Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Server ¶
type Server struct {
auth.UnimplementedAuthenticationMethodKubernetesServiceServer
// contains filtered or unexported fields
}
Server is the core server-side implementation of the "kubernetes" authentication method.
The method allows services deployed into the same Kubernetes cluster as Flipt to leverage their service account token in order to obtain access to Flipt itself. When enabled, this authentication method grants any service in the same cluster access to Flipt.
func New ¶
func New(logger *zap.Logger, store storageauth.Store, config config.AuthenticationConfig) (*Server, error)
New constructs a new Server instance based on the provided logger, store and configuration.
func (*Server) RegisterGRPC ¶
RegisterGRPC registers the server instnace on the provided gRPC server.
func (*Server) VerifyServiceAccount ¶
func (s *Server) VerifyServiceAccount(ctx context.Context, req *auth.VerifyServiceAccountRequest) (*auth.VerifyServiceAccountResponse, error)
VerifyServiceAccount takes a service account token, configured by a kubernetes environment, validates it's authenticity and (if valid) creates a Flipt client token and returns it. The returned client token is valid for the lifetime of the service account JWT. The token tracks the source service account and pod identity of the provided token.
Source Files
Directories