Documentation ¶
Index ¶
- type FederationDomainIdentityProvider
- type FederationDomainIdentityProvidersFinderI
- type FederationDomainIdentityProvidersListerFinder
- func (u *FederationDomainIdentityProvidersListerFinder) FindDefaultIDP() (*resolvedprovider.FederationDomainResolvedOIDCIdentityProvider, ...)
- func (u *FederationDomainIdentityProvidersListerFinder) FindUpstreamIDPByDisplayName(upstreamIDPDisplayName string) (*resolvedprovider.FederationDomainResolvedOIDCIdentityProvider, ...)
- func (u *FederationDomainIdentityProvidersListerFinder) GetActiveDirectoryIdentityProviders() []*resolvedprovider.FederationDomainResolvedLDAPIdentityProvider
- func (u *FederationDomainIdentityProvidersListerFinder) GetLDAPIdentityProviders() []*resolvedprovider.FederationDomainResolvedLDAPIdentityProvider
- func (u *FederationDomainIdentityProvidersListerFinder) GetOIDCIdentityProviders() []*resolvedprovider.FederationDomainResolvedOIDCIdentityProvider
- type FederationDomainIdentityProvidersListerFinderI
- type FederationDomainIdentityProvidersListerI
- type FederationDomainIssuer
- func (p *FederationDomainIssuer) DefaultIdentityProvider() *FederationDomainIdentityProvider
- func (p *FederationDomainIssuer) IdentityProviders() []*FederationDomainIdentityProvider
- func (p *FederationDomainIssuer) Issuer() string
- func (p *FederationDomainIssuer) IssuerHost() string
- func (p *FederationDomainIssuer) IssuerPath() string
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type FederationDomainIdentityProvider ¶
type FederationDomainIdentityProvider struct { DisplayName string UID types.UID Transforms *idtransform.TransformationPipeline }
FederationDomainIdentityProvider represents an identity provider as configured in a FederationDomain's spec. All the fields are required and must be non-zero values. Note that this might be a reference to an IDP which is not currently loaded into the cache of available IDPs, e.g. due to the IDP's CR having validation errors.
type FederationDomainIdentityProvidersFinderI ¶
type FederationDomainIdentityProvidersFinderI interface { FindDefaultIDP() ( *resolvedprovider.FederationDomainResolvedOIDCIdentityProvider, *resolvedprovider.FederationDomainResolvedLDAPIdentityProvider, error, ) FindUpstreamIDPByDisplayName(upstreamIDPDisplayName string) ( *resolvedprovider.FederationDomainResolvedOIDCIdentityProvider, *resolvedprovider.FederationDomainResolvedLDAPIdentityProvider, error, ) }
type FederationDomainIdentityProvidersListerFinder ¶
type FederationDomainIdentityProvidersListerFinder struct {
// contains filtered or unexported fields
}
FederationDomainIdentityProvidersListerFinder wraps an UpstreamIdentityProvidersLister. The lister which is being wrapped should contain all valid upstream providers that are currently defined in the Supervisor. FederationDomainIdentityProvidersListerFinder provides a lookup method which only looks up IDPs within those which have allowed resource IDs, and also uses display names (name aliases) instead of the actual resource names to do the lookups. It also provides list methods which only list the allowed identity providers (to be used by the IDP discovery endpoint, for example).
func NewFederationDomainIdentityProvidersListerFinder ¶
func NewFederationDomainIdentityProvidersListerFinder( federationDomainIssuer *FederationDomainIssuer, wrappedLister idplister.UpstreamIdentityProvidersLister, ) *FederationDomainIdentityProvidersListerFinder
NewFederationDomainIdentityProvidersListerFinder returns a new FederationDomainIdentityProvidersListerFinder which only lists those IDPs allowed by its parameter. Every FederationDomainIdentityProvider in the federationDomainIssuer parameter's IdentityProviders() list must have a unique DisplayName. Note that a single underlying IDP UID may be used by multiple FederationDomainIdentityProvider in the parameter. The wrapped lister should contain all valid upstream providers that are defined in the Supervisor, and is expected to be thread-safe and to change its contents over time. The FederationDomainIdentityProvidersListerFinder will filter out the ones that don't apply to this federation domain.
func (*FederationDomainIdentityProvidersListerFinder) FindDefaultIDP ¶
func (u *FederationDomainIdentityProvidersListerFinder) FindDefaultIDP() ( *resolvedprovider.FederationDomainResolvedOIDCIdentityProvider, *resolvedprovider.FederationDomainResolvedLDAPIdentityProvider, error, )
FindDefaultIDP works like FindUpstreamIDPByDisplayName, but finds the default IDP instead of finding by name. If there is no default IDP for this federation domain, then FindDefaultIDP will return an error. This can be used to handle the backwards compatibility mode where an authorization request could be made without specifying an IDP name, and there are no IDPs explicitly specified on the FederationDomain, and there is exactly one IDP CR defined in the Supervisor namespace.
func (*FederationDomainIdentityProvidersListerFinder) FindUpstreamIDPByDisplayName ¶
func (u *FederationDomainIdentityProvidersListerFinder) FindUpstreamIDPByDisplayName(upstreamIDPDisplayName string) ( *resolvedprovider.FederationDomainResolvedOIDCIdentityProvider, *resolvedprovider.FederationDomainResolvedLDAPIdentityProvider, error, )
FindUpstreamIDPByDisplayName selects either an OIDC, LDAP, or ActiveDirectory IDP, or returns an error. It only considers the allowed IDPs while doing the lookup by display name. Note that ActiveDirectory and LDAP IDPs both return the same type, but with different SessionProviderType values.
func (*FederationDomainIdentityProvidersListerFinder) GetActiveDirectoryIdentityProviders ¶
func (u *FederationDomainIdentityProvidersListerFinder) GetActiveDirectoryIdentityProviders() []*resolvedprovider.FederationDomainResolvedLDAPIdentityProvider
GetActiveDirectoryIdentityProviders lists only the ActiveDirectory providers for this FederationDomain.
func (*FederationDomainIdentityProvidersListerFinder) GetLDAPIdentityProviders ¶
func (u *FederationDomainIdentityProvidersListerFinder) GetLDAPIdentityProviders() []*resolvedprovider.FederationDomainResolvedLDAPIdentityProvider
GetLDAPIdentityProviders lists only the LDAP providers for this FederationDomain.
func (*FederationDomainIdentityProvidersListerFinder) GetOIDCIdentityProviders ¶
func (u *FederationDomainIdentityProvidersListerFinder) GetOIDCIdentityProviders() []*resolvedprovider.FederationDomainResolvedOIDCIdentityProvider
GetOIDCIdentityProviders lists only the OIDC providers for this FederationDomain.
type FederationDomainIdentityProvidersListerFinderI ¶
type FederationDomainIdentityProvidersListerFinderI interface { FederationDomainIdentityProvidersListerI FederationDomainIdentityProvidersFinderI }
type FederationDomainIdentityProvidersListerI ¶
type FederationDomainIdentityProvidersListerI interface { GetOIDCIdentityProviders() []*resolvedprovider.FederationDomainResolvedOIDCIdentityProvider GetLDAPIdentityProviders() []*resolvedprovider.FederationDomainResolvedLDAPIdentityProvider GetActiveDirectoryIdentityProviders() []*resolvedprovider.FederationDomainResolvedLDAPIdentityProvider }
type FederationDomainIssuer ¶
type FederationDomainIssuer struct {
// contains filtered or unexported fields
}
FederationDomainIssuer is a parsed FederationDomain representing all the settings for a downstream OIDC provider and contains configuration representing a set of upstream identity providers.
func NewFederationDomainIssuer ¶
func NewFederationDomainIssuer( issuer string, identityProviders []*FederationDomainIdentityProvider, ) (*FederationDomainIssuer, error)
NewFederationDomainIssuer returns a FederationDomainIssuer. Performs validation, and returns any error from validation.
func NewFederationDomainIssuerWithDefaultIDP ¶
func NewFederationDomainIssuerWithDefaultIDP( issuer string, defaultIdentityProvider *FederationDomainIdentityProvider, ) (*FederationDomainIssuer, error)
func (*FederationDomainIssuer) DefaultIdentityProvider ¶
func (p *FederationDomainIssuer) DefaultIdentityProvider() *FederationDomainIdentityProvider
DefaultIdentityProvider will return nil when there is no default.
func (*FederationDomainIssuer) IdentityProviders ¶
func (p *FederationDomainIssuer) IdentityProviders() []*FederationDomainIdentityProvider
IdentityProviders returns the IdentityProviders.
func (*FederationDomainIssuer) Issuer ¶
func (p *FederationDomainIssuer) Issuer() string
Issuer returns the issuer.
func (*FederationDomainIssuer) IssuerHost ¶
func (p *FederationDomainIssuer) IssuerHost() string
IssuerHost returns the issuerHost.
func (*FederationDomainIssuer) IssuerPath ¶
func (p *FederationDomainIssuer) IssuerPath() string
IssuerPath returns the issuerPath.