istio: istio.io/istio/security/pkg/k8s/tokenreview Index | Files

package tokenreview

import "istio.io/istio/security/pkg/k8s/tokenreview"

Index

Package Files

k8sauthn.go

type K8sSvcAcctAuthn Uses

type K8sSvcAcctAuthn struct {
    // contains filtered or unexported fields
}

K8sSvcAcctAuthn authenticates a k8s service account (JWT) through the k8s TokenReview API.

func NewK8sSvcAcctAuthn Uses

func NewK8sSvcAcctAuthn(apiServerAddr string, apiServerCert []byte, callerToken string) *K8sSvcAcctAuthn

NewK8sSvcAcctAuthn creates a new authenticator for authenticating k8s JWTs. It creates an HTTP client singleton to talk to the apiserver TokenReview API. apiServerAddr: the URL of k8s API Server apiServerCert: the CA certificate of k8s API Server callerToken: the JWT of the caller to authenticate to k8s API server

func (*K8sSvcAcctAuthn) ValidateK8sJwt Uses

func (authn *K8sSvcAcctAuthn) ValidateK8sJwt(targetToken string) ([]string, error)

ValidateK8sJwt validates a k8s JWT at API server. Return {<namespace>, <serviceaccountname>} in the targetToken when the validation passes. Otherwise, return the error. targetToken: the JWT of the K8s service account to be reviewed

Package tokenreview imports 10 packages (graph) and is imported by 1 packages. Updated 2019-09-14. Refresh now. Tools for package owners.