github.com/verrazzano/verrazzano@v1.7.0/authproxy/src/auth/types.go

github.com/verrazzano/verrazzano@v1.7.0/authproxy/src/auth/types.go (about)

     1  // Copyright (c) 2023, Oracle and/or its affiliates.
     2  // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     3  
     4  package auth
     5  
     6  import (
     7  	"context"
     8  	"net/http"
     9  	"sync/atomic"
    10  
    11  	"github.com/coreos/go-oidc/v3/oidc"
    12  	"github.com/hashicorp/go-retryablehttp"
    13  	"go.uber.org/zap"
    14  	k8sclient "sigs.k8s.io/controller-runtime/pkg/client"
    15  )
    16  
    17  // Authenticator is the interface implemented by OIDCAuthenticator
    18  type Authenticator interface {
    19  	AuthenticateToken(ctx context.Context, token string) (bool, error)
    20  	AuthenticateRequest(req *http.Request, rw http.ResponseWriter) (bool, error)
    21  	SetCallbackURL(url string)
    22  }
    23  
    24  // OIDCAuthenticator authenticates incoming requests against the Identity Provider
    25  type OIDCAuthenticator struct {
    26  	k8sClient        k8sclient.Client
    27  	oidcConfig       *OIDCConfiguration
    28  	client           *retryablehttp.Client
    29  	ExternalProvider *oidc.Provider
    30  	verifier         atomic.Value
    31  	Log              *zap.SugaredLogger
    32  }
    33  
    34  var _ Authenticator = &OIDCAuthenticator{}
    35  
    36  // OIDCConfiguration holds the data necessary to configure the OIDC interface
    37  type OIDCConfiguration struct {
    38  	ExternalURL string
    39  	ServiceURL  string
    40  	ClientID    string
    41  	CallbackURL string
    42  }
    43  
    44  // ImpersonationHeaders returns the user and group impersonation headers from JWT tokens
    45  type ImpersonationHeaders struct {
    46  	User   string   `json:"preferred_username"`
    47  	Groups []string `json:"groups"`
    48  }