github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
75,882 Commits 1 Branch 31 Tags 1,019 MiB
af62ad0ca7
Commit Graph

16 Commits

Author SHA1 Message Date
Andrew Lytvynov
18458392ca Extract new keyutil package from client-go/util/cert 
This package contains public/private key utilities copied directly from
client-go/util/cert. All imports were updated.

Future PRs will actually refactor the libraries.

Updates #71004
 2019-02-19 09:48:59 -08:00
Jordan Liggitt
a9dc919f82 Look up service accounts from informer before trying live lookup 2018-12-06 16:48:39 -05:00
k8s-ci-robot
9c304cf0cb
Merge pull request #70157 from mikedanese/trev1 
retrofit svcacct token authenticator to support audience validation
 2018-11-14 13:16:44 -08:00
Mike Danese
67bbf753cb retrofit svcacct token authenticator to support audience validation 2018-11-13 20:38:41 -08:00
Mike Danese
06935e1c90 split TokenRequest initialization out of run and into complete and validate 2018-11-13 17:27:13 -08:00
Mike Danese
371b1e7fed promote --service-account-api-audiences to top level kube-apiserver config 
The service account authenticator isn't the only authenticator that
should respect API audience. The authentication config structure should
reflect that.
 2018-10-22 18:21:37 -07:00
Mike Danese
43eaeb8c6c svcacct: pass pod information in user.Info.Extra() when available 
Fixes https://github.com/kubernetes/kubernetes/issues/59670
 2018-08-31 11:54:50 -07:00
Mike Danese
e68f14a249 jwt: support opaque signer and push errors to token generator creation 2018-08-23 12:21:56 -07:00
Chao Wang
39a4730db6 remove duplicated import 2018-08-01 13:27:42 +08:00
WanLinghao
f16470c3f1 This patch adds limit to the TokenRequest expiration time. It constrains a TokenRequest's expiration time to avoid extreme value which could harm the cluster. 2018-06-14 09:31:50 +08:00
Mike Danese
dc9e3f1b3e svcacct: validate min and max expiration seconds on TokenRequest 2018-05-30 17:32:49 -07:00
WanLinghao
198b9e482c fix a error in serviceaccount validate. 
This error is a human-writing error.
	Small as it is, it could cause recreate Object validate
	through bug.
	This patch fix it.
 2018-04-24 14:48:37 +08:00
Mike Danese
024f57affe implement token authenticator for new id tokens 2018-02-27 17:20:46 -08:00
Mike Danese
b2ceeedd67 tokenrequest: tokens bound to pods running as other svcaccts 2018-02-24 22:18:24 -08:00
Mike Danese
32bf28daed integration: refactor, cleanup, and add more tests for TokenRequest 2018-02-23 14:59:35 -08:00
Mike Danese
8ad1c6655b add support for /token subresource in serviceaccount registry 2018-02-21 13:16:51 -08:00