forked from kyma-project/kyma
/
delegating.go
28 lines (22 loc) · 951 Bytes
/
delegating.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
package authn
import (
"errors"
"time"
"k8s.io/apiserver/pkg/authentication/authenticator"
"k8s.io/apiserver/pkg/authentication/authenticatorfactory"
authenticationclient "k8s.io/client-go/kubernetes/typed/authentication/v1beta1"
)
// NewDelegatingAuthenticator creates an authenticator compatible with the kubelet's needs
func NewDelegatingAuthenticator(client authenticationclient.TokenReviewInterface, authn *AuthnConfig) (authenticator.Request, error) {
if client == nil {
return nil, errors.New("tokenAccessReview client not provided, cannot use webhook authentication")
}
authenticatorConfig := authenticatorfactory.DelegatingAuthenticatorConfig{
Anonymous: false, // always require authentication
CacheTTL: 2 * time.Minute,
ClientCAFile: authn.X509.ClientCAFile,
TokenAccessReviewClient: client,
}
authenticator, _, err := authenticatorConfig.New()
return authenticator, err
}