Documentation
¶
Index ¶
- func JWKS(publicKeys ...any) ([]byte, error)
- func NewTokenIssuer(signingKey any, issuer string, minDuration, maxDuration int64) (*tokenIssuer, error)
- func OpenIDConfig(issuerURL string, publicKeys ...any) ([]byte, error)
- type Secret
- type SecretOption
- func For(...) SecretOption
- func WithAnnotations(annotations map[string]string) SecretOption
- func WithContextObject(contextObject securityv1alpha1.ContextObject) SecretOption
- func WithLabels(labels map[string]string) SecretOption
- func WithProviderConfig(providerConfig *runtime.RawExtension) SecretOption
- type TokenIssuer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func JWKS ¶ added in v1.105.0
JWKS builds the content for the JWKS discovery document from the provided public keys.
Types ¶
type Secret ¶ added in v1.103.0
type Secret struct {
// contains filtered or unexported fields
}
Secret wraps *corev1.Secret and represents an object which will be used by workloads to request a token for a specific securityv1alpha1.WorkloadIdentity. The created secret is properly annotated and labeled so that the token requestor controller for workload identities will pick it up and keep a valid workload identity token stored in it.
func NewSecret ¶ added in v1.103.0
func NewSecret(name, namespace string, opts ...SecretOption) (*Secret, error)
NewSecret creates a new workload identity secret that will be recognized by the token requestor controller for workload identities which will keep a valid workload identity token stored in it.
type SecretOption ¶ added in v1.103.0
SecretOption represents a function that is used to configure Secret during creation.
func For ¶ added in v1.103.0
func For(workloadIdentityName, workloadIdentityNamespace, workloadIdentityProviderType string) SecretOption
For is an option that correlates the workload identity secret with a specific workload identity. This option is required upon creation of such secret.
func WithAnnotations ¶ added in v1.103.0
func WithAnnotations(annotations map[string]string) SecretOption
WithAnnotations is an option that can be used to set additional annotations to the workload identity secret which are not necessarily correlated with workload identity specific logic.
func WithContextObject ¶ added in v1.103.0
func WithContextObject(contextObject securityv1alpha1.ContextObject) SecretOption
WithContextObject is an option that can be used to indicate to the token requestor controller for workload identities that requested tokens are going to be used in the context of the passed object.
func WithLabels ¶ added in v1.103.0
func WithLabels(labels map[string]string) SecretOption
WithLabels is an option that can be used to set additional labels to the workload identity secret which are not necessarily correlated with workload identity specific logic.
func WithProviderConfig ¶ added in v1.103.0
func WithProviderConfig(providerConfig *runtime.RawExtension) SecretOption
WithProviderConfig is an option that can be used to store provider specific information in the workload identity secret.
type TokenIssuer ¶
type TokenIssuer interface {
// IssueToken generates JSON Web Token based on the provided subject, audiences, duration and claims.
// It returns the token and its expiration time if successfully generated
IssueToken(sub string, aud []string, duration int64, claims ...any) (string, *time.Time, error)
}
TokenIssuer is an interface for JSON Web Token issuers.
Source Files