user

package
v0.32.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 11, 2024 License: Apache-2.0 Imports: 0 Imported by: 3,328

Documentation

Overview

Package user contains utilities for dealing with simple user exchange in the auth packages. The user.Info interface defines an interface for exchanging that info.

Index

Constants

View Source
const (
	// well-known user and group names
	SystemPrivilegedGroup = "system:masters"
	NodesGroup            = "system:nodes"
	MonitoringGroup       = "system:monitoring"
	AllUnauthenticated    = "system:unauthenticated"
	AllAuthenticated      = "system:authenticated"

	Anonymous     = "system:anonymous"
	APIServerUser = "system:apiserver"

	// core kubernetes process identities
	KubeProxy             = "system:kube-proxy"
	KubeControllerManager = "system:kube-controller-manager"
	KubeScheduler         = "system:kube-scheduler"

	// CredentialIDKey is the key used in a user's "extra" to specify the unique
	// identifier for this identity document).
	CredentialIDKey = "authentication.kubernetes.io/credential-id"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type DefaultInfo

type DefaultInfo struct {
	Name   string
	UID    string
	Groups []string
	Extra  map[string][]string
}

DefaultInfo provides a simple user information exchange object for components that implement the UserInfo interface.

func (*DefaultInfo) GetExtra

func (i *DefaultInfo) GetExtra() map[string][]string

func (*DefaultInfo) GetGroups

func (i *DefaultInfo) GetGroups() []string

func (*DefaultInfo) GetName

func (i *DefaultInfo) GetName() string

func (*DefaultInfo) GetUID

func (i *DefaultInfo) GetUID() string

type Info

type Info interface {
	// GetName returns the name that uniquely identifies this user among all
	// other active users.
	GetName() string
	// GetUID returns a unique value for a particular user that will change
	// if the user is removed from the system and another user is added with
	// the same name.
	GetUID() string
	// GetGroups returns the names of the groups the user is a member of
	GetGroups() []string

	// GetExtra can contain any additional information that the authenticator
	// thought was interesting.  One example would be scopes on a token.
	// Keys in this map should be namespaced to the authenticator or
	// authenticator/authorizer pair making use of them.
	// For instance: "example.org/foo" instead of "foo"
	// This is a map[string][]string because it needs to be serializeable into
	// a SubjectAccessReviewSpec.authorization.k8s.io for proper authorization
	// delegation flows
	// In order to faithfully round-trip through an impersonation flow, these keys
	// MUST be lowercase.
	GetExtra() map[string][]string
}

Info describes a user that has been authenticated to the system.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL