k8s.io/apiserver@v0.31.1/pkg/authentication/user/user.go

k8s.io/apiserver@v0.31.1/pkg/authentication/user/user.go (about)

     1  /*
     2  Copyright 2014 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package user
    18  
    19  // Info describes a user that has been authenticated to the system.
    20  type Info interface {
    21  	// GetName returns the name that uniquely identifies this user among all
    22  	// other active users.
    23  	GetName() string
    24  	// GetUID returns a unique value for a particular user that will change
    25  	// if the user is removed from the system and another user is added with
    26  	// the same name.
    27  	GetUID() string
    28  	// GetGroups returns the names of the groups the user is a member of
    29  	GetGroups() []string
    30  
    31  	// GetExtra can contain any additional information that the authenticator
    32  	// thought was interesting.  One example would be scopes on a token.
    33  	// Keys in this map should be namespaced to the authenticator or
    34  	// authenticator/authorizer pair making use of them.
    35  	// For instance: "example.org/foo" instead of "foo"
    36  	// This is a map[string][]string because it needs to be serializeable into
    37  	// a SubjectAccessReviewSpec.authorization.k8s.io for proper authorization
    38  	// delegation flows
    39  	// In order to faithfully round-trip through an impersonation flow, these keys
    40  	// MUST be lowercase.
    41  	GetExtra() map[string][]string
    42  }
    43  
    44  // DefaultInfo provides a simple user information exchange object
    45  // for components that implement the UserInfo interface.
    46  type DefaultInfo struct {
    47  	Name   string
    48  	UID    string
    49  	Groups []string
    50  	Extra  map[string][]string
    51  }
    52  
    53  func (i *DefaultInfo) GetName() string {
    54  	return i.Name
    55  }
    56  
    57  func (i *DefaultInfo) GetUID() string {
    58  	return i.UID
    59  }
    60  
    61  func (i *DefaultInfo) GetGroups() []string {
    62  	return i.Groups
    63  }
    64  
    65  func (i *DefaultInfo) GetExtra() map[string][]string {
    66  	return i.Extra
    67  }
    68  
    69  // well-known user and group names
    70  const (
    71  	SystemPrivilegedGroup = "system:masters"
    72  	NodesGroup            = "system:nodes"
    73  	MonitoringGroup       = "system:monitoring"
    74  	AllUnauthenticated    = "system:unauthenticated"
    75  	AllAuthenticated      = "system:authenticated"
    76  
    77  	Anonymous     = "system:anonymous"
    78  	APIServerUser = "system:apiserver"
    79  
    80  	// core kubernetes process identities
    81  	KubeProxy             = "system:kube-proxy"
    82  	KubeControllerManager = "system:kube-controller-manager"
    83  	KubeScheduler         = "system:kube-scheduler"
    84  )