Documentation ¶
Index ¶
Constants ¶
const ( Roles = "alpha.kubernetes.io/identity/roles" ProjectID = "alpha.kubernetes.io/identity/project/id" ProjectName = "alpha.kubernetes.io/identity/project/name" DomainID = "alpha.kubernetes.io/identity/user/domain/id" DomainName = "alpha.kubernetes.io/identity/user/domain/name" )
const ( TypeUser string = "user" TypeGroup string = "group" TypeProject string = "project" TypeRole string = "role" )
Supported types for policy match.
const ( Projects = "projects" RoleAssignments = "role_assignments" )
Variables ¶
This section is empty.
Functions ¶
func AddExtraFlags ¶ added in v1.16.0
AddExtraFlags is called by the main package to add component specific command line flags
Types ¶
type Authenticator ¶
type Authenticator struct {
// contains filtered or unexported fields
}
Authenticator contacts openstack keystone to validate user's token passed in the request.
func (*Authenticator) AuthenticateToken ¶
AuthenticateToken checks the token via Keystone call
type Authorizer ¶
type Authorizer struct {
// contains filtered or unexported fields
}
Authorizer contacts openstack keystone to check whether the user can perform requested operations. The keystone endpoint and policy list are passed during apiserver startup
func (*Authorizer) Authorize ¶
func (a *Authorizer) Authorize(attributes authorizer.Attributes) (authorized authorizer.Decision, reason string, err error)
Authorize checks whether the user can perform an operation
type Config ¶ added in v0.2.0
type Config struct { Address string CertFile string KeyFile string KeystoneURL string KeystoneCA string PolicyFile string PolicyConfigMapName string SyncConfigFile string SyncConfigMapName string Kubeconfig string }
Config configures a keystone webhook server
func (*Config) AddFlags ¶ added in v0.2.0
AddFlags adds flags for a specific AutoScaler to the specified FlagSet
func (*Config) ValidateFlags ¶ added in v0.2.0
ValidateFlags validates whether flags are set up correctly
type KeystoneAuth ¶ added in v0.2.0
type KeystoneAuth struct {
// contains filtered or unexported fields
}
KeystoneAuth manages authentication and authorization
func NewKeystoneAuth ¶ added in v0.2.0
func NewKeystoneAuth(c *Config) (*KeystoneAuth, error)
NewKeystoneAuth returns a new KeystoneAuth controller
func (*KeystoneAuth) Handler ¶ added in v0.2.0
func (k *KeystoneAuth) Handler(w http.ResponseWriter, r *http.Request)
Handler serves the http requests
func (*KeystoneAuth) Run ¶ added in v0.2.0
func (k *KeystoneAuth) Run()
Run starts the keystone webhook server.
type Keystoner ¶ added in v1.18.0
type Keystoner struct {
// contains filtered or unexported fields
}
func NewKeystoner ¶ added in v1.18.0
func NewKeystoner(client *gophercloud.ServiceClient) *Keystoner
func (*Keystoner) GetTokenInfo ¶ added in v1.18.0
type MockIKeystone ¶ added in v1.18.0
MockIKeystone is an autogenerated mock type for the IKeystone type
func (*MockIKeystone) GetGroups ¶ added in v1.18.0
func (_m *MockIKeystone) GetGroups(_a0 string, _a1 string) ([]string, error)
GetGroups provides a mock function with given fields: _a0, _a1
func (*MockIKeystone) GetTokenInfo ¶ added in v1.18.0
func (_m *MockIKeystone) GetTokenInfo(_a0 string) (*tokenInfo, error)
GetTokenInfo provides a mock function with given fields: _a0
type Options ¶ added in v1.14.0
type Options struct { AuthOptions gophercloud.AuthOptions ClientCertPath string ClientKeyPath string ClientCAPath string }