github.com/tigera/api@v0.0.0-20240320170621-278e89a8c5fb/pkg/apis/projectcalico/v3/authenticationreview.go

github.com/tigera/api@v0.0.0-20240320170621-278e89a8c5fb/pkg/apis/projectcalico/v3/authenticationreview.go (about)

     1  // Copyright (c) 2019,2021 Tigera, Inc. All rights reserved.
     2  
     3  package v3
     4  
     5  // The contents of this file create the model for how to do authorization header exchanges with the tigera-apiserver for
     6  // the purpose of authentication and obtaining user info. However, no storage is required for achieving this and no
     7  // libcalico client code will be created for the purpose of doing so.
     8  // The tigera-apiserver will expose a create method just like k8s has for the TokenReviews api. A call to this endpoint
     9  // will only reach the api-server if a valid authorization header is added to the request, otherwise the k8s api-server
    10  // will respond directly with a 40x. If the request header is valid, the tigera-apiserver obtains the user information
    11  // automatically from the k8s-apiserver and then return it in the AuthenticationReviewStatus.
    12  // Since the response is entirely based on the authorization header, the generated client is not very suitable for
    13  // interacting with this api. It would mean a new client config has to be created for each incoming request. By creating
    14  // a separate client dedicated to authn only, simpler and easier-to-maintain code can be created.
    15  
    16  import (
    17  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    18  )
    19  
    20  const (
    21  	KindAuthenticationReview     = "AuthenticationReview"
    22  	KindAuthenticationReviewList = "AuthenticationReviewList"
    23  )
    24  
    25  // +genclient:nonNamespaced
    26  // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
    27  
    28  // AuthenticationReviewList is a list of AuthenticationReview objects.
    29  type AuthenticationReviewList struct {
    30  	metav1.TypeMeta `json:",inline"`
    31  	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
    32  
    33  	Items []AuthenticationReview `json:"items" protobuf:"bytes,2,rep,name=items"`
    34  }
    35  
    36  // +genclient
    37  // +genclient:nonNamespaced
    38  // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
    39  
    40  type AuthenticationReview struct {
    41  	metav1.TypeMeta   `json:",inline"`
    42  	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
    43  
    44  	Status AuthenticationReviewStatus `json:"status,omitempty" protobuf:"bytes,2,opt,name=status"`
    45  }
    46  
    47  type AuthenticationReviewStatus struct {
    48  	Name   string              `json:"name,omitempty" validate:"omitempty"`
    49  	UID    string              `json:"uid,omitempty" validate:"omitempty"`
    50  	Groups []string            `json:"groups,omitempty" validate:"omitempty"`
    51  	Extra  map[string][]string `json:"extra,omitempty" validate:"omitempty"`
    52  }
    53  
    54  // New AuthenticationReview creates a new (zeroed) AuthenticationReview struct with the TypeMetadata
    55  // initialized to the current version.
    56  func NewAuthenticationReview() *AuthenticationReview {
    57  	return &AuthenticationReview{
    58  		TypeMeta: metav1.TypeMeta{
    59  			Kind:       KindAuthenticationReview,
    60  			APIVersion: GroupVersionCurrent,
    61  		},
    62  	}
    63  }