59d999956c
also make extra refresh attributes a separate field rather than part of Extra Signed-off-by: Margo Crawford <margaretc@vmware.com>
42 lines
1.3 KiB
Go
42 lines
1.3 KiB
Go
// Copyright 2021 the Pinniped contributors. All Rights Reserved.
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
// Package authenticators contains authenticator interfaces.
|
|
package authenticators
|
|
|
|
import (
|
|
"context"
|
|
|
|
"k8s.io/apiserver/pkg/authentication/user"
|
|
)
|
|
|
|
// This interface is similar to the k8s token authenticator, but works with username/passwords instead
|
|
// of a single token string.
|
|
//
|
|
// The return values should be as follows.
|
|
// 1. For a successful authentication:
|
|
// - A response which includes the username, uid, and groups in the userInfo. The username and uid must not be blank.
|
|
// - true
|
|
// - nil error
|
|
// 2. For an unsuccessful authentication, e.g. bad username or password:
|
|
// - nil response
|
|
// - false
|
|
// - nil error
|
|
// 3. For an unexpected error, e.g. a network problem:
|
|
// - nil response
|
|
// - false
|
|
// - an error
|
|
// Other combinations of return values must be avoided.
|
|
//
|
|
// See k8s.io/apiserver/pkg/authentication/authenticator/interfaces.go for the token authenticator
|
|
// interface, as well as the Response type.
|
|
type UserAuthenticator interface {
|
|
AuthenticateUser(ctx context.Context, username, password string) (*Response, bool, error)
|
|
}
|
|
|
|
type Response struct {
|
|
User user.Info
|
|
DN string
|
|
ExtraRefreshAttributes map[string]string
|
|
}
|