github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
68,946 Commits
32 Branches
881 Tags
632 MiB
Commit Graph

31 Commits (9ea39419eb38de247148035c0d2a1592594d1b13)

Author SHA1 Message Date
WanLinghao c1e5b1bf2c Clean unused error type variable 
The function which invoked this variable
	was removed by
	https://github.com/kubernetes/kubernetes/pull/58725/
 2018-04-15 14:05:55 +08:00
Mike Danese 024f57affe implement token authenticator for new id tokens 2018-02-27 17:20:46 -08:00
Mike Danese 2862fb333a svcacct: make token authenticator fully generic 
so it can be used for both new and legacy svcacct tokens. Also move the
legacy validator into legacy.go.
 2018-02-20 12:30:42 -08:00
Mike Danese 7d74c35963 svcacct: move claim generation out of TokenGenerator 2018-02-06 13:19:54 -08:00
Mike Danese c89cb942cd serviceaccount: handle jwt flow specific validation in seperate validator struct 2018-01-24 20:40:54 -08:00
Mike Danese 057b7af798 serviceaccount: check token is issued by correct iss before verifying 
Right now if a JWT for an unknown issuer, for any subject hits the
serviceaccount token authenticator, we return a errors as if the token
was meant for us but we couldn't find a key to verify it. We should
instead return nil, false, nil.

This change helps us support multiple service account token
authenticators with different issuers.
 2018-01-24 20:21:59 -08:00
Mike Danese 33046de3cf move service account signing to using go-jose 
also extract custom validation to seperate function
 2018-01-23 17:40:08 -08:00
iloayuil c4b908ad52
typo wrong, not "namespace", but "secretName" 
namespace, _ := claims[NamespaceClaim].(string)
		if len(namespace) == 0 {
			return nil, false, errors.New("namespace claim is missing")
		}
		secretName, _ := claims[SecretNameClaim].(string)
		if len(namespace) == 0 {
			return nil, false, errors.New("secretName claim is missing")
		}
 2017-12-15 09:27:52 +08:00
Christoph Blecker aac4d5382d
Move remaining cert helper functions to client-go/util/cert 
- Move public key functions to client-go/util/cert
- Move pki file helper functions to client-go/util/cert
- Standardize on certutil package alias
- Update dependencies to client-go/util/cert
 2017-08-03 13:17:07 -07:00
deads2k 0939602ca6 don't accept delete tokens that are waiting to be reaped 2017-06-30 09:22:36 -04:00
Chao Xu 60604f8818 run hack/update-all 2017-06-22 11:31:03 -07:00
Chao Xu f4989a45a5 run root-rewrite-v1-..., compile 2017-06-22 10:25:57 -07:00
Christoph Blecker 89d1b09fdf
Move Private Key parsing to k8s.io/client-go/util/cert 2017-02-03 17:41:34 -08:00
Jordan Liggitt ff124c4aec
Allow reading ECDSA key files containing parameter blocks 2017-02-01 10:18:58 -05:00
Dr. Stefan Schimanski bf307d9948 genericapiserver: cut off pkg/serviceaccount dependency 2017-01-17 09:36:10 +01:00
deads2k 4d7fcae85a mechanicals 2017-01-05 11:14:27 -05:00
deads2k ca58ec0237 mechanical changes for move 2017-01-04 10:27:05 -05:00
Chao Xu 4f3d0e3bde more dependencies packages: 
pkg/metrics
pkg/credentialprovider
pkg/security
pkg/securitycontext
pkg/serviceaccount
pkg/storage
pkg/fieldpath
 2016-11-23 15:53:09 -08:00
Jordan Liggitt 3c92eb75b3
Enable service account signing key rotation 2016-10-04 14:16:38 -04:00
Jordan Liggitt 6333d8fd86
Add ECDSA support 2016-09-27 12:44:54 -04:00
Jordan Liggitt cce67724a9
Check for valid serviceaccount JWT token before inspecting claims 2016-07-06 14:25:15 -04:00
Jordan Liggitt 751a93b858
Revert "Revert "update jwt-go to v3.0.0-4-g01aeca5"" 
This reverts commit 7f456e49c9.
 2016-07-06 14:25:11 -04:00
krousey 7f456e49c9 Revert "update jwt-go to v3.0.0-4-g01aeca5" 2016-07-06 10:41:50 -07:00
Cole Mickens db006d6e6b fix serviceaccount's usage of jwt-go 
update pkg/serviceaccount for v3.x jwt-go.
 2016-07-05 20:48:36 -07:00
David McMahon ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
Clayton Coleman 9dad7e624c Split the serviceaccount package into two parts 
Public utility methods and JWT parsing, and controller specific logic.
Also remove the coupling between ServiceAccountTokenGetter and the
authenticator class.
 2015-12-26 21:28:12 -05:00
gmarek d27ad5b714 Controller codebase refactoring 2015-08-03 17:06:25 +02:00
Jordan Liggitt e563727338 Add logging for invalid JWT tokens 2015-06-19 15:43:19 -04:00
Jordan Liggitt dae4e82dca Add system: prefix to service account usernames 2015-06-16 21:08:18 -04:00
Jordan Liggitt d90e7409e4 Prevent auth recursion for service account tokens 2015-05-16 23:39:07 -04:00
Jordan Liggitt db1f0dc906 JWT token generation/verification 2015-05-11 17:18:06 -04:00