github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add extra group constants and validation to pkg/bootstrap/api.

Browse Source 
This adds constants and validation for a new `auth-extra-groups` key on `bootstrap.kubernetes.io/token` secrets. This key allows a bootstrap token to authenticate to extra groups in addition to the `system:bootstrappers` group.

Extra groups are always applied in addition to the `system:bootstrappers` group, must begin with a `system:bootstrappers:` prefix, are limited in length, and are limited to a restricted set of characters (alphanumeric, colons, and dashes without a trailing colon/dash).
This commit is contained in:
Matt Moyer
2017-08-22 15:43:47 -05:00
parent a235ba4e49
commit 33e02aff60
5 changed files with 110 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugin/pkg/auth/authenticator/token/bootstrap/bootstrap.go
View File

@@ -136,7 +136,7 @@ func (t *TokenAuthenticator) AuthenticateToken(token string) (user.Info, bool, e
return &user.DefaultInfo{
Name: bootstrapapi.BootstrapUserPrefix + string(id),
Groups: []string{bootstrapapi.BootstrapGroup},
Groups: []string{bootstrapapi.BootstrapDefaultGroup},
}, true, nil
}