authn

package

v0.0.0-...-974b44e Latest Latest Go to latest Published: Jan 18, 2022 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kyma-project/kyma

Links

Open Source Insights

Documentation ¶

Index ¶

func NewDelegatingAuthenticator(client authenticationclient.TokenReviewInterface, authn *AuthnConfig) (authenticator.Request, error)
type AuthnConfig
type AuthnHeaderConfig
type CancelableAuthRequest
- func NewOIDCAuthenticator(config *OIDCConfig) (CancelableAuthRequest, error)
type OIDCConfig
type X509Config

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewDelegatingAuthenticator ¶

func NewDelegatingAuthenticator(client authenticationclient.TokenReviewInterface, authn *AuthnConfig) (authenticator.Request, error)

NewDelegatingAuthenticator creates an authenticator compatible with the kubelet's needs

Types ¶

type AuthnConfig ¶

type AuthnConfig struct {
	X509   *X509Config
	Header *AuthnHeaderConfig
	OIDC   *OIDCConfig
}

AuthnConfig holds all configurations related to authentication options

type AuthnHeaderConfig ¶

type AuthnHeaderConfig struct {
	// When set to true, kube-rbac-proxy adds auth-related fields to the headers of http requests sent to the upstream
	Enabled bool
	// Corresponds to the name of the field inside a http(2) request header
	// to tell the upstream server about the user's name
	UserFieldName string
	// Corresponds to the name of the field inside a http(2) request header
	// to tell the upstream server about the user's groups
	GroupsFieldName string
	// The separator string used for concatenating multiple group names in a groups header field's value
	GroupSeparator string
}

AuthnHeaderConfig contains authentication header settings which enable more information about the user identity to be sent to the upstream

type CancelableAuthRequest ¶

type CancelableAuthRequest interface {
	authenticator.Request
	Cancel() //Cancels (stops) the underlying instance
}

Extends authenticator.Request interface with Cancel() function used to stop underlying authenticator instance once it's not needed anymore

func NewOIDCAuthenticator ¶

func NewOIDCAuthenticator(config *OIDCConfig) (CancelableAuthRequest, error)

NewOIDCAuthenticator returns OIDC authenticator wrapped as a CancelableAuthRequest instance. CancelableAuthRequest allows users to cancel the authenticator once it's not used anymore.

type OIDCConfig ¶

type OIDCConfig struct {
	IssuerURL            string
	ClientID             string
	CAFile               string
	UsernameClaim        string
	UsernamePrefix       string
	GroupsClaim          string
	GroupsPrefix         string
	SupportedSigningAlgs []string
}

OIDCConfig represents configuration used for JWT request authentication

type X509Config ¶

type X509Config struct {
	ClientCAFile string
}

X509Config holds public client certificate used for authentication requests if specified

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL