keystone

package
v1.20.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 8, 2021 License: Apache-2.0 Imports: 45 Imported by: 4

Documentation

Index

Constants

View Source
const (
	Roles       = "alpha.kubernetes.io/identity/roles"
	ProjectID   = "alpha.kubernetes.io/identity/project/id"
	ProjectName = "alpha.kubernetes.io/identity/project/name"
	DomainID    = "alpha.kubernetes.io/identity/user/domain/id"
	DomainName  = "alpha.kubernetes.io/identity/user/domain/name"
)
View Source
const (
	TypeUser    string = "user"
	TypeGroup   string = "group"
	TypeProject string = "project"
	TypeRole    string = "role"
)

Supported types for policy match.

View Source
const (
	Projects        = "projects"
	RoleAssignments = "role_assignments"
)

Variables

This section is empty.

Functions

func AddExtraFlags added in v1.16.0

func AddExtraFlags(fs *pflag.FlagSet)

AddExtraFlags is called by the main package to add component specific command line flags

func GetToken

func GetToken(options Options) (*tokens3.Token, error)

GetToken creates a token by authenticate with keystone.

Types

type Authenticator

type Authenticator struct {
	// contains filtered or unexported fields
}

Authenticator contacts openstack keystone to validate user's token passed in the request.

func (*Authenticator) AuthenticateToken

func (a *Authenticator) AuthenticateToken(token string) (user.Info, bool, error)

AuthenticateToken checks the token via Keystone call

type Authorizer

type Authorizer struct {
	// contains filtered or unexported fields
}

Authorizer contacts openstack keystone to check whether the user can perform requested operations. The keystone endpoint and policy list are passed during apiserver startup

func (*Authorizer) Authorize

func (a *Authorizer) Authorize(attributes authorizer.Attributes) (authorized authorizer.Decision, reason string, err error)

Authorize checks whether the user can perform an operation

type Config added in v0.2.0

type Config struct {
	Address             string
	CertFile            string
	KeyFile             string
	KeystoneURL         string
	KeystoneCA          string
	PolicyFile          string
	PolicyConfigMapName string
	SyncConfigFile      string
	SyncConfigMapName   string
	Kubeconfig          string
}

Config configures a keystone webhook server

func NewConfig added in v0.2.0

func NewConfig() *Config

NewConfig returns a Config

func (*Config) AddFlags added in v0.2.0

func (c *Config) AddFlags(fs *pflag.FlagSet)

AddFlags adds flags for a specific AutoScaler to the specified FlagSet

func (*Config) ValidateFlags added in v0.2.0

func (c *Config) ValidateFlags() error

ValidateFlags validates whether flags are set up correctly

type IKeystone added in v1.18.0

type IKeystone interface {
	GetTokenInfo(string) (*tokenInfo, error)
	GetGroups(string, string) ([]string, error)
}

type KeystoneAuth added in v0.2.0

type KeystoneAuth struct {
	// contains filtered or unexported fields
}

KeystoneAuth manages authentication and authorization

func NewKeystoneAuth added in v0.2.0

func NewKeystoneAuth(c *Config) (*KeystoneAuth, error)

NewKeystoneAuth returns a new KeystoneAuth controller

func (*KeystoneAuth) Handler added in v0.2.0

func (k *KeystoneAuth) Handler(w http.ResponseWriter, r *http.Request)

Handler serves the http requests

func (*KeystoneAuth) Run added in v0.2.0

func (k *KeystoneAuth) Run()

Run starts the keystone webhook server.

type Keystoner added in v1.18.0

type Keystoner struct {
	// contains filtered or unexported fields
}

func NewKeystoner added in v1.18.0

func NewKeystoner(client *gophercloud.ServiceClient) *Keystoner

func (*Keystoner) GetGroups added in v1.18.0

func (k *Keystoner) GetGroups(token string, userID string) ([]string, error)

func (*Keystoner) GetTokenInfo added in v1.18.0

func (k *Keystoner) GetTokenInfo(token string) (*tokenInfo, error)

type MockIKeystone added in v1.18.0

type MockIKeystone struct {
	mock.Mock
}

MockIKeystone is an autogenerated mock type for the IKeystone type

func (*MockIKeystone) GetGroups added in v1.18.0

func (_m *MockIKeystone) GetGroups(_a0 string, _a1 string) ([]string, error)

GetGroups provides a mock function with given fields: _a0, _a1

func (*MockIKeystone) GetTokenInfo added in v1.18.0

func (_m *MockIKeystone) GetTokenInfo(_a0 string) (*tokenInfo, error)

GetTokenInfo provides a mock function with given fields: _a0

type Options added in v1.14.0

type Options struct {
	AuthOptions    gophercloud.AuthOptions
	ClientCertPath string
	ClientKeyPath  string
	ClientCAPath   string
}

type Syncer added in v0.2.0

type Syncer struct {
	// contains filtered or unexported fields
}

Syncer synchronizes auth data between Keystone and Kubernetes

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL