package authentication
import "sigs.k8s.io/controller-runtime/pkg/webhook/authentication"
Package authentication provides implementation for authentication webhook and methods to implement authentication webhook handlers.
See examples/tokenreview/ for an example of authentication webhooks.
Index ¶
- type Handler
- type HandlerFunc
- type Request
- type Response
- func Authenticated(reason string, user authenticationv1.UserInfo) Response
- func Errored(err error) Response
- func ReviewResponse(authenticated bool, user authenticationv1.UserInfo, err string, audiences ...string) Response
- func Unauthenticated(reason string, user authenticationv1.UserInfo) Response
- func (r *Response) Complete(req Request) error
- type Webhook
Types ¶
type Handler ¶
type Handler interface {
// Handle yields a response to an TokenReview.
//
// The supplied context is extracted from the received http.Request, allowing wrapping
// http.Handlers to inject values into and control cancelation of downstream request processing.
Handle(context.Context, Request) Response
}
Handler can handle an TokenReview.
type HandlerFunc ¶
HandlerFunc implements Handler interface using a single function.
func (HandlerFunc) Handle ¶
func (f HandlerFunc) Handle(ctx context.Context, req Request) Response
Handle process the TokenReview by invoking the underlying function.
type Request ¶
type Request struct {
authenticationv1.TokenReview
}
Request defines the input for an authentication handler. It contains information to identify the object in question (group, version, kind, resource, subresource, name, namespace), as well as the operation in question (e.g. Get, Create, etc), and the object itself.
type Response ¶
type Response struct {
authenticationv1.TokenReview
}
Response is the output of an authentication handler. It contains a response indicating if a given operation is allowed.
func Authenticated ¶
func Authenticated(reason string, user authenticationv1.UserInfo) Response
Authenticated constructs a response indicating that the given token is valid.
func Errored ¶
Errored creates a new Response for error-handling a request.
func ReviewResponse ¶
func ReviewResponse(authenticated bool, user authenticationv1.UserInfo, err string, audiences ...string) Response
ReviewResponse returns a response for admitting a request.
func Unauthenticated ¶
func Unauthenticated(reason string, user authenticationv1.UserInfo) Response
Unauthenticated constructs a response indicating that the given token is not valid.
func (*Response) Complete ¶
Complete populates any fields that are yet to be set in the underlying TokenResponse, It mutates the response.
type Webhook ¶
type Webhook struct {
// Handler actually processes an authentication request returning whether it was authenticated or unauthenticated,
// and potentially patches to apply to the handler.
Handler Handler
// WithContextFunc will allow you to take the http.Request.Context() and
// add any additional information such as passing the request path or
// headers thus allowing you to read them from within the handler
WithContextFunc func(context.Context, *http.Request) context.Context
// contains filtered or unexported fields
}
Webhook represents each individual webhook.
func (*Webhook) Handle ¶
Handle processes TokenReview.
func (*Webhook) ServeHTTP ¶
func (wh *Webhook) ServeHTTP(w http.ResponseWriter, r *http.Request)
Source Files ¶
doc.go http.go response.go webhook.go
- Version
- v0.21.0 (latest)
- Published
- May 20, 2025
- Platform
- linux/amd64
- Imports
- 16 packages
- Last checked
- 25 minutes ago –
Tools for package owners.