authn

package
v0.19.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 14, 2025 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthnConfig 

type AuthnConfig struct {
	X509   *X509Config
	Header *AuthnHeaderConfig
	OIDC   *OIDCConfig
	Token  *TokenConfig
}

AuthnConfig holds all configurations related to authentication options

type AuthnHeaderConfig 

type AuthnHeaderConfig struct {
	// When set to true, kube-rbac-proxy adds auth-related fields to the headers of http requests sent to the upstream
	Enabled bool
	// Corresponds to the name of the field inside a http(2) request header
	// to tell the upstream server about the user's name
	UserFieldName string
	// Corresponds to the name of the field inside a http(2) request header
	// to tell the upstream server about the user's groups
	GroupsFieldName string
	// The separator string used for concatenating multiple group names in a groups header field's value
	GroupSeparator string
}

AuthnHeaderConfig contains authentication header settings which enable more information about the user identity to be sent to the upstream

type DelegatingAuthenticator added in v0.11.0 

type DelegatingAuthenticator struct {
	// contains filtered or unexported fields
}

func NewDelegatingAuthenticator 

func NewDelegatingAuthenticator(client authenticationclient.AuthenticationV1Interface, authn *AuthnConfig) (*DelegatingAuthenticator, error)

NewDelegatingAuthenticator creates an authenticator compatible with the kubelet's needs

func (*DelegatingAuthenticator) AuthenticateRequest added in v0.11.0 

func (a *DelegatingAuthenticator) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error)

func (*DelegatingAuthenticator) Run added in v0.11.0 

func (a *DelegatingAuthenticator) Run(ctx context.Context)

type OIDCAuthenticator added in v0.12.0 

type OIDCAuthenticator struct {
	// contains filtered or unexported fields
}

func NewOIDCAuthenticator 

func NewOIDCAuthenticator(ctx context.Context, config *OIDCConfig) (*OIDCAuthenticator, error)

NewOIDCAuthenticator returns OIDC authenticator

func (*OIDCAuthenticator) AuthenticateRequest added in v0.12.0 

func (o *OIDCAuthenticator) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error)

func (*OIDCAuthenticator) Run added in v0.12.0 

func (o *OIDCAuthenticator) Run(ctx context.Context)

type OIDCConfig 

type OIDCConfig struct {
	IssuerURL            string
	ClientID             string
	CAFile               string
	UsernameClaim        string
	UsernamePrefix       string
	GroupsClaim          string
	GroupsPrefix         string
	SupportedSigningAlgs []string
}

OIDCConfig represents configuration used for JWT request authentication

type TokenConfig added in v0.5.0 

type TokenConfig struct {
	Audiences []string
}

TokenConfig holds configuration as to how token authentication is to be done

type X509Config 

type X509Config struct {
	ClientCAFile              string
	UpstreamClientCertificate string
	UpstreamClientKey         string
}

X509Config holds public client certificate used for authentication requests if specified

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.