Documentation

Overview

    Package user contains utilities for dealing with simple user exchange in the auth packages. The user.Info interface defines an interface for exchanging that info.

    Index

    Constants

    View Source
    const (
    	SystemPrivilegedGroup = "system:masters"
    	NodesGroup            = "system:nodes"
    	AllUnauthenticated    = "system:unauthenticated"
    	AllAuthenticated      = "system:authenticated"
    
    	Anonymous     = "system:anonymous"
    	APIServerUser = "system:apiserver"
    
    	// core kubernetes process identities
    	KubeProxy             = "system:kube-proxy"
    	KubeControllerManager = "system:kube-controller-manager"
    	KubeScheduler         = "system:kube-scheduler"
    )

      well-known user and group names

      Variables

      This section is empty.

      Functions

      This section is empty.

      Types

      type DefaultInfo

      type DefaultInfo struct {
      	Name   string
      	UID    string
      	Groups []string
      	Extra  map[string][]string
      }

        DefaultInfo provides a simple user information exchange object for components that implement the UserInfo interface.

        func (*DefaultInfo) GetExtra

        func (i *DefaultInfo) GetExtra() map[string][]string

        func (*DefaultInfo) GetGroups

        func (i *DefaultInfo) GetGroups() []string

        func (*DefaultInfo) GetName

        func (i *DefaultInfo) GetName() string

        func (*DefaultInfo) GetUID

        func (i *DefaultInfo) GetUID() string

        type Info

        type Info interface {
        	// GetName returns the name that uniquely identifies this user among all
        	// other active users.
        	GetName() string
        	// GetUID returns a unique value for a particular user that will change
        	// if the user is removed from the system and another user is added with
        	// the same name.
        	GetUID() string
        	// GetGroups returns the names of the groups the user is a member of
        	GetGroups() []string
        
        	// GetExtra can contain any additional information that the authenticator
        	// thought was interesting.  One example would be scopes on a token.
        	// Keys in this map should be namespaced to the authenticator or
        	// authenticator/authorizer pair making use of them.
        	// For instance: "example.org/foo" instead of "foo"
        	// This is a map[string][]string because it needs to be serializeable into
        	// a SubjectAccessReviewSpec.authorization.k8s.io for proper authorization
        	// delegation flows
        	// In order to faithfully round-trip through an impersonation flow, these keys
        	// MUST be lowercase.
        	GetExtra() map[string][]string
        }

          Info describes a user that has been authenticated to the system.

          Source Files