diff --git a/crates/stackable-operator/src/commons/authentication/kerberos.rs b/crates/stackable-operator/src/commons/authentication/kerberos.rs new file mode 100644 index 000000000..412a9e8be --- /dev/null +++ b/crates/stackable-operator/src/commons/authentication/kerberos.rs @@ -0,0 +1,12 @@ +use schemars::JsonSchema; +use serde::{Deserialize, Serialize}; + +#[derive( + Clone, Debug, Deserialize, Eq, Hash, JsonSchema, Ord, PartialEq, PartialOrd, Serialize, +)] +#[serde(rename_all = "camelCase")] +pub struct AuthenticationProvider { + /// Mandatory secret class used for producing keytabs. + #[serde(default)] + pub kerberos_secret_class: String, +} diff --git a/crates/stackable-operator/src/commons/authentication/mod.rs b/crates/stackable-operator/src/commons/authentication/mod.rs index b5356b512..581e70613 100644 --- a/crates/stackable-operator/src/commons/authentication/mod.rs +++ b/crates/stackable-operator/src/commons/authentication/mod.rs @@ -6,6 +6,7 @@ use strum::Display; use crate::client::Client; +pub mod kerberos; pub mod ldap; pub mod oidc; pub mod static_; @@ -77,6 +78,9 @@ pub enum AuthenticationClassProvider { /// The [TLS provider](DOCS_BASE_URL_PLACEHOLDER/concepts/authentication#_tls). /// The TLS AuthenticationClass is used when users should authenticate themselves with a TLS certificate. Tls(tls::AuthenticationProvider), + + /// The Kerberos provider is used for Kerberos authentication and defines the secret used for generating keytabs. + Kerberos(kerberos::AuthenticationProvider), } impl AuthenticationClass { @@ -183,6 +187,13 @@ mod tests { let tls_provider = AuthenticationClassProvider::Tls(AuthenticationProvider { client_cert_secret_class: None, }); - assert_eq!("Tls", tls_provider.to_string()) + assert_eq!("Tls", tls_provider.to_string()); + + let kerberos_provider = AuthenticationClassProvider::Kerberos( + crate::commons::authentication::kerberos::AuthenticationProvider { + kerberos_secret_class: "kerberos".to_string(), + }, + ); + assert_eq!("Kerberos", kerberos_provider.to_string()); } }