serviceaccount

package

v1.10.0-alpha.2...-72cec4d Latest Latest Go to latest Published: Feb 7, 2018 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/roboll/kubernetes

Documentation ¶

Index ¶

Constants
func InternalIsServiceAccountToken(secret *api.Secret, sa *api.ServiceAccount) bool
func IsServiceAccountToken(secret *v1.Secret, sa *v1.ServiceAccount) bool
func JWTTokenAuthenticator(iss string, keys []interface{}, lookup bool, getter ServiceAccountTokenGetter) authenticator.Token
func LegacyClaims(serviceAccount v1.ServiceAccount, secret v1.Secret) (*jwt.Claims, interface{})
func UserInfo(namespace, name, uid string) user.Info
type ServiceAccountTokenGetter
type TokenGenerator
- func JWTTokenGenerator(iss string, privateKey interface{}) TokenGenerator
type Validator

Constants ¶

View Source

const LegacyIssuer = "kubernetes/serviceaccount"

Variables ¶

This section is empty.

Functions ¶

func InternalIsServiceAccountToken ¶

func InternalIsServiceAccountToken(secret *api.Secret, sa *api.ServiceAccount) bool

TODO: remove the duplicate code InternalIsServiceAccountToken returns true if the secret is a valid api token for the service account

func IsServiceAccountToken ¶

func IsServiceAccountToken(secret *v1.Secret, sa *v1.ServiceAccount) bool

IsServiceAccountToken returns true if the secret is a valid api token for the service account

func JWTTokenAuthenticator ¶

func JWTTokenAuthenticator(iss string, keys []interface{}, lookup bool, getter ServiceAccountTokenGetter) authenticator.Token

JWTTokenAuthenticator authenticates tokens as JWT tokens produced by JWTTokenGenerator Token signatures are verified using each of the given public keys until one works (allowing key rotation) If lookup is true, the service account and secret referenced as claims inside the token are retrieved and verified with the provided ServiceAccountTokenGetter

func LegacyClaims ¶

func LegacyClaims(serviceAccount v1.ServiceAccount, secret v1.Secret) (*jwt.Claims, interface{})

func UserInfo ¶

func UserInfo(namespace, name, uid string) user.Info

UserInfo returns a user.Info interface for the given namespace, service account name and UID

Types ¶

type ServiceAccountTokenGetter ¶

type ServiceAccountTokenGetter interface {
	GetServiceAccount(namespace, name string) (*v1.ServiceAccount, error)
	GetSecret(namespace, name string) (*v1.Secret, error)
}

ServiceAccountTokenGetter defines functions to retrieve a named service account and secret

type TokenGenerator ¶

type TokenGenerator interface {
	// GenerateToken generates a token which will identify the given
	// ServiceAccount. privateClaims is an interface that will be
	// serialized into the JWT payload JSON encoding at the root level of
	// the payload object. Public claims take precedent over private
	// claims i.e. if both claims and privateClaims have an "exp" field,
	// the value in claims will be used.
	GenerateToken(claims *jwt.Claims, privateClaims interface{}) (string, error)
}

func JWTTokenGenerator ¶

func JWTTokenGenerator(iss string, privateKey interface{}) TokenGenerator

JWTTokenGenerator returns a TokenGenerator that generates signed JWT tokens, using the given privateKey. privateKey is a PEM-encoded byte array of a private RSA key. JWTTokenAuthenticator()

type Validator ¶

type Validator interface {
	Validate(tokenData string, public *jwt.Claims, private *legacyPrivateClaims) error
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL