istio: istio.io/istio/security/pkg/server/ca/authenticate Index | Files

package authenticate

import "istio.io/istio/security/pkg/server/ca/authenticate"

Index

Package Files

authenticator.go kube_jwt.go

Constants

const (
    ClientCertAuthenticatorType = "ClientCertAuthenticator"
    IDTokenAuthenticatorType    = "IDTokenAuthenticator"
)
const (
    KubeJWTAuthenticatorType = "KubeJWTAuthenticator"
)

type AuthSource Uses

type AuthSource int

AuthSource represents where authentication result is derived from.

const (
    AuthSourceClientCertificate AuthSource = iota
    AuthSourceIDToken
)

type Caller Uses

type Caller struct {
    AuthSource AuthSource
    Identities []string
}

Caller carries the identity and authentication source of a caller.

type ClientCertAuthenticator Uses

type ClientCertAuthenticator struct{}

ClientCertAuthenticator extracts identities from client certificate.

func (*ClientCertAuthenticator) Authenticate Uses

func (cca *ClientCertAuthenticator) Authenticate(ctx context.Context) (*Caller, error)

Authenticate extracts identities from presented client certificates. This method assumes that certificate chain has been properly validated before this method is called. In other words, this method does not do certificate chain validation itself.

func (*ClientCertAuthenticator) AuthenticatorType Uses

func (cca *ClientCertAuthenticator) AuthenticatorType() string

type IDTokenAuthenticator Uses

type IDTokenAuthenticator struct {
    // contains filtered or unexported fields
}

IDTokenAuthenticator extracts identity from JWT. The JWT is required to be transmitted using the "Bearer" authentication scheme.

func NewIDTokenAuthenticator Uses

func NewIDTokenAuthenticator(aud string) (*IDTokenAuthenticator, error)

NewIDTokenAuthenticator creates a new IDTokenAuthenticator.

func (*IDTokenAuthenticator) Authenticate Uses

func (a *IDTokenAuthenticator) Authenticate(ctx context.Context) (*Caller, error)

Authenticate authenticates a caller using the JWT in the context.

func (*IDTokenAuthenticator) AuthenticatorType Uses

func (a *IDTokenAuthenticator) AuthenticatorType() string

type KubeJWTAuthenticator Uses

type KubeJWTAuthenticator struct {
    // contains filtered or unexported fields
}

KubeJWTAuthenticator authenticates K8s JWTs.

func NewKubeJWTAuthenticator Uses

func NewKubeJWTAuthenticator(k8sAPIServerURL, caCertPath, jwtPath, trustDomain string) (*KubeJWTAuthenticator, error)

NewKubeJWTAuthenticator creates a new kubeJWTAuthenticator.

func (*KubeJWTAuthenticator) Authenticate Uses

func (a *KubeJWTAuthenticator) Authenticate(ctx context.Context) (*Caller, error)

Authenticate authenticates the call using the K8s JWT from the context. The returned Caller.Identities is in SPIFFE format.

func (*KubeJWTAuthenticator) AuthenticatorType Uses

func (a *KubeJWTAuthenticator) AuthenticatorType() string

Package authenticate imports 10 packages (graph) and is imported by 1 packages. Updated 2019-09-11. Refresh now. Tools for package owners.