authentication

package
v1.21.0-alpha.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 13, 2021 License: Apache-2.0 Imports: 4 Imported by: 473

Documentation

Index

Constants

View Source
const (
	// ImpersonateUserHeader is used to impersonate a particular user during an API server request
	ImpersonateUserHeader = "Impersonate-User"

	// ImpersonateGroupHeader is used to impersonate a particular group during an API server request.
	// It can be repeated multiplied times for multiple groups.
	ImpersonateGroupHeader = "Impersonate-Group"

	// ImpersonateUserExtraHeaderPrefix is a prefix for any header used to impersonate an entry in the
	// extra map[string][]string for user.Info.  The key will be every after the prefix.
	// It can be repeated multiplied times for multiple map keys and the same key can be repeated multiple
	// times to have multiple elements in the slice under a single key
	ImpersonateUserExtraHeaderPrefix = "Impersonate-Extra-"
)
View Source
const GroupName = "authentication.k8s.io"

GroupName is the group name use in this package

Variables

View Source
var (
	// SchemeBuilder points to a list of functions added to Scheme.
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	// AddToScheme applies all the stored functions to the scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)
View Source
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}

SchemeGroupVersion is group version used to register these objects

Functions

func Kind

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns a Group qualified GroupKind

func Resource

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types

type BoundObjectReference added in v1.10.0

type BoundObjectReference struct {
	// Kind of the referent. Valid kinds are 'Pod' and 'Secret'.
	Kind string
	// API version of the referent.
	APIVersion string

	// Name of the referent.
	Name string
	// UID of the referent.
	UID types.UID
}

BoundObjectReference is a reference to an object that a token is bound to.

func (*BoundObjectReference) DeepCopy added in v1.10.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BoundObjectReference.

func (*BoundObjectReference) DeepCopyInto added in v1.10.0

func (in *BoundObjectReference) DeepCopyInto(out *BoundObjectReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExtraValue

type ExtraValue []string

ExtraValue masks the value so protobuf can generate

func (ExtraValue) DeepCopy added in v1.10.0

func (in ExtraValue) DeepCopy() ExtraValue

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue.

func (ExtraValue) DeepCopyInto added in v1.10.0

func (in ExtraValue) DeepCopyInto(out *ExtraValue)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TokenRequest added in v1.10.0

type TokenRequest struct {
	metav1.TypeMeta
	// ObjectMeta fulfills the metav1.ObjectMetaAccessor interface so that the stock
	// REST handler paths work
	metav1.ObjectMeta

	Spec   TokenRequestSpec
	Status TokenRequestStatus
}

TokenRequest requests a token for a given service account.

func (*TokenRequest) DeepCopy added in v1.10.0

func (in *TokenRequest) DeepCopy() *TokenRequest

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequest.

func (*TokenRequest) DeepCopyInto added in v1.10.0

func (in *TokenRequest) DeepCopyInto(out *TokenRequest)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TokenRequest) DeepCopyObject added in v1.10.0

func (in *TokenRequest) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TokenRequestSpec added in v1.10.0

type TokenRequestSpec struct {
	// Audiences are the intendend audiences of the token. A recipient of a
	// token must identify themself with an identifier in the list of
	// audiences of the token, and otherwise should reject the token. A
	// token issued for multiple audiences may be used to authenticate
	// against any of the audiences listed but implies a high degree of
	// trust between the target audiences.
	Audiences []string

	// ExpirationSeconds is the requested duration of validity of the request. The
	// token issuer may return a token with a different validity duration so a
	// client needs to check the 'expiration' field in a response.
	ExpirationSeconds int64

	// BoundObjectRef is a reference to an object that the token will be bound to.
	// The token will only be valid for as long as the bound object exists.
	// NOTE: The API server's TokenReview endpoint will validate the
	// BoundObjectRef, but other audiences may not. Keep ExpirationSeconds
	// small if you want prompt revocation.
	BoundObjectRef *BoundObjectReference
}

TokenRequestSpec contains client provided parameters of a token request.

func (*TokenRequestSpec) DeepCopy added in v1.10.0

func (in *TokenRequestSpec) DeepCopy() *TokenRequestSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequestSpec.

