mirror of https://github.com/k3s-io/k3s
81 lines
3.0 KiB
Go
81 lines
3.0 KiB
Go
|
/*
|
||
|
Copyright 2014 The Kubernetes Authors.
|
||
|
|
||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||
|
you may not use this file except in compliance with the License.
|
||
|
You may obtain a copy of the License at
|
||
|
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||
|
|
||
|
Unless required by applicable law or agreed to in writing, software
|
||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
See the License for the specific language governing permissions and
|
||
|
limitations under the License.
|
||
|
*/
|
||
|
|
||
|
package authenticator
|
||
|
|
||
|
import (
|
||
|
"context"
|
||
|
"net/http"
|
||
|
|
||
|
"k8s.io/apiserver/pkg/authentication/user"
|
||
|
)
|
||
|
|
||
|
// Token checks a string value against a backing authentication store and
|
||
|
// returns a Response or an error if the token could not be checked.
|
||
|
type Token interface {
|
||
|
AuthenticateToken(ctx context.Context, token string) (*Response, bool, error)
|
||
|
}
|
||
|
|
||
|
// Request attempts to extract authentication information from a request and
|
||
|
// returns a Response or an error if the request could not be checked.
|
||
|
type Request interface {
|
||
|
AuthenticateRequest(req *http.Request) (*Response, bool, error)
|
||
|
}
|
||
|
|
||
|
// Password checks a username and password against a backing authentication
|
||
|
// store and returns a Response or an error if the password could not be
|
||
|
// checked.
|
||
|
type Password interface {
|
||
|
AuthenticatePassword(ctx context.Context, user, password string) (*Response, bool, error)
|
||
|
}
|
||
|
|
||
|
// TokenFunc is a function that implements the Token interface.
|
||
|
type TokenFunc func(ctx context.Context, token string) (*Response, bool, error)
|
||
|
|
||
|
// AuthenticateToken implements authenticator.Token.
|
||
|
func (f TokenFunc) AuthenticateToken(ctx context.Context, token string) (*Response, bool, error) {
|
||
|
return f(ctx, token)
|
||
|
}
|
||
|
|
||
|
// RequestFunc is a function that implements the Request interface.
|
||
|
type RequestFunc func(req *http.Request) (*Response, bool, error)
|
||
|
|
||
|
// AuthenticateRequest implements authenticator.Request.
|
||
|
func (f RequestFunc) AuthenticateRequest(req *http.Request) (*Response, bool, error) {
|
||
|
return f(req)
|
||
|
}
|
||
|
|
||
|
// PasswordFunc is a function that implements the Password interface.
|
||
|
type PasswordFunc func(ctx context.Context, user, password string) (*Response, bool, error)
|
||
|
|
||
|
// AuthenticatePassword implements authenticator.Password.
|
||
|
func (f PasswordFunc) AuthenticatePassword(ctx context.Context, user, password string) (*Response, bool, error) {
|
||
|
return f(ctx, user, password)
|
||
|
}
|
||
|
|
||
|
// Response is the struct returned by authenticator interfaces upon successful
|
||
|
// authentication. It contains information about whether the authenticator
|
||
|
// authenticated the request, information about the context of the
|
||
|
// authentication, and information about the authenticated user.
|
||
|
type Response struct {
|
||
|
// Audiences is the set of audiences the authenticator was able to validate
|
||
|
// the token against. If the authenticator is not audience aware, this field
|
||
|
// will be empty.
|
||
|
Audiences Audiences
|
||
|
// User is the UserInfo associated with the authentication context.
|
||
|
User user.Info
|
||
|
}
|