Directories ¶
Path | Synopsis |
---|---|
cmd
|
|
pinniped-concierge-kube-cert-agent
Package main is the combined entrypoint for the Pinniped "kube-cert-agent" component.
|
Package main is the combined entrypoint for the Pinniped "kube-cert-agent" component. |
pinniped-server
Package main is the combined entrypoint for all Pinniped server components.
|
Package main is the combined entrypoint for all Pinniped server components. |
generated
|
|
latest/apis/concierge/authentication/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped concierge authentication API.
|
Package v1alpha1 is the v1alpha1 version of the Pinniped concierge authentication API. |
latest/apis/concierge/config/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped concierge configuration API.
|
Package v1alpha1 is the v1alpha1 version of the Pinniped concierge configuration API. |
latest/apis/concierge/identity
Package identity is the internal version of the Pinniped identity API.
|
Package identity is the internal version of the Pinniped identity API. |
latest/apis/concierge/identity/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped identity API.
|
Package v1alpha1 is the v1alpha1 version of the Pinniped identity API. |
latest/apis/concierge/login
Package login is the internal version of the Pinniped login API.
|
Package login is the internal version of the Pinniped login API. |
latest/apis/concierge/login/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped login API.
|
Package v1alpha1 is the v1alpha1 version of the Pinniped login API. |
latest/apis/supervisor/clientsecret
Package clientsecret is the internal version of the Pinniped client secret API.
|
Package clientsecret is the internal version of the Pinniped client secret API. |
latest/apis/supervisor/clientsecret/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API. |
latest/apis/supervisor/config/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor configuration API.
|
Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor configuration API. |
latest/apis/supervisor/idp/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor identity provider (IDP) API.
|
Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor identity provider (IDP) API. |
latest/client/concierge/clientset/versioned/fake
This package has the automatically generated fake clientset.
|
This package has the automatically generated fake clientset. |
latest/client/concierge/clientset/versioned/scheme
This package contains the scheme of the automatically generated clientset.
|
This package contains the scheme of the automatically generated clientset. |
latest/client/concierge/clientset/versioned/typed/authentication/v1alpha1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
latest/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
latest/client/concierge/clientset/versioned/typed/config/v1alpha1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
latest/client/concierge/clientset/versioned/typed/config/v1alpha1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
latest/client/concierge/clientset/versioned/typed/identity/v1alpha1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
latest/client/concierge/clientset/versioned/typed/login/v1alpha1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
latest/client/concierge/clientset/versioned/typed/login/v1alpha1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
latest/client/supervisor/clientset/versioned/fake
This package has the automatically generated fake clientset.
|
This package has the automatically generated fake clientset. |
latest/client/supervisor/clientset/versioned/scheme
This package contains the scheme of the automatically generated clientset.
|
This package contains the scheme of the automatically generated clientset. |
latest/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
latest/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
latest/client/supervisor/clientset/versioned/typed/config/v1alpha1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
latest/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
latest/client/supervisor/clientset/versioned/typed/idp/v1alpha1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
latest/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
1.17/apis
Module
|
|
1.17/client
Module
|
|
1.18/apis
Module
|
|
1.18/client
Module
|
|
1.19/apis
Module
|
|
1.19/client
Module
|
|
1.20/apis
Module
|
|
1.20/client
Module
|
|
1.21/apis
Module
|
|
1.21/client
Module
|
|
1.22/apis
Module
|
|
1.22/client
Module
|
|
1.23/apis
Module
|
|
1.23/client
Module
|
|
1.24/apis
Module
|
|
1.24/client
Module
|
|
1.25/apis
Module
|
|
1.25/client
Module
|
|
1.26/apis
Module
|
|
1.26/client
Module
|
|
1.27/apis
Module
|
|
1.27/client
Module
|
|
1.28/apis
Module
|
|
1.28/client
Module
|
|
1.29/apis
Module
|
|
1.29/client
Module
|
|
1.30/apis
Module
|
|
1.30/client
Module
|
|
1.31/apis
Module
|
|
1.31/client
Module
|
|
internal
|
|
authenticators
Package authenticators contains authenticator interfaces.
|
Package authenticators contains authenticator interfaces. |
celtransformer
Package celtransformer is an implementation of upstream-to-downstream identity transformations and policies using CEL scripts.
