apiserver: k8s.io/apiserver/pkg/authentication/user Index | Files

package user

import "k8s.io/apiserver/pkg/authentication/user"

Package user contains utilities for dealing with simple user exchange in the auth packages. The user.Info interface defines an interface for exchanging that info.


Package Files

doc.go user.go


const (
    SystemPrivilegedGroup = "system:masters"
    NodesGroup            = "system:nodes"
    MonitoringGroup       = "system:monitoring"
    AllUnauthenticated    = "system:unauthenticated"
    AllAuthenticated      = "system:authenticated"

    Anonymous     = "system:anonymous"
    APIServerUser = "system:apiserver"

    // core kubernetes process identities
    KubeProxy             = "system:kube-proxy"
    KubeControllerManager = "system:kube-controller-manager"
    KubeScheduler         = "system:kube-scheduler"

well-known user and group names

type DefaultInfo Uses

type DefaultInfo struct {
    Name   string
    UID    string
    Groups []string
    Extra  map[string][]string

DefaultInfo provides a simple user information exchange object for components that implement the UserInfo interface.

func (*DefaultInfo) GetExtra Uses

func (i *DefaultInfo) GetExtra() map[string][]string

func (*DefaultInfo) GetGroups Uses

func (i *DefaultInfo) GetGroups() []string

func (*DefaultInfo) GetName Uses

func (i *DefaultInfo) GetName() string

func (*DefaultInfo) GetUID Uses

func (i *DefaultInfo) GetUID() string

type Info Uses

type Info interface {
    // GetName returns the name that uniquely identifies this user among all
    // other active users.
    GetName() string
    // GetUID returns a unique value for a particular user that will change
    // if the user is removed from the system and another user is added with
    // the same name.
    GetUID() string
    // GetGroups returns the names of the groups the user is a member of
    GetGroups() []string

    // GetExtra can contain any additional information that the authenticator
    // thought was interesting.  One example would be scopes on a token.
    // Keys in this map should be namespaced to the authenticator or
    // authenticator/authorizer pair making use of them.
    // For instance: "example.org/foo" instead of "foo"
    // This is a map[string][]string because it needs to be serializeable into
    // a SubjectAccessReviewSpec.authorization.k8s.io for proper authorization
    // delegation flows
    // In order to faithfully round-trip through an impersonation flow, these keys
    // MUST be lowercase.
    GetExtra() map[string][]string

Info describes a user that has been authenticated to the system.

Package user is imported by 757 packages. Updated 2020-08-29. Refresh now. Tools for package owners.