alexlebens/external-snapshotter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bumping k8s dependencies to 1.13

Browse Source
This commit is contained in:
Cheng Xing
2018-11-16 14:08:25 -08:00
parent 305407125c
commit b4c0b68ec7
8002 changed files with 884099 additions and 276228 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
vendor/k8s.io/kubernetes/pkg/serviceaccount/jwt.go generated vendored
View File

@@ -54,25 +54,13 @@ type TokenGenerator interface {
// JWTTokenGenerator returns a TokenGenerator that generates signed JWT tokens, using the given privateKey.
// privateKey is a PEM-encoded byte array of a private RSA key.
// JWTTokenAuthenticator()
func JWTTokenGenerator(iss string, privateKey interface{}) TokenGenerator {
return &jwtTokenGenerator{
iss: iss,
privateKey: privateKey,
}
}
type jwtTokenGenerator struct {
iss string
privateKey interface{}
}
func (j *jwtTokenGenerator) GenerateToken(claims *jwt.Claims, privateClaims interface{}) (string, error) {
func JWTTokenGenerator(iss string, privateKey interface{}) (TokenGenerator, error) {
var alg jose.SignatureAlgorithm
switch privateKey := j.privateKey.(type) {
switch pk := privateKey.(type) {
case *rsa.PrivateKey:
alg = jose.RS256
case *ecdsa.PrivateKey:
switch privateKey.Curve {
switch pk.Curve {
case elliptic.P256():
alg = jose.ES256
case elliptic.P384():
@@ -80,25 +68,38 @@ func (j *jwtTokenGenerator) GenerateToken(claims *jwt.Claims, privateClaims inte
case elliptic.P521():
alg = jose.ES512
default:
return "", fmt.Errorf("unknown private key curve, must be 256, 384, or 521")
return nil, fmt.Errorf("unknown private key curve, must be 256, 384, or 521")
}
case jose.OpaqueSigner:
alg = jose.SignatureAlgorithm(pk.Public().Algorithm)
default:
return "", fmt.Errorf("unknown private key type %T, must be *rsa.PrivateKey or *ecdsa.PrivateKey", j.privateKey)
return nil, fmt.Errorf("unknown private key type %T, must be *rsa.PrivateKey, *ecdsa.PrivateKey, or jose.OpaqueSigner", privateKey)
}
signer, err := jose.NewSigner(
jose.SigningKey{
Algorithm: alg,
Key: j.privateKey,
Key: privateKey,
},
nil,
)
if err != nil {
return "", err
return nil, err
}
return &jwtTokenGenerator{
iss: iss,
signer: signer,
}, nil
}
type jwtTokenGenerator struct {
iss string
signer jose.Signer
}
func (j *jwtTokenGenerator) GenerateToken(claims *jwt.Claims, privateClaims interface{}) (string, error) {
// claims are applied in reverse precedence
return jwt.Signed(signer).
return jwt.Signed(j.signer).
Claims(privateClaims).
Claims(claims).
Claims(&jwt.Claims{
@@ -130,7 +131,7 @@ type Validator interface {
// Validate validates a token and returns user information or an error.
// Validator can assume that the issuer and signature of a token are already
// verified when this function is called.
Validate(tokenData string, public *jwt.Claims, private interface{}) (namespace, name, uid string, err error)
Validate(tokenData string, public *jwt.Claims, private interface{}) (*ServiceAccountInfo, error)
// NewPrivateClaims returns a struct that the authenticator should
// deserialize the JWT payload into. The authenticator may then pass this
// struct back to the Validator as the 'private' argument to a Validate()
@@ -171,12 +172,12 @@ func (j *jwtTokenAuthenticator) AuthenticateToken(tokenData string) (user.Info,
// If we get here, we have a token with a recognized signature and
// issuer string.
ns, name, uid, err := j.validator.Validate(tokenData, public, private)
sa, err := j.validator.Validate(tokenData, public, private)
if err != nil {
return nil, false, err
}
return UserInfo(ns, name, uid), true, nil
return sa.UserInfo(), true, nil
}
// hasCorrectIssuer returns true if tokenData is a valid JWT in compact