Documentation
¶
Index ¶
Constants ¶
View Source
const (
ServiceAccountNamePrefix = "system:serviceaccount"
)
Variables ¶
This section is empty.
Functions ¶
func GetIDToken ¶
Types ¶
type TokenReviewValidator ¶
type TokenReviewValidator struct {
// contains filtered or unexported fields
}
TokenReviewValidator validates a Kubernetes Service Account JWT using the Kubernetes TokenRequest API endpoint.
func (*TokenReviewValidator) Validate ¶
func (v *TokenReviewValidator) Validate(ctx context.Context, token string) (*ValidationResult, error)
Validate uses the Kubernetes TokenReview API to validate a token and return its UserInfo
type ValidationResult ¶
type ValidationResult struct {
// Raw contains the underlying information retrieved during the validation
// process. This lets us ensure all pertinent information is presented in
// audit logs.
Raw any `json:"raw"`
// Type indicates which form of validation was performed on the token.
Type types.KubernetesJoinType `json:"type"`
// Username is the Kubernetes username extracted from the identity.
// This will be prepended with `system:serviceaccount:` for service
// accounts.
Username string `json:"username"`
}
func ValidateTokenWithJWKS ¶
func ValidateTokenWithJWKS( now time.Time, jwksData []byte, clusterName string, token string, ) (*ValidationResult, error)
ValidateTokenWithJWKS validates a Kubernetes Service Account JWT using a configured JWKS.
func (*ValidationResult) JoinAuditAttributes ¶
func (c *ValidationResult) JoinAuditAttributes() (map[string]interface{}, error)
JoinAuditAttributes returns a series of attributes that can be inserted into audit events related to a specific join.
Source Files
Click to show internal directories.
Click to hide internal directories.