package plugin

import "k8s.io/kubernetes/pkg/serviceaccount/externaljwt/plugin"

Index ¶

• type Plugin
• func New(ctx context.Context, issuer, socketPath string, keySyncTimeout time.Duration, allowSigningWithNonOIDCKeys bool) (*Plugin, *keyCache, error)
• func (p *Plugin) GenerateToken(ctx context.Context, claims *jwt.Claims, privateClaims interface{}) (string, error)
• func (p *Plugin) GetServiceMetadata(ctx context.Context) (*externaljwtv1alpha1.MetadataResponse, error)
• type VerificationKeys

Types ¶

type Plugin ¶

type Plugin struct {
	// contains filtered or unexported fields
}

enables plugging in an external jwt signer.

func New ¶

func New(ctx context.Context, issuer, socketPath string, keySyncTimeout time.Duration, allowSigningWithNonOIDCKeys bool) (*Plugin, *keyCache, error)

New calls external signer to fill out supported keys. It also starts a periodic sync of external keys. In order for the key cache and external signing to work correctly, pass a context that will live as long as the dependent process; is used to maintain the lifetime of the connection to external signer.

func (*Plugin) GenerateToken ¶

func (p *Plugin) GenerateToken(ctx context.Context, claims *jwt.Claims, privateClaims interface{}) (string, error)

GenerateToken creates a service account token with the provided claims by calling out to the external signer binary.

func (*Plugin) GetServiceMetadata ¶

func (p *Plugin) GetServiceMetadata(ctx context.Context) (*externaljwtv1alpha1.MetadataResponse, error)

GetServiceMetadata returns metadata associated with externalJWTSigner It Includes details like max token lifetime supported by externalJWTSigner, etc.

type VerificationKeys ¶

type VerificationKeys struct {
	Keys            []serviceaccount.PublicKey
	DataTimestamp   time.Time
	NextRefreshHint time.Time
}

Source Files ¶

keycache.go plugin.go

Directories ¶