authentication

package
v1.2.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 20, 2020 License: Apache-2.0, BSD-2-Clause, BSD-3-Clause, + 8 more Imports: 24 Imported by: 85

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetUsernameAndTenantID

func GetUsernameAndTenantID(ctx context.Context) (username string, tenantID string)

GetUsernameAndTenantID implementation decomposition in the original kubernetes api server the user name obtained in *Userinfo is the actual username and tenant ID.

func IsAdministrator

func IsAdministrator(ctx context.Context, privilegedUsername string) bool

IsAdministrator check whether administrator

func SetupAuthentication

func SetupAuthentication(genericAPIServerConfig *genericapiserver.Config, authenticationOpts *options.AuthenticationWithAPIOptions) error

SetupAuthentication config the generic apiserver by authentication options.

func SetupAuthenticationWithoutAudiences

func SetupAuthenticationWithoutAudiences(genericAPIServerConfig *genericapiserver.Config, authenticationOpts *options.AuthenticationOptions, apiAudiences []string) error

SetupAuthenticationWithoutAudiences config the generic apiserver by authentication options.

Types

type Config

type Config struct {
	ClientCAFile                string
	TokenAuthFile               string
	OIDCIssuerURL               string
	OIDCExternalIssuerURL       string
	OIDCClientID                string
	OIDCCAFile                  string
	OIDCUsernameClaim           string
	OIDCUsernamePrefix          string
	OIDCGroupsClaim             string
	OIDCGroupsPrefix            string
	OIDCTenantIDClaim           string
	OIDCTenantIDPrefix          string
	OIDCSigningAlgs             []string
	OIDCRequiredClaims          map[string]string
	APIAudiences                authenticator.Audiences
	WebhookTokenAuthnConfigFile string
	WebhookTokenAuthnVersion    string
	WebhookTokenAuthnCacheTTL   time.Duration

	TokenSuccessCacheTTL time.Duration
	TokenFailureCacheTTL time.Duration
	RequestHeaderConfig  *authenticatorfactory.RequestHeaderConfig
}

Config contains the data on how to authenticate a request to the Kube API Server

func (Config) New

New returns an authenticator.Request or an error that supports the standard Kubernetes authentication mechanisms.

Directories

Path Synopsis
authenticator

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL