"k8s.io/kubernetes/pkg/util/sets"
authapi "github.com/openshift/origin/pkg/auth/api"
userapi "github.com/openshift/origin/pkg/user/api"
identityregistry "github.com/openshift/origin/pkg/user/registry/identity"
userregistry "github.com/openshift/origin/pkg/user/registry/user"
)
// UserForNewIdentityGetter is responsible for creating or locating the persisted User for the given Identity.
// The preferredUserName is available to the strategies
type UserForNewIdentityGetter interface {
// UserForNewIdentity returns a persisted User object for the given Identity, creating it if needed
UserForNewIdentity(ctx kapi.Context, preferredUserName string, identity *userapi.Identity) (*userapi.User, error)
}
var _ = authapi.UserIdentityMapper(&provisioningIdentityMapper{})
// provisioningIdentityMapper implements api.UserIdentityMapper
// If an existing UserIdentityMapping exists for an identity, it is returned.
// If an identity does not exist, it creates an Identity referencing the user returned from provisioningStrategy.UserForNewIdentity
// Otherwise an error is returned
type provisioningIdentityMapper struct {
identity identityregistry.Registry
user userregistry.Registry
provisioningStrategy UserForNewIdentityGetter
}
// UserFor returns info about the user for whom identity info have been provided
func (p *provisioningIdentityMapper) UserFor(info authapi.UserIdentityInfo) (kuser.Info, error) {
// Retrying up to three times lets us handle race conditions with up to two conflicting identity providers without returning an error
// * A single race is possible on user creation for every conflicting identity provider
package identitymapper
import (
kapi "k8s.io/kubernetes/pkg/api"
kuser "k8s.io/kubernetes/pkg/auth/user"
authapi "github.com/openshift/origin/pkg/auth/api"
"github.com/openshift/origin/pkg/user/registry/user"
"github.com/openshift/origin/pkg/user/registry/useridentitymapping"
)
var _ = authapi.UserIdentityMapper(&lookupIdentityMapper{})
// lookupIdentityMapper does not provision a new identity or user, it only allows identities already associated with users
type lookupIdentityMapper struct {
mappings useridentitymapping.Registry
users user.Registry
}
// UserFor returns info about the user for whom identity info has been provided
func (p *lookupIdentityMapper) UserFor(info authapi.UserIdentityInfo) (kuser.Info, error) {
ctx := kapi.NewContext()
mapping, err := p.mappings.GetUserIdentityMapping(ctx, info.GetIdentityName())
if err != nil {
return nil, err
}
u, err := p.users.GetUser(ctx, mapping.User.Name)
if err != nil {
return nil, err
