rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-08-31 22:46:25 +00:00
Code Issues Releases Wiki Activity

Add support for Kubernetes API Authn Webhook

Browse Source 
Allow multiple authn strategies to be defined, including new 'webhook'
strategy. Webhook strategy configuration contains the contents of the
authentication webhook file as well as the cache timeout period.

This change allows a Kubernetes API Auth service to authenticate
user requests without proxying through the Rancher server.
This commit is contained in:
Erik Wilson
2018-12-28 09:41:37 -07:00
committed by Craig Jellick
parent 30d8c8a30f
commit e04b7d4413
9 changed files with 162 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
cluster/validation.go
View File

@@ -39,8 +39,17 @@ func (c *Cluster) ValidateCluster() error {
}
func validateAuthOptions(c *Cluster) error {
if c.Authentication.Strategy != DefaultAuthStrategy {
return fmt.Errorf("Authentication strategy [%s] is not supported", c.Authentication.Strategy)
for strategy, enabled := range c.AuthnStrategies {
if !enabled {
continue
}
strategy = strings.ToLower(strategy)
if strategy != AuthnX509Provider && strategy != AuthnWebhookProvider {
return fmt.Errorf("Authentication strategy [%s] is not supported", strategy)
}
}
if !c.AuthnStrategies[AuthnX509Provider] {
return fmt.Errorf("Authentication strategy must contain [%s]", AuthnX509Provider)
}
return nil
}