github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
75,427 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

34 Commits (83fc13e640d85e92b194e95b8e999815a3cb1296)

Author SHA1 Message Date
Andrew Lytvynov 18458392ca Extract new keyutil package from client-go/util/cert 
This package contains public/private key utilities copied directly from
client-go/util/cert. All imports were updated.

Future PRs will actually refactor the libraries.

Updates #71004
 2019-02-19 09:48:59 -08:00
Jordan Liggitt a9dc919f82 Look up service accounts from informer before trying live lookup 2018-12-06 16:48:39 -05:00
Mike Danese 67bbf753cb retrofit svcacct token authenticator to support audience validation 2018-11-13 20:38:41 -08:00
Mike Danese e5227216c0 rebase authenticators onto new interface. 2018-10-22 10:16:59 -07:00
Mike Danese e68f14a249 jwt: support opaque signer and push errors to token generator creation 2018-08-23 12:21:56 -07:00
WanLinghao 9e7379ab97 clean duplicate test function 2018-04-27 13:43:12 +08:00
Mike Danese 2862fb333a svcacct: make token authenticator fully generic 
so it can be used for both new and legacy svcacct tokens. Also move the
legacy validator into legacy.go.
 2018-02-20 12:30:42 -08:00
Mike Danese 7d74c35963 svcacct: move claim generation out of TokenGenerator 2018-02-06 13:19:54 -08:00
Mike Danese 057b7af798 serviceaccount: check token is issued by correct iss before verifying 
Right now if a JWT for an unknown issuer, for any subject hits the
serviceaccount token authenticator, we return a errors as if the token
was meant for us but we couldn't find a key to verify it. We should
instead return nil, false, nil.

This change helps us support multiple service account token
authenticators with different issuers.
 2018-01-24 20:21:59 -08:00
linweibin fa8afc1d39 Remove unused code in UT files in pkg/ 2018-01-15 16:02:35 +08:00
Christoph Blecker aac4d5382d
Move remaining cert helper functions to client-go/util/cert 
- Move public key functions to client-go/util/cert
- Move pki file helper functions to client-go/util/cert
- Standardize on certutil package alias
- Update dependencies to client-go/util/cert
 2017-08-03 13:17:07 -07:00
Jacob Simpson 29c1b81d4c Scripted migration from clientset_generated to client-go. 2017-07-17 15:05:37 -07:00
Chao Xu 60604f8818 run hack/update-all 2017-06-22 11:31:03 -07:00
Chao Xu f4989a45a5 run root-rewrite-v1-..., compile 2017-06-22 10:25:57 -07:00
Christoph Blecker 89d1b09fdf
Move Private Key parsing to k8s.io/client-go/util/cert 2017-02-03 17:41:34 -08:00
Jordan Liggitt ff124c4aec
Allow reading ECDSA key files containing parameter blocks 2017-02-01 10:18:58 -05:00
Clayton Coleman 9a2a50cda7
refactor: use metav1.ObjectMeta in other types 2017-01-17 16:17:19 -05:00
Dr. Stefan Schimanski bf307d9948 genericapiserver: cut off pkg/serviceaccount dependency 2017-01-17 09:36:10 +01:00
Chao Xu 03d8820edc rename /release_1_5 to /clientset 2016-12-14 12:39:48 -08:00
Chao Xu 4f3d0e3bde more dependencies packages: 
pkg/metrics
pkg/credentialprovider
pkg/security
pkg/securitycontext
pkg/serviceaccount
pkg/storage
pkg/fieldpath
 2016-11-23 15:53:09 -08:00
Jordan Liggitt 3c92eb75b3
Enable service account signing key rotation 2016-10-04 14:16:38 -04:00
Jordan Liggitt 6333d8fd86
Add ECDSA support 2016-09-27 12:44:54 -04:00
Jordan Liggitt cce67724a9
Check for valid serviceaccount JWT token before inspecting claims 2016-07-06 14:25:15 -04:00
David McMahon ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
Xiangpeng Zhao c381a7b61e Improve error messages in jwt_test.go 
Fix typos and add more info to error messages.
 2016-04-21 11:37:14 +08:00
Chao Xu ad46715f51 generate fake client for release_1_2 2016-02-17 16:10:02 -08:00
Chao Xu 184440f8ef rename release_1_2 to internalclientset 2016-02-05 14:02:28 -08:00
Chao Xu f9f5736b01 grep sed 2016-02-03 13:06:07 -08:00
Chao Xu fe7887f1ec replace the client with clientset in controllers 2016-02-02 20:28:45 -08:00
Clayton Coleman 9dad7e624c Split the serviceaccount package into two parts 
Public utility methods and JWT parsing, and controller specific logic.
Also remove the coupling between ServiceAccountTokenGetter and the
authenticator class.
 2015-12-26 21:28:12 -05:00
gmarek d27ad5b714 Controller codebase refactoring 2015-08-03 17:06:25 +02:00
Jordan Liggitt dae4e82dca Add system: prefix to service account usernames 2015-06-16 21:08:18 -04:00
Jordan Liggitt d90e7409e4 Prevent auth recursion for service account tokens 2015-05-16 23:39:07 -04:00
Jordan Liggitt db1f0dc906 JWT token generation/verification 2015-05-11 17:18:06 -04:00