import "istio.io/istio/security/pkg/server/ca/authenticate"
const (
ClientCertAuthenticatorType = "ClientCertAuthenticator"
IDTokenAuthenticatorType = "IDTokenAuthenticator"
)const (
KubeJWTAuthenticatorType = "KubeJWTAuthenticator"
)AuthSource represents where authentication result is derived from.
const (
AuthSourceClientCertificate AuthSource = iota
AuthSourceIDToken
)type Caller struct {
AuthSource AuthSource
Identities []string
}Caller carries the identity and authentication source of a caller.
type ClientCertAuthenticator struct{}ClientCertAuthenticator extracts identities from client certificate.
Authenticate extracts identities from presented client certificates. This method assumes that certificate chain has been properly validated before this method is called. In other words, this method does not do certificate chain validation itself.
func (cca *ClientCertAuthenticator) AuthenticatorType() string
type IDTokenAuthenticator struct {
// contains filtered or unexported fields
}IDTokenAuthenticator extracts identity from JWT. The JWT is required to be transmitted using the "Bearer" authentication scheme.
func NewIDTokenAuthenticator(aud string) (*IDTokenAuthenticator, error)
NewIDTokenAuthenticator creates a new IDTokenAuthenticator.
Authenticate authenticates a caller using the JWT in the context.
func (a *IDTokenAuthenticator) AuthenticatorType() string
type KubeJWTAuthenticator struct {
// contains filtered or unexported fields
}KubeJWTAuthenticator authenticates K8s JWTs.
func NewKubeJWTAuthenticator(k8sAPIServerURL, caCertPath, jwtPath, trustDomain, jwtPolicy string) (*KubeJWTAuthenticator, error)
NewKubeJWTAuthenticator creates a new kubeJWTAuthenticator.
Authenticate authenticates the call using the K8s JWT from the context. The returned Caller.Identities is in SPIFFE format.
func (a *KubeJWTAuthenticator) AuthenticatorType() string
Package authenticate imports 10 packages (graph) and is imported by 3 packages. Updated 2020-02-11. Refresh now. Tools for package owners.