Mike Danese
371b1e7fed
promote --service-account-api-audiences to top level kube-apiserver config
...
The service account authenticator isn't the only authenticator that
should respect API audience. The authentication config structure should
reflect that.
2018-10-22 18:21:37 -07:00
Mike Danese
43eaeb8c6c
svcacct: pass pod information in user.Info.Extra() when available
...
Fixes https://github.com/kubernetes/kubernetes/issues/59670
2018-08-31 11:54:50 -07:00
Mike Danese
e68f14a249
jwt: support opaque signer and push errors to token generator creation
2018-08-23 12:21:56 -07:00
Chao Wang
39a4730db6
remove duplicated import
2018-08-01 13:27:42 +08:00
WanLinghao
f16470c3f1
This patch adds limit to the TokenRequest expiration time. It constrains a TokenRequest's expiration time to avoid extreme value which could harm the cluster.
2018-06-14 09:31:50 +08:00
Mike Danese
dc9e3f1b3e
svcacct: validate min and max expiration seconds on TokenRequest
2018-05-30 17:32:49 -07:00
WanLinghao
198b9e482c
fix a error in serviceaccount validate.
...
This error is a human-writing error.
Small as it is, it could cause recreate Object validate
through bug.
This patch fix it.
2018-04-24 14:48:37 +08:00
Mike Danese
024f57affe
implement token authenticator for new id tokens
2018-02-27 17:20:46 -08:00
Mike Danese
b2ceeedd67
tokenrequest: tokens bound to pods running as other svcaccts
2018-02-24 22:18:24 -08:00
Mike Danese
32bf28daed
integration: refactor, cleanup, and add more tests for TokenRequest
2018-02-23 14:59:35 -08:00
Mike Danese
8ad1c6655b
add support for /token subresource in serviceaccount registry
2018-02-21 13:16:51 -08:00