|
Package celtransformer is an implementation of upstream-to-downstream identity transformations and policies using CEL scripts. |
certauthority
Package certauthority implements a simple x509 certificate authority suitable for use in an aggregated API service.
|
Package certauthority implements a simple x509 certificate authority suitable for use in an aggregated API service. |
certauthority/dynamiccertauthority
Package dynamiccertauthority implements a x509 certificate authority capable of issuing certificates from a dynamically updating CA keypair.
|
Package dynamiccertauthority implements a x509 certificate authority capable of issuing certificates from a dynamically updating CA keypair. |
concierge/impersonator
Package impersonator implements an HTTP server that reverse proxies all requests to the Kubernetes API server with impersonation headers set to match the calling user.
|
Package impersonator implements an HTTP server that reverse proxies all requests to the Kubernetes API server with impersonation headers set to match the calling user. |
concierge/scheme
Package scheme contains code to construct a proper runtime.Scheme for the Concierge aggregated API.
|
Package scheme contains code to construct a proper runtime.Scheme for the Concierge aggregated API. |
concierge/server
Package server is the command line entry point for pinniped-concierge.
|
Package server is the command line entry point for pinniped-concierge. |
config/concierge
Package concierge contains functionality to load/store Config's from/to some source.
|
Package concierge contains functionality to load/store Config's from/to some source. |
config/supervisor
Package supervisor contains functionality to load/store Config's from/to some source.
|
Package supervisor contains functionality to load/store Config's from/to some source. |
controller/apicerts
Package apicerts contains controllers that work together to provide rotating API certs.
|
Package apicerts contains controllers that work together to provide rotating API certs. |
controller/authenticator
Package authenticator contains helper code for dealing with *Authenticator CRDs.
|
Package authenticator contains helper code for dealing with *Authenticator CRDs. |
controller/authenticator/authncache
Package authncache implements a cache of active authenticators.
|
Package authncache implements a cache of active authenticators. |
controller/authenticator/cachecleaner
Package cachecleaner implements a controller for garbage collecting authenticators from an authenticator cache.
|
Package cachecleaner implements a controller for garbage collecting authenticators from an authenticator cache. |
controller/authenticator/jwtcachefiller
Package jwtcachefiller implements a controller for filling an authncache.Cache with each added/updated JWTAuthenticator.
|
Package jwtcachefiller implements a controller for filling an authncache.Cache with each added/updated JWTAuthenticator. |
controller/authenticator/webhookcachefiller
Package webhookcachefiller implements a controller for filling an authncache.Cache with each added/updated WebhookAuthenticator.
|
Package webhookcachefiller implements a controller for filling an authncache.Cache with each added/updated WebhookAuthenticator. |
controller/issuerconfig
Package issuerconfig contains helpers for updating CredentialIssuer status entries.
|
Package issuerconfig contains helpers for updating CredentialIssuer status entries. |
controller/kubecertagent
Package kubecertagent provides controllers that ensure a pod (the kube-cert-agent), is co-located with the Kubernetes controller manager so that Pinniped can access its signing keys.
|
Package kubecertagent provides controllers that ensure a pod (the kube-cert-agent), is co-located with the Kubernetes controller manager so that Pinniped can access its signing keys. |
controller/supervisorconfig/activedirectoryupstreamwatcher
Package activedirectoryupstreamwatcher implements a controller which watches ActiveDirectoryIdentityProviders.
|
Package activedirectoryupstreamwatcher implements a controller which watches ActiveDirectoryIdentityProviders. |
controller/supervisorconfig/generator
Package generator provides a supervisorSecretsController that can ensure existence of a generated secret.
|
Package generator provides a supervisorSecretsController that can ensure existence of a generated secret. |
controller/supervisorconfig/githubupstreamwatcher
Package githubupstreamwatcher implements a controller which watches GitHubIdentityProviders.
|
Package githubupstreamwatcher implements a controller which watches GitHubIdentityProviders. |
controller/supervisorconfig/ldapupstreamwatcher
Package ldapupstreamwatcher implements a controller which watches LDAPIdentityProviders.
|
Package ldapupstreamwatcher implements a controller which watches LDAPIdentityProviders. |
controller/supervisorconfig/oidcupstreamwatcher
Package oidcupstreamwatcher implements a controller which watches OIDCIdentityProviders.