func (*TokenRequestSpec) DeepCopyInto added in v1.10.0

func (in *TokenRequestSpec) DeepCopyInto(out *TokenRequestSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TokenRequestStatus added in v1.10.0

type TokenRequestStatus struct {
	// Token is the opaque bearer token.
	Token string `datapolicy:"token"`
	// ExpirationTimestamp is the time of expiration of the returned token.
	ExpirationTimestamp metav1.Time
}

TokenRequestStatus is the result of a token request.

func (*TokenRequestStatus) DeepCopy added in v1.10.0

func (in *TokenRequestStatus) DeepCopy() *TokenRequestStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequestStatus.

func (*TokenRequestStatus) DeepCopyInto added in v1.10.0

func (in *TokenRequestStatus) DeepCopyInto(out *TokenRequestStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TokenReview

type TokenReview struct {
	metav1.TypeMeta
	// ObjectMeta fulfills the metav1.ObjectMetaAccessor interface so that the stock
	// REST handler paths work
	metav1.ObjectMeta

	// Spec holds information about the request being evaluated
	Spec TokenReviewSpec

	// Status is filled in by the server and indicates whether the request can be authenticated.
	Status TokenReviewStatus
}

TokenReview attempts to authenticate a token to a known user.

func (*TokenReview) DeepCopy added in v1.8.0

func (in *TokenReview) DeepCopy() *TokenReview

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenReview.

func (*TokenReview) DeepCopyInto added in v1.8.0

func (in *TokenReview) DeepCopyInto(out *TokenReview)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TokenReview) DeepCopyObject added in v1.8.0

func (in *TokenReview) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TokenReviewSpec

type TokenReviewSpec struct {
	// Token is the opaque bearer token.
	Token string `datapolicy:"token"`
	// Audiences is a list of the identifiers that the resource server presented
	// with the token identifies as. Audience-aware token authenticators will
	// verify that the token was intended for at least one of the audiences in
	// this list. If no audiences are provided, the audience will default to the
	// audience of the Kubernetes apiserver.
	Audiences []string
}

TokenReviewSpec is a description of the token authentication request.

func (*TokenReviewSpec) DeepCopy added in v1.8.0

func (in *TokenReviewSpec) DeepCopy() *TokenReviewSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenReviewSpec.

func (*TokenReviewSpec) DeepCopyInto added in v1.8.0

func (in *TokenReviewSpec) DeepCopyInto(out *TokenReviewSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TokenReviewStatus

type TokenReviewStatus struct {
	// Authenticated indicates that the token was associated with a known user.
	Authenticated bool
	// User is the UserInfo associated with the provided token.
	User UserInfo
	// Audiences are audience identifiers chosen by the authenticator that are
	// compatible with both the TokenReview and token. An identifier is any
	// identifier in the intersection of the TokenReviewSpec audiences and the
	// token's audiences. A client of the TokenReview API that sets the
	// spec.audiences field should validate that a compatible audience identifier
	// is returned in the status.audiences field to ensure that the TokenReview
	// server is audience aware. If a TokenReview returns an empty
	// status.audience field where status.authenticated is "true", the token is
	// valid against the audience of the Kubernetes API server.
	Audiences []string
	// Error indicates that the token couldn't be checked
	Error string
}

TokenReviewStatus is the result of the token authentication request. This type mirrors the authentication.Token interface

func (*TokenReviewStatus) DeepCopy added in v1.8.0

func (in *TokenReviewStatus) DeepCopy() *TokenReviewStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenReviewStatus.

func (*TokenReviewStatus) DeepCopyInto added in v1.8.0

func (in *TokenReviewStatus) DeepCopyInto(out *TokenReviewStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type UserInfo

type UserInfo struct {
	// The name that uniquely identifies this user among all active users.
	Username string
	// A unique value that identifies this user across time. If this user is
	// deleted and another user by the same name is added, they will have
	// different UIDs.
	UID string
	// The names of groups this user is a part of.
	Groups []string
	// Any additional information provided by the authenticator.
	Extra map[string]ExtraValue
}

UserInfo holds the information about the user needed to implement the user.Info interface.

func (*UserInfo) DeepCopy added in v1.8.0

func (in *UserInfo) DeepCopy() *UserInfo

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserInfo.

func (*UserInfo) DeepCopyInto added in v1.8.0

func (in *UserInfo) DeepCopyInto(out *UserInfo)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Directories

Path Synopsis
Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
Package validation contains methods to validate kinds in the authentication.k8s.io API group.
Package validation contains methods to validate kinds in the authentication.k8s.io API group.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL