenerator.
type OidcProviderMetadataExtractor ¶
type OidcProviderMetadataExtractor interface {
AuthorizationUri() string
TokenUri() string
UserInfoUri() string
ProviderHint() OIDCIdentityProvierHit
}
Source Files
Click to show internal directories.
Click to hide internal directories.