Documentation ¶
Index ¶
- Constants
- func GetOrCreateServiceAccount(coreClient v1core.CoreV1Interface, namespace, name string) (*v1.ServiceAccount, error)
- func IsServiceAccountToken(secret *v1.Secret, sa *v1.ServiceAccount) bool
- func MakeGroupNames(namespace string) []string
- func MakeNamespaceGroupName(namespace string) string
- func MakeUsername(namespace, name string) string
- func MatchesUsername(namespace, name string, username string) bool
- func SplitUsername(username string) (string, string, error)
- func UserInfo(namespace, name, uid string) user.Info
- type ServiceAccountInfo
Constants ¶
const ( ServiceAccountUsernamePrefix = "system:serviceaccount:" ServiceAccountUsernameSeparator = ":" ServiceAccountGroupPrefix = "system:serviceaccounts:" AllServiceAccountsGroup = "system:serviceaccounts" // PodNameKey is the key used in a user's "extra" to specify the pod name of // the authenticating request. PodNameKey = "authentication.kubernetes.io/pod-name" // PodUIDKey is the key used in a user's "extra" to specify the pod UID of // the authenticating request. PodUIDKey = "authentication.kubernetes.io/pod-uid" )
Variables ¶
This section is empty.
Functions ¶
func GetOrCreateServiceAccount ¶
func GetOrCreateServiceAccount(coreClient v1core.CoreV1Interface, namespace, name string) (*v1.ServiceAccount, error)
func IsServiceAccountToken ¶
func IsServiceAccountToken(secret *v1.Secret, sa *v1.ServiceAccount) bool
IsServiceAccountToken returns true if the secret is a valid api token for the service account
func MakeGroupNames ¶
MakeGroupNames generates service account group names for the given namespace
func MakeNamespaceGroupName ¶
MakeNamespaceGroupName returns the name of the group all service accounts in the namespace are included in
func MakeUsername ¶
MakeUsername generates a username from the given namespace and ServiceAccount name. The resulting username can be passed to SplitUsername to extract the original namespace and ServiceAccount name.
func MatchesUsername ¶
MatchesUsername checks whether the provided username matches the namespace and name without allocating. Use this when checking a service account namespace and name against a known string.
func SplitUsername ¶
SplitUsername returns the namespace and ServiceAccount name embedded in the given username, or an error if the username is not a valid name produced by MakeUsername