authentication

package
v1.9.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 30, 2023 License: Apache-2.0, BSD-2-Clause, BSD-3-Clause, + 8 more Imports: 25 Imported by: 85

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetExtraValue added in v1.9.1

func GetExtraValue(key string, ctx context.Context) []string

func GetUID added in v1.4.0

func GetUID(ctx context.Context) (uid string)

GetUID implementation decomposition in the original kubernetes api server the user name obtained in *Userinfo is the actual userID.

func Groups added in v1.3.1

func Groups(ctx context.Context) (groups []string)

func IsAdministrator

func IsAdministrator(ctx context.Context, privilegedUsername string) bool

IsAdministrator check whether administrator

func SetupAuthentication

func SetupAuthentication(genericAPIServerConfig *genericapiserver.Config, authenticationOpts *options.AuthenticationWithAPIOptions) error

SetupAuthentication config the generic apiserver by authentication options.

func SetupAuthenticationWithoutAudiences

func SetupAuthenticationWithoutAudiences(genericAPIServerConfig *genericapiserver.Config, authenticationOpts *options.AuthenticationOptions, apiAudiences []string) error

SetupAuthenticationWithoutAudiences config the generic apiserver by authentication options.

func UsernameAndTenantID added in v1.3.1

func UsernameAndTenantID(ctx context.Context) (username string, tenantID string)

UsernameAndTenantID implementation decomposition in the original kubernetes api server the user name obtained in *Userinfo is the actual username and tenant ID.

Types

type Config

type Config struct {
	ClientCAFile          string
	TokenAuthFile         string
	OIDCIssuerURL         string
	OIDCExternalIssuerURL string
	OIDCClientID          string
	OIDCCAFile            string
	OIDCUsernameClaim     string
	OIDCUsernamePrefix    string
	OIDCGroupsClaim       string
	OIDCGroupsPrefix      string
	OIDCTenantIDClaim     string
	OIDCTenantIDPrefix    string
	OIDCSigningAlgs       []string
	OIDCRequiredClaims    map[string]string
	APIAudiences          authenticator.Audiences

	WebhookTokenAuthnConfigFile string
	WebhookTokenAuthnVersion    string
	WebhookTokenAuthnCacheTTL   time.Duration

	TokenSuccessCacheTTL time.Duration
	TokenFailureCacheTTL time.Duration
	RequestHeaderConfig  *authenticatorfactory.RequestHeaderConfig
}

Config contains the data on how to authenticate a request to the Kube API Server

func (Config) New

New returns an authenticator.Request or an error that supports the standard Kubernetes authentication mechanisms.

Directories

Path Synopsis
authenticator

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL