Skip to content

Instantly share code, notes, and snippets.

@pweil-
Created May 1, 2018 15:35
Show Gist options
  • Save pweil-/7f05fc55f0cba296e28fad4d89b3440f to your computer and use it in GitHub Desktop.
Save pweil-/7f05fc55f0cba296e28fad4d89b3440f to your computer and use it in GitHub Desktop.
// OpenShiftConfig holds configuration for OpenShift
type OpenShiftConfig struct {
KubernetesConfig *KubernetesConfig `json:"kubernetesConfig,omitempty"`
// ClusterUsername and ClusterPassword are temporary before AAD
// authentication is enabled, and will be removed subsequently.
ClusterUsername string `json:"clusterUsername,omitempty"`
ClusterPassword string `json:"clusterPassword,omitempty"`
ConfigBundles map[string][]byte `json:"-"`
ExternalMasterHostname string `json:"-"`
RouterLBHostname string `json:"-"`
// OAuthConfig, if present start the /oauth endpoint in this process
OAuthConfig *OAuthConfig
}
type OAuthConfig struct {
//IdentityProviders is an ordered list of ways for a user to identify themselves
IdentityProviders []IdentityProvider
}
type IdentityProvider struct {
// Name is used to qualify the identities returned by this provider
Name string
// UseAsChallenger indicates whether to issue WWW-Authenticate challenges for this provider
UseAsChallenger bool
// UseAsLogin indicates whether to use this identity provider for unauthenticated browsers to login against
UseAsLogin bool
// MappingMethod determines how identities from this provider are mapped to users
MappingMethod string
// Provider contains the information about how to set up a specific identity provider
Provider runtime.Object
}
type HTPasswdPasswordIdentityProvider struct {
// File is a reference to your htpasswd file
File string
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type LDAPPasswordIdentityProvider struct {
// URL is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is
// ldap://host:port/basedn?attribute?scope?filter
URL string
// BindDN is an optional DN to bind with during the search phase.
BindDN string
// BindPassword is an optional password to bind with during the search phase.
BindPassword StringSource
// Insecure, if true, indicates the connection should not use TLS.
// Cannot be set to true with a URL scheme of "ldaps://"
// If false, "ldaps://" URLs connect using TLS, and "ldap://" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830
Insecure bool
// CA is the optional trusted certificate authority bundle to use when making requests to the server
// If empty, the default system roots are used
CA string
// Attributes maps LDAP attributes to identities
Attributes LDAPAttributeMapping
}
type LDAPAttributeMapping struct {
// ID is the list of attributes whose values should be used as the user ID. Required.
// LDAP standard identity attribute is "dn"
ID []string
// PreferredUsername is the list of attributes whose values should be used as the preferred username.
// LDAP standard login attribute is "uid"
PreferredUsername []string
// Name is the list of attributes whose values should be used as the display name. Optional.
// If unspecified, no display name is set for the identity
// LDAP standard display name attribute is "cn"
Name []string
// Email is the list of attributes whose values should be used as the email address. Optional.
// If unspecified, no email is set for the identity
Email []string
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment