Bumping k8s dependencies to 1.13
This commit is contained in:
Cheng Xing
59
vendor/k8s.io/kubernetes/pkg/serviceaccount/util.go
generated
vendored
59
vendor/k8s.io/kubernetes/pkg/serviceaccount/util.go
generated
vendored
@@ -20,16 +20,44 @@ import (
|
||||
"k8s.io/api/core/v1"
|
||||
apiserverserviceaccount "k8s.io/apiserver/pkg/authentication/serviceaccount"
|
||||
"k8s.io/apiserver/pkg/authentication/user"
|
||||
api "k8s.io/kubernetes/pkg/apis/core"
|
||||
)
|
||||
|
||||
const (
|
||||
// PodNameKey is the key used in a user's "extra" to specify the pod name of
|
||||
// the authenticating request.
|
||||
PodNameKey = "authentication.kubernetes.io/pod-name"
|
||||
// PodUIDKey is the key used in a user's "extra" to specify the pod UID of
|
||||
// the authenticating request.
|
||||
PodUIDKey = "authentication.kubernetes.io/pod-uid"
|
||||
)
|
||||
|
||||
// UserInfo returns a user.Info interface for the given namespace, service account name and UID
|
||||
func UserInfo(namespace, name, uid string) user.Info {
|
||||
return &user.DefaultInfo{
|
||||
Name: apiserverserviceaccount.MakeUsername(namespace, name),
|
||||
UID: uid,
|
||||
Groups: apiserverserviceaccount.MakeGroupNames(namespace),
|
||||
return (&ServiceAccountInfo{
|
||||
Name: name,
|
||||
Namespace: namespace,
|
||||
UID: uid,
|
||||
}).UserInfo()
|
||||
}
|
||||
|
||||
type ServiceAccountInfo struct {
|
||||
Name, Namespace, UID string
|
||||
PodName, PodUID string
|
||||
}
|
||||
|
||||
func (sa *ServiceAccountInfo) UserInfo() user.Info {
|
||||
info := &user.DefaultInfo{
|
||||
Name: apiserverserviceaccount.MakeUsername(sa.Namespace, sa.Name),
|
||||
UID: sa.UID,
|
||||
Groups: apiserverserviceaccount.MakeGroupNames(sa.Namespace),
|
||||
}
|
||||
if sa.PodName != "" && sa.PodUID != "" {
|
||||
info.Extra = map[string][]string{
|
||||
PodNameKey: {sa.PodName},
|
||||
PodUIDKey: {sa.PodUID},
|
||||
}
|
||||
}
|
||||
return info
|
||||
}
|
||||
|
||||
// IsServiceAccountToken returns true if the secret is a valid api token for the service account
|
||||
@@ -51,24 +79,3 @@ func IsServiceAccountToken(secret *v1.Secret, sa *v1.ServiceAccount) bool {
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
// TODO: remove the duplicate code
|
||||
// InternalIsServiceAccountToken returns true if the secret is a valid api token for the service account
|
||||
func InternalIsServiceAccountToken(secret *api.Secret, sa *api.ServiceAccount) bool {
|
||||
if secret.Type != api.SecretTypeServiceAccountToken {
|
||||
return false
|
||||
}
|
||||
|
||||
name := secret.Annotations[api.ServiceAccountNameKey]
|
||||
uid := secret.Annotations[api.ServiceAccountUIDKey]
|
||||
if name != sa.Name {
|
||||
// Name must match
|
||||
return false
|
||||
}
|
||||
if len(uid) > 0 && uid != string(sa.UID) {
|
||||
// If UID is specified, it must match
|
||||
return false
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user