apiserver: k8s.io/apiserver/pkg/authentication/authenticatorfactory Index | Files

package authenticatorfactory

import "k8s.io/apiserver/pkg/authentication/authenticatorfactory"

Index

Package Files

delegating.go loopback.go requestheader.go

func NewFromTokens Uses

func NewFromTokens(tokens map[string]*user.DefaultInfo) authenticator.Request

NewFromTokens returns an authenticator.Request or an error

type CAContentProvider Uses

type CAContentProvider interface {
    // Name is just an identifier
    Name() string
    // CurrentCABundleContent provides ca bundle byte content
    CurrentCABundleContent() []byte
    // VerifyOptions provides VerifyOptions for authenticators
    VerifyOptions() (x509.VerifyOptions, bool)
}

CAContentProvider provides ca bundle byte content

type DelegatingAuthenticatorConfig Uses

type DelegatingAuthenticatorConfig struct {
    Anonymous bool

    // TokenAccessReviewClient is a client to do token review. It can be nil. Then every token is ignored.
    TokenAccessReviewClient authenticationclient.TokenReviewInterface

    // CacheTTL is the length of time that a token authentication answer will be cached.
    CacheTTL time.Duration

    // CAContentProvider are the options for verifying incoming connections using mTLS and directly assigning to users.
    // Generally this is the CA bundle file used to authenticate client certificates
    // If this is nil, then mTLS will not be used.
    ClientCertificateCAContentProvider CAContentProvider

    APIAudiences authenticator.Audiences

    RequestHeaderConfig *RequestHeaderConfig
}

DelegatingAuthenticatorConfig is the minimal configuration needed to create an authenticator built to delegate authentication to a kube API server

func (DelegatingAuthenticatorConfig) New Uses

func (c DelegatingAuthenticatorConfig) New() (authenticator.Request, *spec.SecurityDefinitions, error)

type RequestHeaderConfig Uses

type RequestHeaderConfig struct {
    // UsernameHeaders are the headers to check (in order, case-insensitively) for an identity. The first header with a value wins.
    UsernameHeaders headerrequest.StringSliceProvider
    // GroupHeaders are the headers to check (case-insensitively) for a group names.  All values will be used.
    GroupHeaders headerrequest.StringSliceProvider
    // ExtraHeaderPrefixes are the head prefixes to check (case-insentively) for filling in
    // the user.Info.Extra.  All values of all matching headers will be added.
    ExtraHeaderPrefixes headerrequest.StringSliceProvider
    // CAContentProvider the options for verifying incoming connections using mTLS.  Generally this points to CA bundle file which is used verify the identity of the front proxy.
    //	It may produce different options at will.
    CAContentProvider CAContentProvider
    // AllowedClientNames is a list of common names that may be presented by the authenticating front proxy.  Empty means: accept any.
    AllowedClientNames headerrequest.StringSliceProvider
}

Package authenticatorfactory imports 17 packages (graph) and is imported by 114 packages. Updated 2019-11-18. Refresh now. Tools for package owners.