Documentation
¶
Overview ¶
Package oidc provides utilities for resolving OIDC configuration from various sources including Kubernetes service accounts, ConfigMaps, and inline configurations.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type OIDCConfig ¶
type OIDCConfig struct {
Issuer string
Audience string
JWKSURL string
IntrospectionURL string
ClientID string
ClientSecret string // #nosec G117 -- not a hardcoded credential, populated at runtime from config
ThvCABundlePath string
JWKSAuthTokenPath string
ResourceURL string
JWKSAllowPrivateIP bool
ProtectedResourceAllowPrivateIP bool
InsecureAllowHTTP bool
Scopes []string
}
OIDCConfig represents the resolved OIDC configuration values
type OIDCConfigurable ¶ added in v0.3.10
type OIDCConfigurable interface {
GetName() string
GetNamespace() string
GetOIDCConfig() *mcpv1alpha1.OIDCConfigRef
GetProxyPort() int32
}
OIDCConfigurable is an interface for resources that have OIDC configuration
type Resolver ¶
type Resolver interface {
// Resolve takes any resource implementing OIDCConfigurable and resolves its OIDC config
Resolve(ctx context.Context, resource OIDCConfigurable) (*OIDCConfig, error)
// ResolveFromConfigRef resolves OIDC configuration from an MCPOIDCConfig reference.
// It fetches the MCPOIDCConfig resource and merges shared provider config with
// per-server overrides (audience, scopes) from the reference.
ResolveFromConfigRef(
ctx context.Context,
oidcConfigRef *mcpv1alpha1.MCPOIDCConfigReference,
oidcConfig *mcpv1alpha1.MCPOIDCConfig,
serverName, namespace string,
proxyPort int32,
) (*OIDCConfig, error)
}
Resolver is the interface for resolving OIDC configuration from various sources
func NewResolver ¶
NewResolver creates a new OIDC configuration resolver It accepts an optional Kubernetes client for ConfigMap resolution
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.