forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
removetokenreview.go
52 lines (43 loc) · 1.36 KB
/
removetokenreview.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
package remotetokenreview
import (
"errors"
"k8s.io/kubernetes/pkg/apis/authentication"
"k8s.io/kubernetes/pkg/auth/user"
internalauthentication "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/authentication/internalversion"
)
type Authenticator struct {
authenticationClient internalauthentication.TokenReviewsGetter
}
// NewAuthenticator authenticates by doing a tokenreview
func NewAuthenticator(authenticationClient internalauthentication.TokenReviewsGetter) (*Authenticator, error) {
return &Authenticator{
authenticationClient: authenticationClient,
}, nil
}
func (a *Authenticator) AuthenticateToken(value string) (user.Info, bool, error) {
if len(value) == 0 {
return nil, false, nil
}
tokenReview := &authentication.TokenReview{}
tokenReview.Spec.Token = value
response, err := a.authenticationClient.TokenReviews().Create(tokenReview)
if err != nil {
return nil, false, err
}
if len(response.Status.Error) > 0 {
return nil, false, errors.New(response.Status.Error)
}
if !response.Status.Authenticated {
return nil, false, nil
}
userInfo := &user.DefaultInfo{
Name: response.Status.User.Username,
UID: response.Status.User.UID,
Groups: response.Status.User.Groups,
Extra: map[string][]string{},
}
for k, v := range response.Status.User.Extra {
userInfo.Extra[k] = v
}
return userInfo, true, nil
}