"k8s.io/kubernetes/pkg/util/sets" authapi "github.com/openshift/origin/pkg/auth/api" userapi "github.com/openshift/origin/pkg/user/api" identityregistry "github.com/openshift/origin/pkg/user/registry/identity" userregistry "github.com/openshift/origin/pkg/user/registry/user" ) // UserForNewIdentityGetter is responsible for creating or locating the persisted User for the given Identity. // The preferredUserName is available to the strategies type UserForNewIdentityGetter interface { // UserForNewIdentity returns a persisted User object for the given Identity, creating it if needed UserForNewIdentity(ctx kapi.Context, preferredUserName string, identity *userapi.Identity) (*userapi.User, error) } var _ = authapi.UserIdentityMapper(&provisioningIdentityMapper{}) // provisioningIdentityMapper implements api.UserIdentityMapper // If an existing UserIdentityMapping exists for an identity, it is returned. // If an identity does not exist, it creates an Identity referencing the user returned from provisioningStrategy.UserForNewIdentity // Otherwise an error is returned type provisioningIdentityMapper struct { identity identityregistry.Registry user userregistry.Registry provisioningStrategy UserForNewIdentityGetter } // UserFor returns info about the user for whom identity info have been provided func (p *provisioningIdentityMapper) UserFor(info authapi.UserIdentityInfo) (kuser.Info, error) { // Retrying up to three times lets us handle race conditions with up to two conflicting identity providers without returning an error // * A single race is possible on user creation for every conflicting identity provider
package identitymapper import ( kapi "k8s.io/kubernetes/pkg/api" kuser "k8s.io/kubernetes/pkg/auth/user" authapi "github.com/openshift/origin/pkg/auth/api" "github.com/openshift/origin/pkg/user/registry/user" "github.com/openshift/origin/pkg/user/registry/useridentitymapping" ) var _ = authapi.UserIdentityMapper(&lookupIdentityMapper{}) // lookupIdentityMapper does not provision a new identity or user, it only allows identities already associated with users type lookupIdentityMapper struct { mappings useridentitymapping.Registry users user.Registry } // UserFor returns info about the user for whom identity info has been provided func (p *lookupIdentityMapper) UserFor(info authapi.UserIdentityInfo) (kuser.Info, error) { ctx := kapi.NewContext() mapping, err := p.mappings.GetUserIdentityMapping(ctx, info.GetIdentityName()) if err != nil { return nil, err } u, err := p.users.GetUser(ctx, mapping.User.Name) if err != nil { return nil, err