Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add auth delegation utilities #778

Closed
wants to merge 4 commits into from
Closed

Add auth delegation utilities #778

wants to merge 4 commits into from

Conversation

MikailBag
Copy link
Contributor

Motivation

Applications usually perform some authentication & authorization, and for kubernetes-native apps it makes sense to leverage apiserver for that, e.g. this is recommended for the extension API servers.

Solution

This PR adds simple high-level client together with SubjectAccessReview builders.

Additionally, while I was writing an example, I realized that currently it is not possible to create subresources, so I added a method for this in a separate commit.

@MikailBag
Add create_subresource method
5aab09e 
Signed-off-by: Mikail Bagishov <[email protected]>
@MikailBag
Add utilities for authn & authz delegation
afab901 
Signed-off-by: Mikail Bagishov <[email protected]>
@MikailBag
Add example
2dbd810 
Signed-off-by: Mikail Bagishov <[email protected]>
@MikailBag
Add doc tests
647233e 
Signed-off-by: Mikail Bagishov <[email protected]>
@codecov-commenter
Copy link

Codecov Report

Merging #778 (647233e) into master (4d991fe) will decrease coverage by 1.69%.
The diff coverage is 0.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #778      +/-   ##
==========================================
- Coverage   71.99%   70.29%   -1.70%     
==========================================
  Files          54       55       +1     
  Lines        3631     3720      +89     
==========================================
+ Hits         2614     2615       +1     
- Misses       1017     1105      +88
Impacted Files Coverage Δ
kube-client/src/lib.rs 92.80% <ø> (ø)
kube-client/src/util/auth.rs 0.00% <0.00%> (ø)
kube-core/src/request.rs 92.16% <0.00%> (-2.84%) ⬇️
kube/src/lib.rs 87.80% <ø> (ø)
kube-runtime/src/wait.rs 70.00% <0.00%> (+2.00%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4d991fe...647233e. Read the comment docs.

@clux
Copy link
Member

clux commented Jan 8, 2022

Hey, thanks a lot for all of this! I think this makes sense to include a lot of this in kube, and will come back in a day or two to give this a proper review (the tokenreview stuff is all new to me, so need to read through this properly).

Some quick notes:

  • extra subresource create absolutely makes sense
  • authclient and associated enums makes sense
  • the builders for subjectaccessreview possibly makes sense - they might clash with optional builder patterns k8s-pb#9 down the line though 🤔

@MikailBag
Copy link
Contributor Author

I'm going to close this:
builders, while being useful, are probably out-of-scope for kube-rs, and the rest is already implemented in other PRs

@MikailBag MikailBag closed this Oct 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@MikailBag @codecov-commenter @clux