Affected by GO-2022-0617 and 18 other vulnerabilities

GO-2022-0617: WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes

GO-2022-0782: Symlink Attack in kubectl cp in k8s.io/kubernetes

GO-2022-0885: Improper Authentication in Kubernetes in k8s.io/kubernetes

GO-2022-0890: Server Side Request Forgery (SSRF) in Kubernetes in k8s.io/kubernetes

GO-2022-0907: Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes

GO-2022-0910: Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes

GO-2022-0983: kubectl ANSI escape characters not filtered in k8s.io/kubernetes

GO-2023-1864: Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes

GO-2023-1891: kube-apiserver vulnerable to policy bypass in k8s.io/kubernetes

GO-2023-1892: Kubernetes mountable secrets policy bypass in k8s.io/kubernetes

GO-2023-1985: Kubernetes in OpenShift3 Access Control Misconfiguration in k8s.io/kubernetes

GO-2023-2159: Kube-proxy may unintentionally forward traffic in k8s.io/kubernetes

GO-2023-2170: Kubernetes privilege escalation vulnerability in k8s.io/kubernetes

GO-2023-2330: Kubernetes privilege escalation vulnerability in k8s.io/kubernetes

GO-2023-2341: Kubernetes Improper Input Validation vulnerability in k8s.io/kubernetes

GO-2024-2748: Privilege Escalation in Kubernetes in k8s.io/apimachinery

GO-2024-2754: Sensitive Information leak via Log File in Kubernetes in k8s.io/kubernetes

GO-2024-2755: Sensitive Information leak via Log File in Kubernetes in k8s.io/kubernetes

GO-2024-2994: Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes

tokens

package

v0.9.2 Latest Latest Go to latest Published: Jan 28, 2015 License: Apache-2.0, Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes/kubernetes

Links

Open Source Insights

Documentation ¶

Overview ¶

Package tokens provides information and interaction with the token API resource for the OpenStack Identity service.

For more information, see: http://developer.openstack.org/api-ref-identity-v3.html#tokens-v3

Index ¶

Variables
func Validate(c *gophercloud.ServiceClient, token string) (bool, error)
type CreateResult
- func Create(c *gophercloud.ServiceClient, options gophercloud.AuthOptions, scope *Scope) CreateResult
- func (r CreateResult) Extract() (*Token, error)
type GetResult
- func Get(c *gophercloud.ServiceClient, token string) GetResult
- func (r GetResult) Extract() (*Token, error)
type RevokeResult
- func Revoke(c *gophercloud.ServiceClient, token string) RevokeResult
- func (r RevokeResult) Extract() (*Token, error)
type Scope
type Token

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrAPIKeyProvided indicates that an APIKey was provided but can't be used.
	ErrAPIKeyProvided = unacceptedAttributeErr("APIKey")

	// ErrTenantIDProvided indicates that a TenantID was provided but can't be used.
	ErrTenantIDProvided = unacceptedAttributeErr("TenantID")

	// ErrTenantNameProvided indicates that a TenantName was provided but can't be used.
	ErrTenantNameProvided = unacceptedAttributeErr("TenantName")

	// ErrUsernameWithToken indicates that a Username was provided, but token authentication is being used instead.
	ErrUsernameWithToken = redundantWithTokenErr("Username")

	// ErrUserIDWithToken indicates that a UserID was provided, but token authentication is being used instead.
	ErrUserIDWithToken = redundantWithTokenErr("UserID")

	// ErrDomainIDWithToken indicates that a DomainID was provided, but token authentication is being used instead.
	ErrDomainIDWithToken = redundantWithTokenErr("DomainID")

	// ErrDomainNameWithToken indicates that a DomainName was provided, but token authentication is being used instead.s
	ErrDomainNameWithToken = redundantWithTokenErr("DomainName")

	// ErrUsernameOrUserID indicates that neither username nor userID are specified, or both are at once.
	ErrUsernameOrUserID = errors.New("Exactly one of Username and UserID must be provided for password authentication")

