azure

package

v0.11.2 Latest Latest Go to latest Published: Sep 23, 2022 License: Apache-2.0 Imports: 29 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kubeguard/guard

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func New(opts Options) (auth.Interface, error)
type Authenticator
- func (s Authenticator) Check(token string) (*authv1.UserInfo, error)
- func (s Authenticator) UID() string
type Claims
type Options
- func NewOptions() Options
type PoPTokenVerifier
- func NewPoPVerifier(hostName string, popTokenValidityDuration time.Duration) *PoPTokenVerifier
- func (p *PoPTokenVerifier) ValidatePopToken(token string) (string, error)

Constants ¶

View Source

const (
	AKSAuthMode              = "aks"
	OBOAuthMode              = "obo"
	ClientCredentialAuthMode = "client-credential"
	PassthroughAuthMode      = "passthrough"
)

View Source

const (
	OrgType = "azure"
)

Variables ¶

View Source

var ErrClaimNotFound = fmt.Errorf("claim not found")

ErrorClaimNotFound indicates the given key was not found in the claims

Functions ¶

func New ¶

func New(opts Options) (auth.Interface, error)

Types ¶

type Authenticator ¶

type Authenticator struct {
	Options
	// contains filtered or unexported fields
}

func (Authenticator) Check ¶

func (s Authenticator) Check(token string) (*authv1.UserInfo, error)

func (Authenticator) UID ¶

func (s Authenticator) UID() string

type Claims ¶ added in v0.9.0

type Claims map[string]interface{}

Claims maintains token claims

type Options ¶

type Options struct {
	Environment                              string
	ClientID                                 string
	ClientSecret                             string
	TenantID                                 string
	UseGroupUID                              bool
	AuthMode                                 string
	AKSTokenURL                              string
	EnablePOP                                bool
	POPTokenHostname                         string
	PoPTokenValidityDuration                 time.Duration
	ResolveGroupMembershipOnlyOnOverageClaim bool
	SkipGroupMembershipResolution            bool
	VerifyClientID                           bool
}

func NewOptions ¶

func NewOptions() Options

func (*Options) AddFlags ¶

func (o *Options) AddFlags(fs *pflag.FlagSet)

func (Options) Apply ¶

func (o Options) Apply(d *apps.Deployment) (extraObjs []runtime.Object, err error)

func (*Options) Validate ¶

func (o *Options) Validate() []error

type PoPTokenVerifier ¶ added in v0.9.0

type PoPTokenVerifier struct {
	PoPTokenValidityDuration time.Duration
	// contains filtered or unexported fields
}

PopTokenVerifier is validator for PoP tokens.

func NewPoPVerifier ¶ added in v0.9.0

func NewPoPVerifier(hostName string, popTokenValidityDuration time.Duration) *PoPTokenVerifier

func (*PoPTokenVerifier) ValidatePopToken ¶ added in v0.9.0

func (p *PoPTokenVerifier) ValidatePopToken(token string) (string, error)

ValidatePopToken is validating the pop token RFC : https://datatracker.ietf.org/doc/html/rfc7800

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
graph

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL