keystone

package

v0.0.0-...-4648fbd Latest Latest Go to latest Published: Jan 25, 2018 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/dims/k8s-keystone-auth

Links

Open Source Insights

Documentation ¶

Index ¶

func NewFromFile(path string) (policyList, error)
type KeystoneAuthenticator
- func NewKeystoneAuthenticator(authURL string, caFile string) (*KeystoneAuthenticator, error)
- func (keystoneAuthenticator *KeystoneAuthenticator) AuthenticateToken(token string) (user.Info, bool, error)
type KeystoneAuthorizer
- func NewKeystoneAuthorizer(authURL string, caFile string, policyFile string) (*KeystoneAuthorizer, error)
- func (KeystoneAuthorizer *KeystoneAuthorizer) Authorize(a authorizer.Attributes) (authorized bool, reason string, err error)
type Match
type NonResourcePolicySpec
type Policy
type ResourcePolicySpec

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewFromFile ¶

func NewFromFile(path string) (policyList, error)

Types ¶

type KeystoneAuthenticator ¶

type KeystoneAuthenticator struct {
	// contains filtered or unexported fields
}

KeystoneAuthenticator contacts openstack keystone to validate user's token passed in the request. The keystone endpoint is passed during apiserver startup

func NewKeystoneAuthenticator ¶

func NewKeystoneAuthenticator(authURL string, caFile string) (*KeystoneAuthenticator, error)

NewKeystoneAuthenticator returns a password authenticator that validates credentials using openstack keystone

func (*KeystoneAuthenticator) AuthenticateToken ¶

func (keystoneAuthenticator *KeystoneAuthenticator) AuthenticateToken(token string) (user.Info, bool, error)

AuthenticatePassword checks the token via Keystone call

type KeystoneAuthorizer ¶

type KeystoneAuthorizer struct {
	// contains filtered or unexported fields
}

func NewKeystoneAuthorizer ¶

func NewKeystoneAuthorizer(authURL string, caFile string, policyFile string) (*KeystoneAuthorizer, error)

func (*KeystoneAuthorizer) Authorize ¶

func (KeystoneAuthorizer *KeystoneAuthorizer) Authorize(a authorizer.Attributes) (authorized bool, reason string, err error)

type Match ¶

type Match struct {
	Type string `json:"type"`

	Value string `json:"value"`
}

type NonResourcePolicySpec ¶

type NonResourcePolicySpec struct {
	// Kubernetes resource API verb like: get, list, watch, create, update, delete, proxy.
	// "*" matches all verbs.
	Verb string `json:"verb"`

	// NonResourcePath matches non-resource request paths.
	// "*" matches all paths
	// "/foo/*" matches all subpaths of foo
	NonResourcePath *string `json:"path"`
}

type Policy ¶

type Policy struct {
	ResourceSpec *ResourcePolicySpec `json:"resource,omitempty"`

	NonResourceSpec *NonResourcePolicySpec `json:"nonresource,omitempty"`

	// One of user:foo, project:bar, role:baz, group:qux
	Match Match `json:"match"`
}

type ResourcePolicySpec ¶

type ResourcePolicySpec struct {
	// Kubernetes resource API verb like: get, list, watch, create, update, delete, proxy.
	// "*" matches all verbs.
	Verb string `json:"verb"`

	// Resource is the name of a resource.
	// "*" matches all resources
	Resource *string `json:"resource"`

	// APIGroup is the name of an API group.
	// "*" matches all API groups
	APIGroup *string `json:"version"`

	// Namespace is the name of a namespace.
	// "*" matches all namespaces (including unnamespaced requests)
	Namespace *string `json:"namespace"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL