2021-04-07 23:12:13 +00:00
|
|
|
// Copyright 2021 the Pinniped contributors. All Rights Reserved.
|
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
|
|
|
// Package ldap contains common LDAP functionality needed by Pinniped.
|
|
|
|
package ldap
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
|
|
|
|
"k8s.io/apiserver/pkg/authentication/authenticator"
|
|
|
|
)
|
|
|
|
|
|
|
|
// This interface is similar to the k8s token authenticator, but works with username/passwords instead
|
|
|
|
// of a single token string.
|
|
|
|
//
|
2021-04-09 00:28:01 +00:00
|
|
|
// The return values should be as follows.
|
|
|
|
// 1. For a successful authentication:
|
|
|
|
// - A response which includes the username, uid, and groups in the userInfo. The username and uid must not be blank.
|
|
|
|
// - true
|
|
|
|
// - nil error
|
|
|
|
// 2. For an unsuccessful authentication, e.g. bad username or password:
|
|
|
|
// - nil response
|
|
|
|
// - false
|
|
|
|
// - nil error
|
|
|
|
// 3. For an unexpected error, e.g. a network problem:
|
|
|
|
// - nil response
|
|
|
|
// - false
|
|
|
|
// - an error
|
|
|
|
// Other combinations of return values must be avoided.
|
|
|
|
//
|
2021-04-07 23:12:13 +00:00
|
|
|
// See k8s.io/apiserver/pkg/authentication/authenticator/interfaces.go for the token authenticator
|
|
|
|
// interface, as well as the Response type.
|
|
|
|
type UserAuthenticator interface {
|
|
|
|
AuthenticateUser(ctx context.Context, username, password string) (*authenticator.Response, bool, error)
|
|
|
|
}
|