github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
87d6ee451e48af0e2d220bc34d5053fa5fa531f4
kubernetes/staging
History
Kubernetes Submit Queue cdbc4fbe20 Merge pull request #58544 from ericchiang/oidc-v2 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

oidc authentication: switch to v2 of coreos/go-oidc

Switch to v2 of [coreos/go-oidc](https://github.com/coreos/go-oidc), which uses square/go-jose to verify tokens and supports more signing algorithms.

Most of this PR removes dependencies used by the older version of github.com/coreos/go-oidc, and updates vendor files.

This PR has been tested against tokens issued by Okta, Google, and CoreOS's dex.

Closes https://github.com/kubernetes/kubernetes/issues/57806

```release-note
kube-apiserver: the OpenID Connect authenticator can now verify ID Tokens signed with JOSE algorithms other than RS256 through the --oidc-signing-algs flag.
kube-apiserver: the OpenID Connect authenticator no longer accepts tokens from the Google v3 token APIs, users must switch to the "https://www.googleapis.com/oauth2/v4/token" endpoint.
```

cc @rithujohn191 @liggitt 
cc @kubernetes/sig-auth-pr-reviews
2018-02-21 09:07:23 -08:00
..
src/k8s.io
Merge pull request #58544 from ericchiang/oidc-v2
2018-02-21 09:07:23 -08:00
BUILD
Merge pull request #58544 from ericchiang/oidc-v2
2018-02-21 09:07:23 -08:00
OWNERS
Add OWNERS for staging and api
2017-04-19 15:58:09 -04:00
README.md
Add link to k8s.io/sample-controller
2017-10-19 15:46:36 +01:00

README.md

External Repository Staging Area

This directory is the staging area for packages that have been split to their own repository. The content here will be periodically published to respective top-level k8s.io repositories.

Repositories currently staged here:

The code in the staging/ directory is authoritative, i.e. the only copy of the code. You can directly modify such code.

Using staged repositories from Kubernetes code

Kubernetes code uses the repositories in this directory via symlinks in the vendor/k8s.io directory into this staging area. For example, when Kubernetes code imports a package from the k8s.io/client-go repository, that import is resolved to staging/src/k8s.io/client-go relative to the project root:

// pkg/example/some_code.go
package example

import (
  "k8s.io/client-go/dynamic" // resolves to staging/src/k8s.io/client-go/dynamic
)

Once the change-over to external repositories is complete, these repositories will actually be vendored from k8s.io/<package-name>.

Reference in New Issue View Git Blame Copy Permalink