|
Package oidcupstreamwatcher implements a controller which watches OIDCIdentityProviders. |
controllermanager
Package controllermanager provides an entrypoint into running all of the controllers that run as a part of Pinniped.
|
Package controllermanager provides an entrypoint into running all of the controllers that run as a part of Pinniped. |
crypto/fips
Package fips can be imported to enable fipsonly tls mode when compiling with fips_strict.
|
Package fips can be imported to enable fipsonly tls mode when compiling with fips_strict. |
downward
Package downward implements a client interface for interacting with Kubernetes "downwardAPI" volumes.
|
Package downward implements a client interface for interacting with Kubernetes "downwardAPI" volumes. |
dynamiccert
Package dynamiccert provides a simple way of communicating a dynamically updating PEM-encoded certificate and key.
|
Package dynamiccert provides a simple way of communicating a dynamically updating PEM-encoded certificate and key. |
endpointaddr
Package endpointaddr implements parsing and validation of "<host>[:<port>]" strings for Pinniped APIs.
|
Package endpointaddr implements parsing and validation of "<host>[:<port>]" strings for Pinniped APIs. |
execcredcache
Package execcredcache implements a cache for Kubernetes ExecCredential data.
|
Package execcredcache implements a cache for Kubernetes ExecCredential data. |
federationdomain/clientregistry
Package clientregistry defines Pinniped's OAuth2/OIDC clients.
|
Package clientregistry defines Pinniped's OAuth2/OIDC clients. |
federationdomain/csp
Package csp defines helpers related to HTML Content Security Policies.
|
Package csp defines helpers related to HTML Content Security Policies. |
federationdomain/downstreamsession
Package downstreamsession provides some shared helpers for creating downstream OIDC sessions.
|
Package downstreamsession provides some shared helpers for creating downstream OIDC sessions. |
federationdomain/dynamiccodec
Package dynamiccodec provides a type that can encode information using a just-in-time signing and (optionally) encryption secret.
|
Package dynamiccodec provides a type that can encode information using a just-in-time signing and (optionally) encryption secret. |
federationdomain/endpoints/auth
Package auth provides a handler for the OIDC authorization endpoint.
|
Package auth provides a handler for the OIDC authorization endpoint. |
federationdomain/endpoints/callback
Package callback provides a handler for the OIDC callback endpoint.
|
Package callback provides a handler for the OIDC callback endpoint. |
federationdomain/endpoints/discovery
Package discovery provides a handler for the OIDC discovery endpoint.
|
Package discovery provides a handler for the OIDC discovery endpoint. |
federationdomain/endpoints/idpdiscovery
Package idpdiscovery provides a handler for the upstream IDP discovery endpoint.
|
Package idpdiscovery provides a handler for the upstream IDP discovery endpoint. |
federationdomain/endpoints/jwks
Package discovery provides a handler for the OIDC discovery endpoint.
|
Package discovery provides a handler for the OIDC discovery endpoint. |
federationdomain/endpoints/login/loginhtml
Package loginhtml defines HTML templates used by the Supervisor.
|
Package loginhtml defines HTML templates used by the Supervisor. |
federationdomain/endpoints/token
Package token provides a handler for the OIDC token endpoint.
|
Package token provides a handler for the OIDC token endpoint. |
federationdomain/formposthtml
Package formposthtml defines HTML templates used by the Supervisor.
|
Package formposthtml defines HTML templates used by the Supervisor. |
federationdomain/oidc
Package oidc contains common OIDC functionality needed by FederationDomains to implement downstream OIDC functionality.
|
Package oidc contains common OIDC functionality needed by FederationDomains to implement downstream OIDC functionality. |
httputil/httperr
Package httperr contains some helpers for nicer error handling in http.Handler implementations.
|
Package httperr contains some helpers for nicer error handling in http.Handler implementations. |
httputil/securityheader
Package securityheader implements an HTTP middleware for setting security-related response headers.
|
Package securityheader implements an HTTP middleware for setting security-related response headers. |
idtransform
Package idtransform defines upstream-to-downstream identity transformations which could be implemented using various approaches or languages.
|
Package idtransform defines upstream-to-downstream identity transformations which could be implemented using various approaches or languages. |
localuserauthenticator
Package localuserauthenticator provides a authentication webhook program.
|
Package localuserauthenticator provides a authentication webhook program. |
mocks/mockcachevalue
Package mockcachevalue is a generated GoMock package.
