c6c2c525a6
Also fix some tests that were broken by bumping golang and dependencies in the previous commits. Note that in addition to changes made to satisfy the linter which do not impact the behavior of the code, this commit also adds ReadHeaderTimeout to all usages of http.Server to satisfy the linter (and because it seemed like a good suggestion).
42 lines
1.3 KiB
Go
42 lines
1.3 KiB
Go
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
// Package authenticators contains authenticator interfaces.
|
|
package authenticators
|
|
|
|
import (
|
|
"context"
|
|
|
|
"k8s.io/apiserver/pkg/authentication/user"
|
|
)
|
|
|
|
// UserAuthenticator is an interface is similar to the k8s token authenticator, but works with username/passwords instead
|
|
// of a single token string.
|
|
//
|
|
// The return values should be as follows.
|
|
// 1. For a successful authentication:
|
|
// - A response which includes the username, uid, and groups in the userInfo. The username and uid must not be blank.
|
|
// - true
|
|
// - nil error
|
|
// 2. For an unsuccessful authentication, e.g. bad username or password:
|
|
// - nil response
|
|
// - false
|
|
// - nil error
|
|
// 3. For an unexpected error, e.g. a network problem:
|
|
// - nil response
|
|
// - false
|
|
// - an error
|
|
// Other combinations of return values must be avoided.
|
|
//
|
|
// See k8s.io/apiserver/pkg/authentication/authenticator/interfaces.go for the token authenticator
|
|
// interface, as well as the Response type.
|
|
type UserAuthenticator interface {
|
|
AuthenticateUser(ctx context.Context, username, password string) (*Response, bool, error)
|
|
}
|
|
|
|
type Response struct {
|
|
User user.Info
|
|
DN string
|
|
ExtraRefreshAttributes map[string]string
|
|
}
|