Matthias Andreas Benkard | 832a54e | 2019-01-29 09:27:38 +0100 | [diff] [blame] | 1 | /* |
| 2 | Copyright 2014 The Kubernetes Authors. |
| 3 | |
| 4 | Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | you may not use this file except in compliance with the License. |
| 6 | You may obtain a copy of the License at |
| 7 | |
| 8 | http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | |
| 10 | Unless required by applicable law or agreed to in writing, software |
| 11 | distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | See the License for the specific language governing permissions and |
| 14 | limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package authenticatorfactory |
| 18 | |
| 19 | type RequestHeaderConfig struct { |
| 20 | // UsernameHeaders are the headers to check (in order, case-insensitively) for an identity. The first header with a value wins. |
| 21 | UsernameHeaders []string |
| 22 | // GroupHeaders are the headers to check (case-insensitively) for a group names. All values will be used. |
| 23 | GroupHeaders []string |
| 24 | // ExtraHeaderPrefixes are the head prefixes to check (case-insentively) for filling in |
| 25 | // the user.Info.Extra. All values of all matching headers will be added. |
| 26 | ExtraHeaderPrefixes []string |
| 27 | // ClientCA points to CA bundle file which is used verify the identity of the front proxy |
| 28 | ClientCA string |
| 29 | // AllowedClientNames is a list of common names that may be presented by the authenticating front proxy. Empty means: accept any. |
| 30 | AllowedClientNames []string |
| 31 | } |