Created
May 1, 2018 15:35
-
-
Save pweil-/7f05fc55f0cba296e28fad4d89b3440f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// OpenShiftConfig holds configuration for OpenShift | |
type OpenShiftConfig struct { | |
KubernetesConfig *KubernetesConfig `json:"kubernetesConfig,omitempty"` | |
// ClusterUsername and ClusterPassword are temporary before AAD | |
// authentication is enabled, and will be removed subsequently. | |
ClusterUsername string `json:"clusterUsername,omitempty"` | |
ClusterPassword string `json:"clusterPassword,omitempty"` | |
ConfigBundles map[string][]byte `json:"-"` | |
ExternalMasterHostname string `json:"-"` | |
RouterLBHostname string `json:"-"` | |
// OAuthConfig, if present start the /oauth endpoint in this process | |
OAuthConfig *OAuthConfig | |
} | |
type OAuthConfig struct { | |
//IdentityProviders is an ordered list of ways for a user to identify themselves | |
IdentityProviders []IdentityProvider | |
} | |
type IdentityProvider struct { | |
// Name is used to qualify the identities returned by this provider | |
Name string | |
// UseAsChallenger indicates whether to issue WWW-Authenticate challenges for this provider | |
UseAsChallenger bool | |
// UseAsLogin indicates whether to use this identity provider for unauthenticated browsers to login against | |
UseAsLogin bool | |
// MappingMethod determines how identities from this provider are mapped to users | |
MappingMethod string | |
// Provider contains the information about how to set up a specific identity provider | |
Provider runtime.Object | |
} | |
type HTPasswdPasswordIdentityProvider struct { | |
// File is a reference to your htpasswd file | |
File string | |
} | |
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object | |
type LDAPPasswordIdentityProvider struct { | |
// URL is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is | |
// ldap://host:port/basedn?attribute?scope?filter | |
URL string | |
// BindDN is an optional DN to bind with during the search phase. | |
BindDN string | |
// BindPassword is an optional password to bind with during the search phase. | |
BindPassword StringSource | |
// Insecure, if true, indicates the connection should not use TLS. | |
// Cannot be set to true with a URL scheme of "ldaps://" | |
// If false, "ldaps://" URLs connect using TLS, and "ldap://" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830 | |
Insecure bool | |
// CA is the optional trusted certificate authority bundle to use when making requests to the server | |
// If empty, the default system roots are used | |
CA string | |
// Attributes maps LDAP attributes to identities | |
Attributes LDAPAttributeMapping | |
} | |
type LDAPAttributeMapping struct { | |
// ID is the list of attributes whose values should be used as the user ID. Required. | |
// LDAP standard identity attribute is "dn" | |
ID []string | |
// PreferredUsername is the list of attributes whose values should be used as the preferred username. | |
// LDAP standard login attribute is "uid" | |
PreferredUsername []string | |
// Name is the list of attributes whose values should be used as the display name. Optional. | |
// If unspecified, no display name is set for the identity | |
// LDAP standard display name attribute is "cn" | |
Name []string | |
// Email is the list of attributes whose values should be used as the email address. Optional. | |
// If unspecified, no email is set for the identity | |
Email []string | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment