-
Notifications
You must be signed in to change notification settings - Fork 4.7k
/
authenticate.go
53 lines (41 loc) · 1.72 KB
/
authenticate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
/*
Copyright 2020 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package bootstrap
import (
"context"
"errors"
"net/http"
)
var ErrAlreadyExists = errors.New("node already exists")
// Authenticator generates authentication credentials for requests.
type Authenticator interface {
CreateToken(body []byte) (string, error)
}
// VerifyResult is the result of a successfully verified request.
type VerifyResult struct {
// Nodename is the name that this node is authorized to use.
NodeName string
// InstanceGroupName is the name of the kops InstanceGroup this node is a member of.
InstanceGroupName string
// CertificateNames is the alternate names the node is authorized to use for certificates.
CertificateNames []string
// ChallengeEndpoint is a valid endpoints to which we should issue a challenge request,
// corresponding to the node the request identified as.
// This should be sourced from e.g. the cloud, and acts as a cross-check
// that this is the correct instance.
ChallengeEndpoint string
}
// Verifier verifies authentication credentials for requests.
type Verifier interface {
VerifyToken(ctx context.Context, rawRequest *http.Request, token string, body []byte, useInstanceIDForNodeName bool) (*VerifyResult, error)
}