azure

package

v0.16.0 Latest Latest Go to latest Published: Jul 31, 2023 License: Apache-2.0 Imports: 34 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kubeguard/guard

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func New(ctx context.Context, opts Options) (auth.Interface, error)
type Authenticator
- func (s Authenticator) Check(ctx context.Context, token string) (*authv1.UserInfo, error)
- func (s Authenticator) UID() string
type Claims
type Options
- func NewOptions() Options
type PoPTokenVerifier
- func NewPoPVerifier(hostName string, popTokenValidityDuration time.Duration) *PoPTokenVerifier
- func (p *PoPTokenVerifier) ValidatePopToken(token string) (string, error)

Constants ¶

View Source

const (
	AKSAuthMode              = "aks"
	ARCAuthMode              = "arc"
	OBOAuthMode              = "obo"
	ClientCredentialAuthMode = "client-credential"
	PassthroughAuthMode      = "passthrough"
)

View Source

const (
	OrgType = "azure"
)

Variables ¶

View Source

var ErrClaimNotFound = fmt.Errorf("claim not found")

ErrorClaimNotFound indicates the given key was not found in the claims

Functions ¶

func New ¶

func New(ctx context.Context, opts Options) (auth.Interface, error)

Types ¶

type Authenticator ¶

type Authenticator struct {
	Options
	// contains filtered or unexported fields
}

func (Authenticator) Check ¶

func (s Authenticator) Check(ctx context.Context, token string) (*authv1.UserInfo, error)

func (Authenticator) UID ¶

func (s Authenticator) UID() string

type Claims ¶ added in v0.9.0

type Claims map[string]interface{}

Claims maintains token claims

type Options ¶

type Options struct {
	Environment                              string
	ClientID                                 string
	ClientSecret                             string
	TenantID                                 string
	UseGroupUID                              bool
	AuthMode                                 string
	AKSTokenURL                              string
	EnablePOP                                bool
	POPTokenHostname                         string
	PoPTokenValidityDuration                 time.Duration
	ResolveGroupMembershipOnlyOnOverageClaim bool
	SkipGroupMembershipResolution            bool
	VerifyClientID                           bool
	ResourceId                               string
	AzureRegion                              string
	HttpClientRetryCount                     int
}

func NewOptions ¶

func NewOptions() Options

func (*Options) AddFlags ¶

func (o *Options) AddFlags(fs *pflag.FlagSet)

func (Options) Apply ¶

func (o Options) Apply(d *apps.Deployment) (extraObjs []runtime.Object, err error)

func (*Options) Validate ¶

func (o *Options) Validate() []error

type PoPTokenVerifier ¶ added in v0.9.0

type PoPTokenVerifier struct {
	PoPTokenValidityDuration time.Duration
	// contains filtered or unexported fields
}

PopTokenVerifier is validator for PoP tokens.

func NewPoPVerifier ¶ added in v0.9.0

func NewPoPVerifier(hostName string, popTokenValidityDuration time.Duration) *PoPTokenVerifier

func (*PoPTokenVerifier) ValidatePopToken ¶ added in v0.9.0

func (p *PoPTokenVerifier) ValidatePopToken(token string) (string, error)

ValidatePopToken is validating the pop token RFC : https://datatracker.ietf.org/doc/html/rfc7800

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
graph

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL