tokenreview

package
v0.0.0-...-a142011 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 18, 2024 License: Apache-2.0 Imports: 7 Imported by: 5

Documentation

Index

Constants

View Source
const (
	// PodNameKey is the key used in a user's "extra" to specify the pod name of
	// the authenticating request.
	PodNameKey = "authentication.kubernetes.io/pod-name"
	// PodUIDKey is the key used in a user's "extra" to specify the pod UID of
	// the authenticating request.
	PodUIDKey = "authentication.kubernetes.io/pod-uid"
)

nolint: lll From https://github.com/kubernetes/kubernetes/blob/4f2faa2f1ce8f49983173ef29214156afdf405f9/staging/src/k8s.io/apiserver/pkg/authentication/serviceaccount/util.go#L41

Variables

This section is empty.

Functions

func ValidateK8sJwt

func ValidateK8sJwt(kubeClient kubernetes.Interface, targetToken string, aud []string) (security.KubernetesInfo, error)

ValidateK8sJwt validates a k8s JWT at API server. Return {<namespace>, <serviceaccountname>} in the targetToken when the validation passes. Otherwise, return the error. targetToken: the JWT of the K8s service account to be reviewed aud: list of audiences to check. If empty 1st party tokens will be checked.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL