istio: Index | Files

package tokenreview

import ""


Package Files


type K8sSvcAcctAuthn Uses

type K8sSvcAcctAuthn struct {
    // contains filtered or unexported fields

K8sSvcAcctAuthn authenticates a k8s service account (JWT) through the k8s TokenReview API.

func NewK8sSvcAcctAuthn Uses

func NewK8sSvcAcctAuthn(apiServerAddr string, apiServerCert []byte, callerToken string) *K8sSvcAcctAuthn

NewK8sSvcAcctAuthn creates a new authenticator for authenticating k8s JWTs. It creates an HTTP client singleton to talk to the apiserver TokenReview API. apiServerAddr: the URL of k8s API Server apiServerCert: the CA certificate of k8s API Server callerToken: the JWT of the caller to authenticate to k8s API server

func (*K8sSvcAcctAuthn) ValidateK8sJwt Uses

func (authn *K8sSvcAcctAuthn) ValidateK8sJwt(targetToken, jwtPolicy string) ([]string, error)

ValidateK8sJwt validates a k8s JWT at API server. Return {<namespace>, <serviceaccountname>} in the targetToken when the validation passes. Otherwise, return the error. targetToken: the JWT of the K8s service account to be reviewed jwtPolicy: the policy for validating JWT.

Package tokenreview imports 11 packages (graph) and is imported by 1 packages. Updated 2020-02-13. Refresh now. Tools for package owners.