auth

package
v0.146.0-rc.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 16, 2023 License: Apache-2.0 Imports: 9 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Generator

type Generator struct {
	// contains filtered or unexported fields
}

Generator provides a token generating functionality using a signed STS CallerIdentity call.

func NewGenerator

func NewGenerator(client api.STSPresigner, clock credentials.Clock) Generator

func (Generator) GetWithSTS

func (g Generator) GetWithSTS(ctx context.Context, clusterID string) (Token, error)

GetWithSTS returns a token valid for clusterID using the given STS client. This implementation follows the steps outlined here: https://github.com/kubernetes-sigs/aws-iam-authenticator#api-authorization-from-outside-a-cluster We either add this implementation or have to maintain two versions of STS since aws-iam-authenticator is not switching over to aws-go-sdk-v2.

type Token

type Token struct {
	Token      string
	Expiration time.Time
}

Token is generated and used by Kubernetes client-go to authenticate with a Kubernetes cluster.

type TokenGenerator

type TokenGenerator interface {
	GetWithSTS(ctx context.Context, clusterID string) (Token, error)
}

TokenGenerator defines a token generator using STS.

type TokenSource

type TokenSource struct {
	// ClusterID represents the cluster ID.
	ClusterID string
	// TokenGenerator is used to generate the token.
	TokenGenerator TokenGenerator
	// Leeway allows refreshing the token before its expiry.
	Leeway time.Duration
}

TokenSource implements oauth2.TokenSource.

func (*TokenSource) Token

func (t *TokenSource) Token() (*oauth2.Token, error)

Token returns the token.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL