openshift

package

v0.0.0-...-3c3ec8e Latest Latest Go to latest Published: May 2, 2019 License: MIT Imports: 27 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jcantrill/elasticsearch-clusterlogging-proxy

Links

Open Source Insights

Documentation ¶

Index ¶

type ClientCertAuthenticationOptions
type DelegatingAuthenticationOptions
- func NewDelegatingAuthenticationOptions() *DelegatingAuthenticationOptions
type DelegatingAuthorizationOptions
- func NewDelegatingAuthorizationOptions() *DelegatingAuthorizationOptions
type OpenShiftProvider
- func New() *OpenShiftProvider
type RequestHeaderAuthenticationOptions
- func (s *RequestHeaderAuthenticationOptions) AddFlags(fs *flag.FlagSet)
- func (s *RequestHeaderAuthenticationOptions) ToAuthenticationRequestHeaderConfig() *authenticatorfactory.RequestHeaderConfig
type StringSlice
- func (s *StringSlice) Set(value string) error
- func (s *StringSlice) String() string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ClientCertAuthenticationOptions ¶

type ClientCertAuthenticationOptions struct {
	// ClientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates
	ClientCA string
}

type DelegatingAuthenticationOptions ¶

type DelegatingAuthenticationOptions struct {
	// RemoteKubeConfigFile is the file to use to connect to a "normal" kube API server which hosts the
	// TokenAccessReview.authentication.k8s.io endpoint for checking tokens.
	RemoteKubeConfigFile string

	// CacheTTL is the length of time that a token authentication answer will be cached.
	CacheTTL time.Duration

	ClientCert    ClientCertAuthenticationOptions
	RequestHeader RequestHeaderAuthenticationOptions

	SkipInClusterLookup bool
}

DelegatingAuthenticationOptions provides an easy way for composing API servers to delegate their authentication to the root kube API server. The API federator will act as a front proxy and direction connections will be able to delegate to the core kube API server

func NewDelegatingAuthenticationOptions ¶

func NewDelegatingAuthenticationOptions() *DelegatingAuthenticationOptions

func (*DelegatingAuthenticationOptions) AddFlags ¶

func (s *DelegatingAuthenticationOptions) AddFlags(fs *flag.FlagSet)

func (*DelegatingAuthenticationOptions) ToAuthenticationConfig ¶

func (s *DelegatingAuthenticationOptions) ToAuthenticationConfig() (authenticatorfactory.DelegatingAuthenticatorConfig, error)

func (*DelegatingAuthenticationOptions) Validate ¶

func (s *DelegatingAuthenticationOptions) Validate() []error

type DelegatingAuthorizationOptions ¶

type DelegatingAuthorizationOptions struct {
	// RemoteKubeConfigFile is the file to use to connect to a "normal" kube API server which hosts the
	// SubjectAccessReview.authorization.k8s.io endpoint for checking tokens.
	RemoteKubeConfigFile string

	// AllowCacheTTL is the length of time that a successful authorization response will be cached
	AllowCacheTTL time.Duration

	// DenyCacheTTL is the length of time that an unsuccessful authorization response will be cached.
	// You generally want more responsive, "deny, try again" flows.
	DenyCacheTTL time.Duration
}

DelegatingAuthorizationOptions provides an easy way for composing API servers to delegate their authorization to the root kube API server

func NewDelegatingAuthorizationOptions ¶

func NewDelegatingAuthorizationOptions() *DelegatingAuthorizationOptions

func (*DelegatingAuthorizationOptions) AddFlags ¶

func (s *DelegatingAuthorizationOptions) AddFlags(fs *flag.FlagSet)

func (*DelegatingAuthorizationOptions) ToAuthorizationConfig ¶

func (s *DelegatingAuthorizationOptions) ToAuthorizationConfig() (authorizerfactory.DelegatingAuthorizerConfig, error)

func (*DelegatingAuthorizationOptions) Validate ¶

func (s *DelegatingAuthorizationOptions) Validate() []error

type OpenShiftProvider ¶

type OpenShiftProvider struct {
	*providers.ProviderData

	ReviewURL *url.URL
	ReviewCAs []string

	AuthenticationOptions DelegatingAuthenticationOptions
	AuthorizationOptions  DelegatingAuthorizationOptions
	// contains filtered or unexported fields
}

func New ¶

func New() *OpenShiftProvider

func (*OpenShiftProvider) Bind ¶

func (p *OpenShiftProvider) Bind(flags *flag.FlagSet)

func (*OpenShiftProvider) Complete ¶

func (p *OpenShiftProvider) Complete(data *providers.ProviderData, reviewURL *url.URL) error

Complete performs final setup on the provider or returns an error.

func (*OpenShiftProvider) GetEmailAddress ¶

func (p *OpenShiftProvider) GetEmailAddress(s *providers.SessionState) (string, error)

func (*OpenShiftProvider) GetLoginURL ¶

func (p *OpenShiftProvider) GetLoginURL() (*url.URL, error)

func (*OpenShiftProvider) GetRedeemURL ¶

func (p *OpenShiftProvider) GetRedeemURL() (*url.URL, error)

func (*OpenShiftProvider) GetReviewCAs ¶

func (p *OpenShiftProvider) GetReviewCAs() []string

func (*OpenShiftProvider) LoadDefaults ¶

func (p *OpenShiftProvider) LoadDefaults(serviceAccount string, reviewJSON, reviewByHostJSON, resources string) (*providers.ProviderData, error)

LoadDefaults accepts configuration and loads defaults from the environment, or returns an error. The provider may partially initialize config for subsequent calls.

func (*OpenShiftProvider) Redeem ¶

func (p *OpenShiftProvider) Redeem(redeemURL *url.URL, redirectURL, code string) (s *providers.SessionState, err error)

Copied up only to set a different client CA

func (*OpenShiftProvider) ReviewUser ¶

func (p *OpenShiftProvider) ReviewUser(name, accessToken, host string) error

func (*OpenShiftProvider) SetClientCAFile ¶

func (p *OpenShiftProvider) SetClientCAFile(file string)

func (*OpenShiftProvider) SetReviewCAs ¶

func (p *OpenShiftProvider) SetReviewCAs(cas []string)

func (*OpenShiftProvider) ValidateRequest ¶

func (p *OpenShiftProvider) ValidateRequest(req *http.Request) (*providers.SessionState, error)

type RequestHeaderAuthenticationOptions ¶

type RequestHeaderAuthenticationOptions struct {
	UsernameHeaders     StringSlice
	GroupHeaders        StringSlice
	ExtraHeaderPrefixes StringSlice
	ClientCAFile        string
	AllowedNames        StringSlice
}

func (*RequestHeaderAuthenticationOptions) AddFlags ¶

func (s *RequestHeaderAuthenticationOptions) AddFlags(fs *flag.FlagSet)

func (*RequestHeaderAuthenticationOptions) ToAuthenticationRequestHeaderConfig ¶

func (s *RequestHeaderAuthenticationOptions) ToAuthenticationRequestHeaderConfig() *authenticatorfactory.RequestHeaderConfig

ToAuthenticationRequestHeaderConfig returns a RequestHeaderConfig config object for these options if necessary, nil otherwise.

type StringSlice ¶

type StringSlice []string

func (*StringSlice) Set ¶

func (s *StringSlice) Set(value string) error

func (*StringSlice) String ¶

func (s *StringSlice) String() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL