604dd5b0c9
Change-Id: I3fd5bc4b62d26c7e6d118ba08b6c001c871fcbd3 Implements: blueprint service-controller-test Signed-off-by: mozhuli <21621232@zju.edu.cn>
84 lines
2.6 KiB
Go
84 lines
2.6 KiB
Go
/*
|
|
Copyright 2014 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package user
|
|
|
|
// Info describes a user that has been authenticated to the system.
|
|
type Info interface {
|
|
// GetName returns the name that uniquely identifies this user among all
|
|
// other active users.
|
|
GetName() string
|
|
// GetUID returns a unique value for a particular user that will change
|
|
// if the user is removed from the system and another user is added with
|
|
// the same name.
|
|
GetUID() string
|
|
// GetGroups returns the names of the groups the user is a member of
|
|
GetGroups() []string
|
|
|
|
// GetExtra can contain any additional information that the authenticator
|
|
// thought was interesting. One example would be scopes on a token.
|
|
// Keys in this map should be namespaced to the authenticator or
|
|
// authenticator/authorizer pair making use of them.
|
|
// For instance: "example.org/foo" instead of "foo"
|
|
// This is a map[string][]string because it needs to be serializeable into
|
|
// a SubjectAccessReviewSpec.authorization.k8s.io for proper authorization
|
|
// delegation flows
|
|
// In order to faithfully round-trip through an impersonation flow, these keys
|
|
// MUST be lowercase.
|
|
GetExtra() map[string][]string
|
|
}
|
|
|
|
// DefaultInfo provides a simple user information exchange object
|
|
// for components that implement the UserInfo interface.
|
|
type DefaultInfo struct {
|
|
Name string
|
|
UID string
|
|
Groups []string
|
|
Extra map[string][]string
|
|
}
|
|
|
|
func (i *DefaultInfo) GetName() string {
|
|
return i.Name
|
|
}
|
|
|
|
func (i *DefaultInfo) GetUID() string {
|
|
return i.UID
|
|
}
|
|
|
|
func (i *DefaultInfo) GetGroups() []string {
|
|
return i.Groups
|
|
}
|
|
|
|
func (i *DefaultInfo) GetExtra() map[string][]string {
|
|
return i.Extra
|
|
}
|
|
|
|
// well-known user and group names
|
|
const (
|
|
SystemPrivilegedGroup = "system:masters"
|
|
NodesGroup = "system:nodes"
|
|
AllUnauthenticated = "system:unauthenticated"
|
|
AllAuthenticated = "system:authenticated"
|
|
|
|
Anonymous = "system:anonymous"
|
|
APIServerUser = "system:apiserver"
|
|
|
|
// core kubernetes process identities
|
|
KubeProxy = "system:kube-proxy"
|
|
KubeControllerManager = "system:kube-controller-manager"
|
|
KubeScheduler = "system:kube-scheduler"
|
|
)
|