import "istio.io/istio/security/pkg/k8s/tokenreview"
type K8sSvcAcctAuthn struct {
// contains filtered or unexported fields
}K8sSvcAcctAuthn authenticates a k8s service account (JWT) through the k8s TokenReview API.
func NewK8sSvcAcctAuthn(apiServerAddr string, apiServerCert []byte, callerToken string) *K8sSvcAcctAuthn
NewK8sSvcAcctAuthn creates a new authenticator for authenticating k8s JWTs. It creates an HTTP client singleton to talk to the apiserver TokenReview API. apiServerAddr: the URL of k8s API Server apiServerCert: the CA certificate of k8s API Server callerToken: the JWT of the caller to authenticate to k8s API server
func (authn *K8sSvcAcctAuthn) ValidateK8sJwt(targetToken, jwtPolicy string) ([]string, error)
ValidateK8sJwt validates a k8s JWT at API server. Return {<namespace>, <serviceaccountname>} in the targetToken when the validation passes. Otherwise, return the error. targetToken: the JWT of the K8s service account to be reviewed jwtPolicy: the policy for validating JWT.
Package tokenreview imports 11 packages (graph) and is imported by 1 packages. Updated 2020-02-13. Refresh now. Tools for package owners.