|
Package mockcachevalue is a generated GoMock package. |
mocks/mockcredentialrequest
Package mockcredentialrequest is a generated GoMock package.
|
Package mockcredentialrequest is a generated GoMock package. |
mocks/mockgithubclient
Package mockgithubclient is a generated GoMock package.
|
Package mockgithubclient is a generated GoMock package. |
mocks/mockissuer
Package mockissuer is a generated GoMock package.
|
Package mockissuer is a generated GoMock package. |
mocks/mockkeyset
Package mockkeyset is a generated GoMock package.
|
Package mockkeyset is a generated GoMock package. |
mocks/mockkubecertagent
Package mocks is a generated GoMock package.
|
Package mocks is a generated GoMock package. |
mocks/mockldapconn
Package mockldapconn is a generated GoMock package.
|
Package mockldapconn is a generated GoMock package. |
mocks/mockoidcclientoptions
Package mockoidcclientoptions is a generated GoMock package.
|
Package mockoidcclientoptions is a generated GoMock package. |
mocks/mocksecrethelper
Package mocksecrethelper is a generated GoMock package.
|
Package mocksecrethelper is a generated GoMock package. |
mocks/mockupstreamoidcidentityprovider
Package mockupstreamoidcidentityprovider is a generated GoMock package.
|
Package mockupstreamoidcidentityprovider is a generated GoMock package. |
plog
Package plog implements a thin layer over logr to help enforce pinniped's logging convention.
|
Package plog implements a thin layer over logr to help enforce pinniped's logging convention. |
registry/clientsecretrequest
Package clientsecretrequest provides REST functionality for the CredentialRequest resource.
|
Package clientsecretrequest provides REST functionality for the CredentialRequest resource. |
registry/credentialrequest
Package credentialrequest provides REST functionality for the CredentialRequest resource.
|
Package credentialrequest provides REST functionality for the CredentialRequest resource. |
supervisor/scheme
Package scheme contains code to construct a proper runtime.Scheme for the Supervisor aggregated API.
|
Package scheme contains code to construct a proper runtime.Scheme for the Supervisor aggregated API. |
supervisor/server
Package server defines the entrypoint for the Pinniped Supervisor server.
|
Package server defines the entrypoint for the Pinniped Supervisor server. |
testutil
Package testutil contains shared test utilities for the Pinniped project.
|
Package testutil contains shared test utilities for the Pinniped project. |
testutil/fakekubeapi
Package fakekubeapi contains a *very* simple httptest.Server that can be used to stand in for a real Kube API server in tests.
|
Package fakekubeapi contains a *very* simple httptest.Server that can be used to stand in for a real Kube API server in tests. |
testutil/testlogger
Package testlogger wraps logr.Logger to allow for writing test assertions.
|
Package testlogger wraps logr.Logger to allow for writing test assertions. |
upstreamgithub
Package upstreamgithub implements an abstraction of upstream GitHub provider interactions.
|
Package upstreamgithub implements an abstraction of upstream GitHub provider interactions. |
upstreamldap
Package upstreamldap implements an abstraction of upstream LDAP IDP interactions.
|
Package upstreamldap implements an abstraction of upstream LDAP IDP interactions. |
upstreamoidc
Package upstreamoidc implements an abstraction of upstream OIDC provider interactions.
|
Package upstreamoidc implements an abstraction of upstream OIDC provider interactions. |
pkg
|
|
conciergeclient
Package conciergeclient provides login helpers for the Pinniped concierge.
|
Package conciergeclient provides login helpers for the Pinniped concierge. |
oidcclient
Package oidcclient implements a CLI OIDC login flow.
|
Package oidcclient implements a CLI OIDC login flow. |
oidcclient/filesession
Package filesession implements the file format for session caches.
|
Package filesession implements the file format for session caches. |
oidcclient/nonce
Package nonce implements helpers for OIDC nonce parameter handling.
|
Package nonce implements helpers for OIDC nonce parameter handling. |
oidcclient/oidctypes
Package oidctypes provides core data types for OIDC token structures.
|
Package oidctypes provides core data types for OIDC token structures. |
test
|
|
testlib/browsertest
Package browsertest provides integration test helpers for our browser-based tests.
|
Package browsertest provides integration test helpers for our browser-based tests. |
Click to show internal directories.
Click to hide internal directories.