github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
64,822 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

28 Commits (284e8182a402cfd545fc000fedaea071fed873b0)

Author SHA1 Message Date
Mike Danese 2862fb333a svcacct: make token authenticator fully generic 
so it can be used for both new and legacy svcacct tokens. Also move the
legacy validator into legacy.go.
 2018-02-20 12:30:42 -08:00
Mike Danese 7d74c35963 svcacct: move claim generation out of TokenGenerator 2018-02-06 13:19:54 -08:00
Mike Danese 057b7af798 serviceaccount: check token is issued by correct iss before verifying 
Right now if a JWT for an unknown issuer, for any subject hits the
serviceaccount token authenticator, we return a errors as if the token
was meant for us but we couldn't find a key to verify it. We should
instead return nil, false, nil.

This change helps us support multiple service account token
authenticators with different issuers.
 2018-01-24 20:21:59 -08:00
linweibin fa8afc1d39 Remove unused code in UT files in pkg/ 2018-01-15 16:02:35 +08:00
Christoph Blecker aac4d5382d
Move remaining cert helper functions to client-go/util/cert 
- Move public key functions to client-go/util/cert
- Move pki file helper functions to client-go/util/cert
- Standardize on certutil package alias
- Update dependencies to client-go/util/cert
 2017-08-03 13:17:07 -07:00
Jacob Simpson 29c1b81d4c Scripted migration from clientset_generated to client-go. 2017-07-17 15:05:37 -07:00
Chao Xu 60604f8818 run hack/update-all 2017-06-22 11:31:03 -07:00
Chao Xu f4989a45a5 run root-rewrite-v1-..., compile 2017-06-22 10:25:57 -07:00
Christoph Blecker 89d1b09fdf
Move Private Key parsing to k8s.io/client-go/util/cert 2017-02-03 17:41:34 -08:00
Jordan Liggitt ff124c4aec
Allow reading ECDSA key files containing parameter blocks 2017-02-01 10:18:58 -05:00
Clayton Coleman 9a2a50cda7
refactor: use metav1.ObjectMeta in other types 2017-01-17 16:17:19 -05:00
Dr. Stefan Schimanski bf307d9948 genericapiserver: cut off pkg/serviceaccount dependency 2017-01-17 09:36:10 +01:00
Chao Xu 03d8820edc rename /release_1_5 to /clientset 2016-12-14 12:39:48 -08:00
Chao Xu 4f3d0e3bde more dependencies packages: 
pkg/metrics
pkg/credentialprovider
pkg/security
pkg/securitycontext
pkg/serviceaccount
pkg/storage
pkg/fieldpath
 2016-11-23 15:53:09 -08:00
Jordan Liggitt 3c92eb75b3
Enable service account signing key rotation 2016-10-04 14:16:38 -04:00
Jordan Liggitt 6333d8fd86
Add ECDSA support 2016-09-27 12:44:54 -04:00
Jordan Liggitt cce67724a9
Check for valid serviceaccount JWT token before inspecting claims 2016-07-06 14:25:15 -04:00
David McMahon ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
Xiangpeng Zhao c381a7b61e Improve error messages in jwt_test.go 
Fix typos and add more info to error messages.
 2016-04-21 11:37:14 +08:00
Chao Xu ad46715f51 generate fake client for release_1_2 2016-02-17 16:10:02 -08:00
Chao Xu 184440f8ef rename release_1_2 to internalclientset 2016-02-05 14:02:28 -08:00
Chao Xu f9f5736b01 grep sed 2016-02-03 13:06:07 -08:00
Chao Xu fe7887f1ec replace the client with clientset in controllers 2016-02-02 20:28:45 -08:00
Clayton Coleman 9dad7e624c Split the serviceaccount package into two parts 
Public utility methods and JWT parsing, and controller specific logic.
Also remove the coupling between ServiceAccountTokenGetter and the
authenticator class.
 2015-12-26 21:28:12 -05:00
gmarek d27ad5b714 Controller codebase refactoring 2015-08-03 17:06:25 +02:00
Jordan Liggitt dae4e82dca Add system: prefix to service account usernames 2015-06-16 21:08:18 -04:00
Jordan Liggitt d90e7409e4 Prevent auth recursion for service account tokens 2015-05-16 23:39:07 -04:00
Jordan Liggitt db1f0dc906 JWT token generation/verification 2015-05-11 17:18:06 -04:00