import "istio.io/istio/security/pkg/util"
certutil.go configutil.go jwtutil.go
GetAud returns the claim `aud` from the token. Returns nil if not found.
func InsertDataToConfigMap(client corev1.ConfigMapsGetter, meta metav1.ObjectMeta, data map[string]string) error
InsertDataToConfigMap inserts a data to a configmap in a namespace. client: the k8s client interface. namespace: the namespace of the configmap. value: the value of the data to insert. configName: the name of the configmap. dataName: the name of the data in the configmap.
IsJwtExpired checks if the JWT token is expired compared with the given time, without validating it.
IsK8SUnbound detects if the token is a K8S unbound token. It is a regular JWT with no audience and expiration, which can be exchanged with bound tokens with audience.
This is used to determine if we check audience in the token. Clients should not use unbound tokens except in cases where bound tokens are not possible.
func UpdateDataInConfigMap(client corev1.ConfigMapsGetter, cm *v1.ConfigMap, data map[string]string) error
type CertUtil interface {
// GetWaitTime returns the waiting time before renewing the certificate.
GetWaitTime([]byte, time.Time, time.Duration) (time.Duration, error)
}CertUtil is an interface for utility functions on certificate.
type CertUtilImpl struct {
// contains filtered or unexported fields
}CertUtilImpl is the implementation of CertUtil, for production use.
func NewCertUtil(gracePeriodPercentage int) CertUtilImpl
NewCertUtil returns a new CertUtilImpl
func (cu CertUtilImpl) GetWaitTime(certBytes []byte, now time.Time, minGracePeriod time.Duration) (time.Duration, error)
GetWaitTime returns the waititng time before renewing the cert, based on current time, the timestamps in cert and graceperiod.
| Path | Synopsis |
|---|---|
| mock |
Package util imports 13 packages (graph) and is imported by 7 packages. Updated 2020-09-20. Refresh now. Tools for package owners.