Documentation ¶
Overview ¶
Package oidc contains an AuthProvider implementation backed by OpenID/Oauth.
Index ¶
- func New(s *secrets.SecretEngine) common.AuthProvider
- type AuthProvider
- func (a *AuthProvider) Authenticate(req *types.LoginRequest) (*types.AuthResult, error)
- func (a *AuthProvider) Close() error
- func (a *AuthProvider) CreateUser(*types.CreateUserRequest) error
- func (a *AuthProvider) DeleteUser(string) error
- func (a *AuthProvider) GetUser(username string) (*types.VDIUser, error)
- func (a *AuthProvider) GetUsers() ([]*types.VDIUser, error)
- func (a *AuthProvider) Reconcile(ctx context.Context, reqLogger logr.Logger, c client.Client, ...) error
- func (a *AuthProvider) Setup(c client.Client, cluster *appv1.VDICluster) error
- func (a *AuthProvider) UpdateUser(string, *types.UpdateUserRequest) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func New ¶
func New(s *secrets.SecretEngine) common.AuthProvider
New returns a new OIDC AuthProvider.
Types ¶
type AuthProvider ¶
type AuthProvider struct { common.AuthProvider // contains filtered or unexported fields }
AuthProvider implements an auth provider that uses an OIDC provider as the authentication backend. Access to groups provided in the claims is supplied through annotations on VDIRoles.
func (*AuthProvider) Authenticate ¶
func (a *AuthProvider) Authenticate(req *types.LoginRequest) (*types.AuthResult, error)
Authenticate is called for API authentication requests. It should generate a new JWTClaims object and serve an AuthResult back to the API.
func (*AuthProvider) Close ¶
func (a *AuthProvider) Close() error
Close just returns nil as connections are not persistent
func (*AuthProvider) CreateUser ¶
func (a *AuthProvider) CreateUser(*types.CreateUserRequest) error
CreateUser should handle any logic required to register a new user in kVDI.
func (*AuthProvider) DeleteUser ¶
func (a *AuthProvider) DeleteUser(string) error
DeleteUser should remove a VDIUser.
func (*AuthProvider) GetUser ¶
func (a *AuthProvider) GetUser(username string) (*types.VDIUser, error)
GetUser should retrieve a single VDIUser.
func (*AuthProvider) GetUsers ¶
func (a *AuthProvider) GetUsers() ([]*types.VDIUser, error)
GetUsers should return a list of VDIUsers.
func (*AuthProvider) Reconcile ¶
func (a *AuthProvider) Reconcile(ctx context.Context, reqLogger logr.Logger, c client.Client, cluster *appv1.VDICluster, adminPass string) error
Reconcile just makes sure that we have everything needed to perform an OIDC flow. The generated admin password is ignored for now in place of configuring admin groups.
func (*AuthProvider) Setup ¶
func (a *AuthProvider) Setup(c client.Client, cluster *appv1.VDICluster) error
Setup implements the AuthProvider interface and sets a local reference to the k8s client and vdi cluster. It then configures oauth2/oidc for serving authentication requests.
func (*AuthProvider) UpdateUser ¶
func (a *AuthProvider) UpdateUser(string, *types.UpdateUserRequest) error
UpdateUser should update a VDIUser.