workloadidentity

package
v1.110.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 11, 2024 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func JWKS added in v1.105.0

func JWKS(publicKeys ...any) ([]byte, error)

JWKS builds the content for the JWKS discovery document from the provided public keys.

func NewTokenIssuer

func NewTokenIssuer(signingKey any, issuer string, minDuration, maxDuration int64) (*tokenIssuer, error)

NewTokenIssuer creates new JSON Web Token issuer.

func OpenIDConfig added in v1.105.0

func OpenIDConfig(issuerURL string, publicKeys ...any) ([]byte, error)

OpenIDConfig builds the content for the openid configuration discovery document from the provided issuer URL and public keys.

Types

type Secret added in v1.103.0

type Secret struct {
	// contains filtered or unexported fields
}

Secret wraps *corev1.Secret and represents an object which will be used by workloads to request a token for a specific securityv1alpha1.WorkloadIdentity. The created secret is properly annotated and labeled so that the token requestor controller for workload identities will pick it up and keep a valid workload identity token stored in it.

func NewSecret added in v1.103.0

func NewSecret(name, namespace string, opts ...SecretOption) (*Secret, error)

NewSecret creates a new workload identity secret that will be recognized by the token requestor controller for workload identities which will keep a valid workload identity token stored in it.

func (*Secret) Reconcile added in v1.103.0

func (s *Secret) Reconcile(ctx context.Context, c client.Client) error

Reconcile creates or patches the workload identity secret. Based on the struct configuration, it adds annotations and labels that are recognized by the token requestor controller for workload identities.

type SecretOption added in v1.103.0

type SecretOption func(*Secret) error

SecretOption represents a function that is used to configure Secret during creation.

func For added in v1.103.0

func For(workloadIdentityName, workloadIdentityNamespace, workloadIdentityProviderType string) SecretOption

For is an option that correlates the workload identity secret with a specific workload identity. This option is required upon creation of such secret.

func WithAnnotations added in v1.103.0

func WithAnnotations(annotations map[string]string) SecretOption

WithAnnotations is an option that can be used to set additional annotations to the workload identity secret which are not necessarily correlated with workload identity specific logic.

func WithContextObject added in v1.103.0

func WithContextObject(contextObject securityv1alpha1.ContextObject) SecretOption

WithContextObject is an option that can be used to indicate to the token requestor controller for workload identities that requested tokens are going to be used in the context of the passed object.

func WithLabels added in v1.103.0

func WithLabels(labels map[string]string) SecretOption

WithLabels is an option that can be used to set additional labels to the workload identity secret which are not necessarily correlated with workload identity specific logic.

func WithProviderConfig added in v1.103.0

func WithProviderConfig(providerConfig *runtime.RawExtension) SecretOption

WithProviderConfig is an option that can be used to store provider specific information in the workload identity secret.

type TokenIssuer

type TokenIssuer interface {
	// IssueToken generates JSON Web Token based on the provided subject, audiences, duration and claims.
	// It returns the token and its expiration time if successfully generated
	IssueToken(sub string, aud []string, duration int64, claims ...any) (string, *time.Time, error)
}

TokenIssuer is an interface for JSON Web Token issuers.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL