Documentation

Index

Constants

View Source
const (
	// ImpersonateUserHeader is used to impersonate a particular user during an API server request
	ImpersonateUserHeader = "Impersonate-User"

	// ImpersonateGroupHeader is used to impersonate a particular group during an API server request.
	// It can be repeated multiplied times for multiple groups.
	ImpersonateGroupHeader = "Impersonate-Group"

	// ImpersonateUserExtraHeaderPrefix is a prefix for any header used to impersonate an entry in the
	// extra map[string][]string for user.Info.  The key will be every after the prefix.
	// It can be repeated multiplied times for multiple map keys and the same key can be repeated multiple
	// times to have multiple elements in the slice under a single key
	ImpersonateUserExtraHeaderPrefix = "Impersonate-Extra-"
)
View Source
const GroupName = "authentication.k8s.io"

    GroupName is the group name use in this package

    Variables

    View Source
    var (
    	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
    	AddToScheme   = SchemeBuilder.AddToScheme
    )
    View Source
    var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}

      SchemeGroupVersion is group version used to register these objects

      Functions

      func Kind

      func Kind(kind string) schema.GroupKind

        Kind takes an unqualified kind and returns a Group qualified GroupKind

        func Resource

        func Resource(resource string) schema.GroupResource

          Resource takes an unqualified resource and returns a Group qualified GroupResource

          Types

          type BoundObjectReference

          type BoundObjectReference struct {
          	// Kind of the referent. Valid kinds are 'Pod' and 'Secret'.
          	Kind string
          	// API version of the referent.
          	APIVersion string
          
          	// Name of the referent.
          	Name string
          	// UID of the referent.
          	UID types.UID
          }

            BoundObjectReference is a reference to an object that a token is bound to.

            func (*BoundObjectReference) DeepCopy

              DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BoundObjectReference.

              func (*BoundObjectReference) DeepCopyInto

              func (in *BoundObjectReference) DeepCopyInto(out *BoundObjectReference)

                DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                type ExtraValue

                type ExtraValue []string

                  ExtraValue masks the value so protobuf can generate

                  func (ExtraValue) DeepCopy

                  func (in ExtraValue) DeepCopy() ExtraValue

                    DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue.

                    func (ExtraValue) DeepCopyInto

                    func (in ExtraValue) DeepCopyInto(out *ExtraValue)

                      DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                      type TokenRequest

                      type TokenRequest struct {
                      	metav1.TypeMeta
                      	// ObjectMeta fulfills the metav1.ObjectMetaAccessor interface so that the stock
                      	// REST handler paths work
                      	metav1.ObjectMeta
                      
                      	Spec   TokenRequestSpec
                      	Status TokenRequestStatus
                      }

                        TokenRequest requests a token for a given service account.

                        func (*TokenRequest) DeepCopy

                        func (in *TokenRequest) DeepCopy() *TokenRequest

                          DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequest.

                          func (*TokenRequest) DeepCopyInto

                          func (in *TokenRequest) DeepCopyInto(out *TokenRequest)

                            DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                            func (*TokenRequest) DeepCopyObject

                            func (in *TokenRequest) DeepCopyObject() runtime.Object

                              DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                              type TokenRequestSpec

                              type TokenRequestSpec struct {
                              	// Audiences are the intendend audiences of the token. A recipient of a
                              	// token must identitfy themself with an identifier in the list of
                              	// audiences of the token, and otherwise should reject the token. A
                              	// token issued for multiple audiences may be used to authenticate
                              	// against any of the audiences listed but implies a high degree of
                              	// trust between the target audiences.
                              	Audiences []string
                              
                              	// ExpirationSeconds is the requested duration of validity of the request. The
                              	// token issuer may return a token with a different validity duration so a
                              	// client needs to check the 'expiration' field in a response.
                              	ExpirationSeconds int64
                              
                              	// BoundObjectRef is a reference to an object that the token will be bound to.
                              	// The token will only be valid for as long as the bound object exists.
                              	// NOTE: The API server's TokenReview endpoint will validate the
                              	// BoundObjectRef, but other audiences may not. Keep ExpirationSeconds
                              	// small if you want prompt revocation.
                              	BoundObjectRef *BoundObjectReference
                              }

                                TokenRequestSpec contains client provided parameters of a token request.

                                func (*TokenRequestSpec) DeepCopy

                                func (in *TokenRequestSpec) DeepCopy() *TokenRequestSpec

                                  DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequestSpec.

                                  func (*TokenRequestSpec) DeepCopyInto

                                  func (in *TokenRequestSpec) DeepCopyInto(out *TokenRequestSpec)

                                    DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                    type TokenRequestStatus

                                    type TokenRequestStatus struct {
                                    	// Token is the opaque bearer token.
                                    	Token string
                                    	// ExpirationTimestamp is the time of expiration of the returned token.
                                    	ExpirationTimestamp metav1.Time
                                    }

                                      TokenRequestStatus is the result of a token request.

                                      func (*TokenRequestStatus) DeepCopy

                                      func (in *TokenRequestStatus) DeepCopy() *TokenRequestStatus

                                        DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequestStatus.

                                        func (*TokenRequestStatus) DeepCopyInto

                                        func (in *TokenRequestStatus) DeepCopyInto(out *TokenRequestStatus)

                                          DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                          type TokenReview

                                          type TokenReview struct {
                                          	metav1.TypeMeta
                                          	// ObjectMeta fulfills the metav1.ObjectMetaAccessor interface so that the stock
                                          	// REST handler paths work
                                          	metav1.ObjectMeta
                                          
                                          	// Spec holds information about the request being evaluated
                                          	Spec TokenReviewSpec
                                          
                                          	// Status is filled in by the server and indicates whether the request can be authenticated.
                                          	Status TokenReviewStatus
                                          }

                                            TokenReview attempts to authenticate a token to a known user.

                                            func (*TokenReview) DeepCopy

                                            func (in *TokenReview) DeepCopy() *TokenReview

                                              DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenReview.

                                              func (*TokenReview) DeepCopyInto

                                              func (in *TokenReview) DeepCopyInto(out *TokenReview)

                                                DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                func (*TokenReview) DeepCopyObject

                                                func (in *TokenReview) DeepCopyObject() runtime.Object

                                                  DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                  type TokenReviewSpec

                                                  type TokenReviewSpec struct {
                                                  	// Token is the opaque bearer token.
                                                  	Token string
                                                  	// Audiences is a list of the identifiers that the resource server presented
                                                  	// with the token identifies as. Audience-aware token authenticators will
                                                  	// verify that the token was intended for at least one of the audiences in
                                                  	// this list. If no audiences are provided, the audience will default to the
                                                  	// audience of the Kubernetes apiserver.
                                                  	Audiences []string
                                                  }

                                                    TokenReviewSpec is a description of the token authentication request.

                                                    func (*TokenReviewSpec) DeepCopy

                                                    func (in *TokenReviewSpec) DeepCopy() *TokenReviewSpec

                                                      DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenReviewSpec.

                                                      func (*TokenReviewSpec) DeepCopyInto

                                                      func (in *TokenReviewSpec) DeepCopyInto(out *TokenReviewSpec)

                                                        DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                        type TokenReviewStatus

                                                        type TokenReviewStatus struct {
                                                        	// Authenticated indicates that the token was associated with a known user.
                                                        	Authenticated bool
                                                        	// User is the UserInfo associated with the provided token.
                                                        	User UserInfo
                                                        	// Audiences are audience identifiers chosen by the authenticator that are
                                                        	// compatible with both the TokenReview and token. An identifier is any
                                                        	// identifier in the intersection of the TokenReviewSpec audiences and the
                                                        	// token's audiences. A client of the TokenReview API that sets the
                                                        	// spec.audiences field should validate that a compatible audience identifier
                                                        	// is returned in the status.audiences field to ensure that the TokenReview
                                                        	// server is audience aware. If a TokenReview returns an empty
                                                        	// status.audience field where status.authenticated is "true", the token is
                                                        	// valid against the audience of the Kubernetes API server.
                                                        	Audiences []string
                                                        	// Error indicates that the token couldn't be checked
                                                        	Error string
                                                        }

                                                          TokenReviewStatus is the result of the token authentication request. This type mirrors the authentication.Token interface

                                                          func (*TokenReviewStatus) DeepCopy

                                                          func (in *TokenReviewStatus) DeepCopy() *TokenReviewStatus

                                                            DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenReviewStatus.

                                                            func (*TokenReviewStatus) DeepCopyInto

                                                            func (in *TokenReviewStatus) DeepCopyInto(out *TokenReviewStatus)

                                                              DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                              type UserInfo

                                                              type UserInfo struct {
                                                              	// The name that uniquely identifies this user among all active users.
                                                              	Username string
                                                              	// A unique value that identifies this user across time. If this user is
                                                              	// deleted and another user by the same name is added, they will have
                                                              	// different UIDs.
                                                              	UID string
                                                              	// The names of groups this user is a part of.
                                                              	Groups []string
                                                              	// Any additional information provided by the authenticator.
                                                              	Extra map[string]ExtraValue
                                                              }

                                                                UserInfo holds the information about the user needed to implement the user.Info interface.

                                                                func (*UserInfo) DeepCopy

                                                                func (in *UserInfo) DeepCopy() *UserInfo

                                                                  DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserInfo.

                                                                  func (*UserInfo) DeepCopyInto

                                                                  func (in *UserInfo) DeepCopyInto(out *UserInfo)

                                                                    DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                    Directories

                                                                    Path Synopsis
                                                                    Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
                                                                    Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
                                                                    Package validation contains methods to validate kinds in the authentication.k8s.io API group.
                                                                    Package validation contains methods to validate kinds in the authentication.k8s.io API group.