serviceaccount

package
v0.3.7-alpha.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 1, 2023 License: MPL-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// Injected bound service account token expiration which triggers monitoring of its time-bound feature.
	WarnOnlyBoundTokenExpirationSeconds = 60*60 + 7

	// Extended expiration for those modified tokens involved in safe rollout if time-bound feature.
	ExpirationExtensionSeconds = 24 * 365 * 60 * 60
)

Variables

This section is empty.

Functions

func Claims

func Claims(sa corev1.ServiceAccount, pod *corev1.Pod, secret *corev1.Secret, expirationSeconds, warnafter int64, audience []string) (*jwt.Claims, interface{})

Types

type TokenGenerator

type TokenGenerator interface {
	// GenerateToken generates a token which will identify the given
	// ServiceAccount. privateClaims is an interface that will be
	// serialized into the JWT payload JSON encoding at the root level of
	// the payload object. Public claims take precedent over private
	// claims i.e. if both claims and privateClaims have an "exp" field,
	// the value in claims will be used.
	GenerateToken(claims *jwt.Claims, privateClaims interface{}) (string, error)
}

func JWTTokenGenerator

func JWTTokenGenerator(iss string, privateKey interface{}) (TokenGenerator, error)

JWTTokenGenerator returns a TokenGenerator that generates signed JWT tokens, using the given privateKey. privateKey is a PEM-encoded byte array of a private RSA key.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL