Documentation
¶
Index ¶
Constants ¶
const ( ClientCertAuthenticatorType = "ClientCertAuthenticator" IDTokenAuthenticatorType = "IDTokenAuthenticator" )
const (
KubeJWTAuthenticatorType = "KubeJWTAuthenticator"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthSource ¶
type AuthSource int
AuthSource represents where authentication result is derived from.
const ( AuthSourceClientCertificate AuthSource = iota AuthSourceIDToken )
type Caller ¶
type Caller struct {
AuthSource AuthSource
Identities []string
}
Caller carries the identity and authentication source of a caller.
type ClientCertAuthenticator ¶
type ClientCertAuthenticator struct{}
ClientCertAuthenticator extracts identities from client certificate.
func (*ClientCertAuthenticator) Authenticate ¶
func (cca *ClientCertAuthenticator) Authenticate(ctx context.Context) (*Caller, error)
Authenticate extracts identities from presented client certificates. This method assumes that certificate chain has been properly validated before this method is called. In other words, this method does not do certificate chain validation itself.
func (*ClientCertAuthenticator) AuthenticatorType ¶
func (cca *ClientCertAuthenticator) AuthenticatorType() string
type IDTokenAuthenticator ¶
type IDTokenAuthenticator struct {
// contains filtered or unexported fields
}
IDTokenAuthenticator extracts identity from JWT. The JWT is required to be transmitted using the "Bearer" authentication scheme.
func NewIDTokenAuthenticator ¶
func NewIDTokenAuthenticator(aud string) (*IDTokenAuthenticator, error)
NewIDTokenAuthenticator creates a new IDTokenAuthenticator.
func (*IDTokenAuthenticator) Authenticate ¶
func (a *IDTokenAuthenticator) Authenticate(ctx context.Context) (*Caller, error)
Authenticate authenticates a caller using the JWT in the context.
func (*IDTokenAuthenticator) AuthenticatorType ¶
func (a *IDTokenAuthenticator) AuthenticatorType() string
type KubeJWTAuthenticator ¶
type KubeJWTAuthenticator struct {
// contains filtered or unexported fields
}
KubeJWTAuthenticator authenticates K8s JWTs.
func NewKubeJWTAuthenticator ¶
func NewKubeJWTAuthenticator(k8sAPIServerURL, caCertPath, jwtPath, trustDomain string) (*KubeJWTAuthenticator, error)
NewKubeJWTAuthenticator creates a new kubeJWTAuthenticator.
func (*KubeJWTAuthenticator) Authenticate ¶
func (a *KubeJWTAuthenticator) Authenticate(ctx context.Context) (*Caller, error)
Authenticate authenticates the call using the K8s JWT from the context. The returned Caller.Identities is in SPIFFE format.
func (*KubeJWTAuthenticator) AuthenticatorType ¶
func (a *KubeJWTAuthenticator) AuthenticatorType() string
Source Files