	// ErrDomainIDWithUserID indicates that a DomainID was provided, but unnecessary because a UserID is being used.
	ErrDomainIDWithUserID = redundantWithUserID("DomainID")

	// ErrDomainNameWithUserID indicates that a DomainName was provided, but unnecessary because a UserID is being used.
	ErrDomainNameWithUserID = redundantWithUserID("DomainName")

	// ErrDomainIDOrDomainName indicates that a username was provided, but no domain to scope it.
	// It may also indicate that both a DomainID and a DomainName were provided at once.
	ErrDomainIDOrDomainName = errors.New("You must provide exactly one of DomainID or DomainName to authenticate by Username")

	// ErrMissingPassword indicates that no password was provided and no token is available.
	ErrMissingPassword = errors.New("You must provide a password to authenticate")

	// ErrScopeDomainIDOrDomainName indicates that a domain ID or Name was required in a Scope, but not present.
	ErrScopeDomainIDOrDomainName = errors.New("You must provide exactly one of DomainID or DomainName in a Scope with ProjectName")

	// ErrScopeProjectIDOrProjectName indicates that both a ProjectID and a ProjectName were provided in a Scope.
	ErrScopeProjectIDOrProjectName = errors.New("You must provide at most one of ProjectID or ProjectName in a Scope")

	// ErrScopeProjectIDAlone indicates that a ProjectID was provided with other constraints in a Scope.
	ErrScopeProjectIDAlone = errors.New("ProjectID must be supplied alone in a Scope")

	// ErrScopeDomainName indicates that a DomainName was provided alone in a Scope.
	ErrScopeDomainName = errors.New("DomainName must be supplied with a ProjectName or ProjectID in a Scope.")

	// ErrScopeEmpty indicates that no credentials were provided in a Scope.
	ErrScopeEmpty = errors.New("You must provide either a Project or Domain in a Scope")
)

Functions ¶

func Validate ¶

func Validate(c *gophercloud.ServiceClient, token string) (bool, error)

Validate determines if a specified token is valid or not.

Types ¶

type CreateResult ¶

type CreateResult struct {
	// contains filtered or unexported fields
}

CreateResult is the deferred response from a Create call.

func Create ¶

func Create(c *gophercloud.ServiceClient, options gophercloud.AuthOptions, scope *Scope) CreateResult

Create authenticates and either generates a new token, or changes the Scope of an existing token.

func (CreateResult) Extract ¶

func (r CreateResult) Extract() (*Token, error)

Extract interprets a commonResult as a Token.

type GetResult ¶

type GetResult struct {
	// contains filtered or unexported fields
}

GetResult is the deferred response from a Get call.

func Get ¶

func Get(c *gophercloud.ServiceClient, token string) GetResult

Get validates and retrieves information about another token.

func (GetResult) Extract ¶

func (r GetResult) Extract() (*Token, error)

Extract interprets a commonResult as a Token.

type RevokeResult ¶

type RevokeResult struct {
	// contains filtered or unexported fields
}

RevokeResult is the deferred response from a Revoke call.

func Revoke ¶

func Revoke(c *gophercloud.ServiceClient, token string) RevokeResult

Revoke immediately makes specified token invalid.

func (RevokeResult) Extract ¶

func (r RevokeResult) Extract() (*Token, error)

Extract interprets a commonResult as a Token.

type Scope ¶

type Scope struct {
	ProjectID   string
	ProjectName string
	DomainID    string
	DomainName  string
}

Scope allows a created token to be limited to a specific domain or project.

type Token ¶

type Token struct {
	// ID is the issued token.
	ID string

	// ExpiresAt is the timestamp at which this token will no longer be accepted.
	ExpiresAt time.Time
}

Token is a string that grants a user access to a controlled set of services in an OpenStack provider. Each Token is valid for a set length of time.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL