| /* |
| Copyright 2014 The Kubernetes Authors. |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| */ |
| |
| package user |
| |
| // Info describes a user that has been authenticated to the system. |
| type Info interface { |
| // GetName returns the name that uniquely identifies this user among all |
| // other active users. |
| GetName() string |
| // GetUID returns a unique value for a particular user that will change |
| // if the user is removed from the system and another user is added with |
| // the same name. |
| GetUID() string |
| // GetGroups returns the names of the groups the user is a member of |
| GetGroups() []string |
| |
| // GetExtra can contain any additional information that the authenticator |
| // thought was interesting. One example would be scopes on a token. |
| // Keys in this map should be namespaced to the authenticator or |
| // authenticator/authorizer pair making use of them. |
| // For instance: "example.org/foo" instead of "foo" |
| // This is a map[string][]string because it needs to be serializeable into |
| // a SubjectAccessReviewSpec.authorization.k8s.io for proper authorization |
| // delegation flows |
| // In order to faithfully round-trip through an impersonation flow, these keys |
| // MUST be lowercase. |
| GetExtra() map[string][]string |
| } |
| |
| // DefaultInfo provides a simple user information exchange object |
| // for components that implement the UserInfo interface. |
| type DefaultInfo struct { |
| Name string |
| UID string |
| Groups []string |
| Extra map[string][]string |
| } |
| |
| func (i *DefaultInfo) GetName() string { |
| return i.Name |
| } |
| |
| func (i *DefaultInfo) GetUID() string { |
| return i.UID |
| } |
| |
| func (i *DefaultInfo) GetGroups() []string { |
| return i.Groups |
| } |
| |
| func (i *DefaultInfo) GetExtra() map[string][]string { |
| return i.Extra |
| } |
| |
| // well-known user and group names |
| const ( |
| SystemPrivilegedGroup = "system:masters" |
| NodesGroup = "system:nodes" |
| AllUnauthenticated = "system:unauthenticated" |
| AllAuthenticated = "system:authenticated" |
| |
| Anonymous = "system:anonymous" |
| APIServerUser = "system:apiserver" |
| |
| // core kubernetes process identities |
| KubeProxy = "system:kube-proxy" |
| KubeControllerManager = "system:kube-controller-manager" |
| KubeScheduler = "system:kube-scheduler" |
| ) |