Version: v0.11.1 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Feb 10, 2022 License: Apache-2.0 Imports: 16 Imported by: 1



Package authentication provides implementation for authentication webhook and methods to implement authentication webhook handlers.

See examples/tokenreview/ for an example of authentication webhooks.



This section is empty.


This section is empty.


This section is empty.


type Handler

type Handler interface {
	// Handle yields a response to an TokenReview.
	// The supplied context is extracted from the received http.Request, allowing wrapping
	// http.Handlers to inject values into and control cancelation of downstream request processing.
	Handle(context.Context, Request) Response

Handler can handle an TokenReview.

type HandlerFunc

type HandlerFunc func(context.Context, Request) Response

HandlerFunc implements Handler interface using a single function.

func (HandlerFunc) Handle

func (f HandlerFunc) Handle(ctx context.Context, req Request) Response

Handle process the TokenReview by invoking the underlying function.

type Request

type Request struct {

Request defines the input for an authentication handler. It contains information to identify the object in question (group, version, kind, resource, subresource, name, namespace), as well as the operation in question (e.g. Get, Create, etc), and the object itself.

type Response

type Response struct {

Response is the output of an authentication handler. It contains a response indicating if a given operation is allowed.

func Authenticated

func Authenticated(reason string, user authenticationv1.UserInfo) Response

Authenticated constructs a response indicating that the given token is valid.

func Errored

func Errored(err error) Response

Errored creates a new Response for error-handling a request.

func ReviewResponse

func ReviewResponse(authenticated bool, user authenticationv1.UserInfo, err string, audiences ...string) Response

ReviewResponse returns a response for admitting a request.

func Unauthenticated

func Unauthenticated(reason string, user authenticationv1.UserInfo) Response

Unauthenticated constructs a response indicating that the given token is not valid.

func (*Response) Complete

func (r *Response) Complete(req Request) error

Complete populates any fields that are yet to be set in the underlying TokenResponse, It mutates the response.

type Webhook

type Webhook struct {
	// Handler actually processes an authentication request returning whether it was authenticated or unauthenticated,
	// and potentially patches to apply to the handler.
	Handler Handler

	// WithContextFunc will allow you to take the http.Request.Context() and
	// add any additional information such as passing the request path or
	// headers thus allowing you to read them from within the handler
	WithContextFunc func(context.Context, *http.Request) context.Context
	// contains filtered or unexported fields

Webhook represents each individual webhook.

func (*Webhook) Handle

func (wh *Webhook) Handle(ctx context.Context, req Request) Response

Handle processes TokenReview.

func (*Webhook) InjectFunc

func (wh *Webhook) InjectFunc(f inject.Func) error

InjectFunc injects the field setter into the webhook.

func (*Webhook) InjectLogger

func (wh *Webhook) InjectLogger(l logr.Logger) error

InjectLogger gets a handle to a logging instance, hopefully with more info about this particular webhook.

func (*Webhook) ServeHTTP

func (wh *Webhook) ServeHTTP(w http.ResponseWriter, r *http.Request)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL