Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type LDAPTokenIssuer ¶
type LDAPTokenIssuer struct { LDAPServer string LDAPAuthenticator ldap.Authenticator TokenSigner token.Signer }
LDAPTokenIssuer issues cryptographically secure tokens after authenticating the user against a backing LDAP directory.
func (*LDAPTokenIssuer) ServeHTTP ¶
func (lti *LDAPTokenIssuer) ServeHTTP(resp http.ResponseWriter, req *http.Request)
type TokenReviewRequest ¶
type TokenReviewRequest struct { Kind string `json:"kind"` APIVersion string `json:"apiVersion"` Spec TokenReviewSpec `json:"spec"` Status TokenReviewStatus `json:"status"` }
TokenReviewRequest is issued by K8s to this service
type TokenReviewSpec ¶
type TokenReviewSpec struct {
Token string `json:"token"`
}
TokenReviewSpec contains the token being reviewed
type TokenReviewStatus ¶
type TokenReviewStatus struct { // Authenticated is true if the token is valid Authenticated bool `json:"authenticated,omitempty"` // User contains information about the authenticated user. User UserInfo `json:"user,omitempty"` }
TokenReviewStatus is the result of the token authentication request.
type TokenWebhook ¶
type TokenWebhook struct {
// contains filtered or unexported fields
}
TokenWebhook responds to requests from the K8s authentication webhook
func NewTokenWebhook ¶
func NewTokenWebhook(verifier token.Verifier) *TokenWebhook
NewTokenWebhook returns a TokenWebhook with the given verifier
func (*TokenWebhook) ServeHTTP ¶
func (tw *TokenWebhook) ServeHTTP(resp http.ResponseWriter, req *http.Request)
ServeHTTP verifies the incoming token and sends the user's info back if the token is valid.
type UserInfo ¶
type UserInfo struct { // The name that uniquely identifies this user among all active users. Username string `json:"username,omitempty"` // A unique value that identifies this user across time. If this user is // deleted and another user by the same name is added, they will have // different UIDs. UID string `json:"uid,omitempty"` // The names of groups this user is a part of. Groups []string `json:"groups,omitempty"` // Any additional information provided by the authenticator. Extra map[string][]string `json:"extra,omitempty"` }
UserInfo contains information about the user
Click to show internal directories.
Click to hide internal directories.