authenticate

package
v0.0.0-...-bf9fd61 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 18, 2024 License: Apache-2.0 Imports: 16 Imported by: 5

Documentation

Index

Constants

View Source 
const (
	ClientCertAuthenticatorType = "ClientCertAuthenticator"
)
View Source 
const (
	IDTokenAuthenticatorType = "IDTokenAuthenticator"
)
View Source 
const (
	XfccAuthenticatorType = "XfccAuthenticator"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type ClientCertAuthenticator 

type ClientCertAuthenticator struct{}

ClientCertAuthenticator extracts identities from client certificate.

func (*ClientCertAuthenticator) Authenticate 

func (cca *ClientCertAuthenticator) Authenticate(authCtx security.AuthContext) (*security.Caller, error)

Authenticate extracts identities from presented client certificates. This method assumes that certificate chain has been properly validated before this method is called. In other words, this method does not do certificate chain validation itself.

func (*ClientCertAuthenticator) AuthenticatorType 

func (cca *ClientCertAuthenticator) AuthenticatorType() string

type JwtAuthenticator 

type JwtAuthenticator struct {
	// contains filtered or unexported fields
}

func NewJwtAuthenticator 

func NewJwtAuthenticator(jwtRule *v1beta1.JWTRule) (*JwtAuthenticator, error)

newJwtAuthenticator is used when running istiod outside of a cluster, to validate the tokens using OIDC K8S is created with --service-account-issuer, service-account-signing-key-file and service-account-api-audiences which enable OIDC.

func (*JwtAuthenticator) Authenticate 

func (j *JwtAuthenticator) Authenticate(authRequest security.AuthContext) (*security.Caller, error)

Authenticate - based on the old OIDC authenticator for mesh expansion.

func (JwtAuthenticator) AuthenticatorType 

func (j JwtAuthenticator) AuthenticatorType() string

type JwtPayload 

type JwtPayload struct {
	// Aud is the expected audience, defaults to istio-ca - but is based on istiod.yaml configuration.
	// If set to a different value - use the value defined by istiod.yaml. Env variable can
	// still override
	Aud []string `json:"aud"`

	// Exp is not currently used - we don't use the token for authn, just to determine k8s settings
	Exp int `json:"exp"`

	// Issuer - configured by K8S admin for projected tokens. Will be used to verify all tokens.
	Iss string `json:"iss"`

	Sub string `json:"sub"`
}

type XfccAuthenticator 

type XfccAuthenticator struct{}

XfccAuthenticator extracts identities from Xfcc header.

func (XfccAuthenticator) Authenticate 

func (xff XfccAuthenticator) Authenticate(ctx security.AuthContext) (*security.Caller, error)

Authenticate extracts identities from Xfcc Header.

func (XfccAuthenticator) AuthenticatorType 

func (xff XfccAuthenticator) AuthenticatorType() string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.