authn

package

v0.0.0-...-974b44e Latest Latest Go to latest Published: Jan 18, 2022 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kyma-project/kyma

Documentation ¶

Index ¶

func NewDelegatingAuthenticator(client authenticationclient.TokenReviewInterface, authn *AuthnConfig) (authenticator.Request, error)
type AuthnConfig
type AuthnHeaderConfig
type CancelableAuthRequest
- func NewOIDCAuthenticator(config *OIDCConfig) (CancelableAuthRequest, error)
type OIDCConfig
type X509Config

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewDelegatingAuthenticator ¶

func NewDelegatingAuthenticator(client authenticationclient.TokenReviewInterface, authn *AuthnConfig) (authenticator.Request, error)

NewDelegatingAuthenticator creates an authenticator compatible with the kubelet's needs

Types ¶

type AuthnConfig ¶

type AuthnConfig struct {
	X509   *X509Config
	Header *AuthnHeaderConfig
	OIDC   *OIDCConfig
}

AuthnConfig holds all configurations related to authentication options

type AuthnHeaderConfig ¶

type AuthnHeaderConfig struct {
	// When set to true, kube-rbac-proxy adds auth-related fields to the headers of http requests sent to the upstream
	Enabled bool
	// Corresponds to the name of the field inside a http(2) request header
	// to tell the upstream server about the user's name
	UserFieldName string
	// Corresponds to the name of the field inside a http(2) request header
	// to tell the upstream server about the user's groups
	GroupsFieldName string
	// The separator string used for concatenating multiple group names in a groups header field's value
	GroupSeparator string
}

AuthnHeaderConfig contains authentication header settings which enable more information about the user identity to be sent to the upstream

type CancelableAuthRequest ¶

type CancelableAuthRequest interface {
	authenticator.Request
	Cancel() //Cancels (stops) the underlying instance
}

Extends authenticator.Request interface with Cancel() function used to stop underlying authenticator instance once it's not needed anymore

func NewOIDCAuthenticator ¶

func NewOIDCAuthenticator(config *OIDCConfig) (CancelableAuthRequest, error)

NewOIDCAuthenticator returns OIDC authenticator wrapped as a CancelableAuthRequest instance. CancelableAuthRequest allows users to cancel the authenticator once it's not used anymore.

type OIDCConfig ¶

type OIDCConfig struct {
	IssuerURL            string
	ClientID             string
	CAFile               string
	UsernameClaim        string
	UsernamePrefix       string
	GroupsClaim          string
	GroupsPrefix         string
	SupportedSigningAlgs []string
}

OIDCConfig represents configuration used for JWT request authentication

type X509Config ¶

type X509Config struct {
	ClientCAFile string
}

X509Config holds public client certificate used for authentication requests if specified

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL