serviceaccounts

package

v0.8.3 Latest Latest Go to latest Published: Aug 5, 2024 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/matheuscscp/gke-metadata-server

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func GoogleEmail(sa *corev1.ServiceAccount) (string, error)
type Provider
type Reference

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrGKEAnnotationMissing = fmt.Errorf("gke annotation %q missing", gkeAnnotation)
	ErrGKEAnnotationInvalid = fmt.Errorf("gke annotation %q has invalid google service account email", gkeAnnotation)
)

Functions ¶

func GoogleEmail ¶

func GoogleEmail(sa *corev1.ServiceAccount) (string, error)

GoogleEmail returns the Google service account email from the same annotation used in native GKE Workload Identity. The annotation is:

iam.gke.io/gcp-service-account

Types ¶

type Provider ¶

type Provider interface {
	Get(ctx context.Context, ref *Reference) (*corev1.ServiceAccount, error)
}

type Reference ¶ added in v0.7.0

type Reference struct {
	Name      string `json:"name"`
	Namespace string `json:"namespace"`
}

func ReferenceFromNode ¶ added in v0.7.0

func ReferenceFromNode(node *corev1.Node, defaultRef *Reference) *Reference

ReferenceFromNode returns a ServiceAccount reference from the Node object annotations or labels. Annotations take precedence over labels because we encourage users to use annotations instead of labels in this case since. Labels are more impactful to etcd since they are indexed, and we don't need indexing here so we prefer annotations.

The ServiceAccount reference is retrieved from the following pair of annotations or labels:

gke-metadata-server.matheuscscp.io/serviceAccountName

gke-metadata-server.matheuscscp.io/serviceAccountNamespace

If the annotations or labels are not found, defaultRef is returned.

func ReferenceFromObject ¶ added in v0.7.0

func ReferenceFromObject(sa *corev1.ServiceAccount) *Reference

ReferenceFromObject returns a ServiceAccount reference from a ServiceAccount object.

func ReferenceFromPod ¶ added in v0.7.0

func ReferenceFromPod(pod *corev1.Pod) *Reference

ReferenceFromPod returns a ServiceAccount reference from a Pod object.

func ReferenceFromToken ¶ added in v0.8.2

func ReferenceFromToken(token string) *Reference

ReferenceFromToken returns a ServiceAccount reference from a ServiceAccount Token.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
get
watch

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL