Documentation ¶
Overview ¶
Package user contains utilities for dealing with simple user exchange in the auth packages. The user.Info interface defines an interface for exchanging that info.
Index ¶
Constants ¶
View Source
const ( // well-known user and group names SystemPrivilegedGroup = "system:masters" NodesGroup = "system:nodes" MonitoringGroup = "system:monitoring" AllUnauthenticated = "system:unauthenticated" AllAuthenticated = "system:authenticated" Anonymous = "system:anonymous" APIServerUser = "system:apiserver" // core kubernetes process identities KubeProxy = "system:kube-proxy" KubeControllerManager = "system:kube-controller-manager" KubeScheduler = "system:kube-scheduler" // CredentialIDKey is the key used in a user's "extra" to specify the unique // identifier for this identity document). CredentialIDKey = "authentication.kubernetes.io/credential-id" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DefaultInfo ¶
DefaultInfo provides a simple user information exchange object for components that implement the UserInfo interface.
func (*DefaultInfo) GetExtra ¶
func (i *DefaultInfo) GetExtra() map[string][]string
func (*DefaultInfo) GetGroups ¶
func (i *DefaultInfo) GetGroups() []string
func (*DefaultInfo) GetName ¶
func (i *DefaultInfo) GetName() string
func (*DefaultInfo) GetUID ¶
func (i *DefaultInfo) GetUID() string
type Info ¶
type Info interface { // GetName returns the name that uniquely identifies this user among all // other active users. GetName() string // GetUID returns a unique value for a particular user that will change // if the user is removed from the system and another user is added with // the same name. GetUID() string // GetGroups returns the names of the groups the user is a member of GetGroups() []string // GetExtra can contain any additional information that the authenticator // thought was interesting. One example would be scopes on a token. // Keys in this map should be namespaced to the authenticator or // authenticator/authorizer pair making use of them. // For instance: "example.org/foo" instead of "foo" // This is a map[string][]string because it needs to be serializeable into // a SubjectAccessReviewSpec.authorization.k8s.io for proper authorization // delegation flows // In order to faithfully round-trip through an impersonation flow, these keys // MUST be lowercase. GetExtra() map[string][]string }
Info describes a user that has been authenticated to the system.
Click to show internal directories.
Click to hide internal directories.