mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-14 10:53:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

rebase: update k8s.io packages to v0.29.0

Browse Source 
Signed-off-by: Niels de Vos <ndevos@ibm.com>
This commit is contained in:
Niels de Vos
2023-12-20 13:23:59 +01:00
committed by mergify[bot]
parent 328a264202
commit f080b9e0c9
367 changed files with 21340 additions and 11878 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
vendor/k8s.io/apiserver/pkg/authentication/serviceaccount/util.go generated vendored
View File

@ -36,12 +36,21 @@ const (
ServiceAccountUsernameSeparator = ":"
ServiceAccountGroupPrefix = "system:serviceaccounts:"
AllServiceAccountsGroup = "system:serviceaccounts"
// CredentialIDKey is the key used in a user's "extra" to specify the unique
// identifier for this identity document).
CredentialIDKey = "authentication.kubernetes.io/credential-id"
// PodNameKey is the key used in a user's "extra" to specify the pod name of
// the authenticating request.
PodNameKey = "authentication.kubernetes.io/pod-name"
// PodUIDKey is the key used in a user's "extra" to specify the pod UID of
// the authenticating request.
PodUIDKey = "authentication.kubernetes.io/pod-uid"
// NodeNameKey is the key used in a user's "extra" to specify the node name of
// the authenticating request.
NodeNameKey = "authentication.kubernetes.io/node-name"
// NodeUIDKey is the key used in a user's "extra" to specify the node UID of
// the authenticating request.
NodeUIDKey = "authentication.kubernetes.io/node-uid"
)
// MakeUsername generates a username from the given namespace and ServiceAccount name.
@ -119,6 +128,8 @@ func UserInfo(namespace, name, uid string) user.Info {
type ServiceAccountInfo struct {
Name, Namespace, UID string
PodName, PodUID string
CredentialID string
NodeName, NodeUID string
}
func (sa *ServiceAccountInfo) UserInfo() user.Info {
@ -127,15 +138,43 @@ func (sa *ServiceAccountInfo) UserInfo() user.Info {
UID: sa.UID,
Groups: MakeGroupNames(sa.Namespace),
}
if sa.PodName != "" && sa.PodUID != "" {
info.Extra = map[string][]string{
PodNameKey: {sa.PodName},
PodUIDKey: {sa.PodUID},
if info.Extra == nil {
info.Extra = make(map[string][]string)
}
info.Extra[PodNameKey] = []string{sa.PodName}
info.Extra[PodUIDKey] = []string{sa.PodUID}
}
if sa.CredentialID != "" {
if info.Extra == nil {
info.Extra = make(map[string][]string)
}
info.Extra[CredentialIDKey] = []string{sa.CredentialID}
}
if sa.NodeName != "" {
if info.Extra == nil {
info.Extra = make(map[string][]string)
}
info.Extra[NodeNameKey] = []string{sa.NodeName}
// node UID is optional and will only be set if the node name is set
if sa.NodeUID != "" {
info.Extra[NodeUIDKey] = []string{sa.NodeUID}
}
}
return info
}
// CredentialIDForJTI converts a given JTI string into a credential identifier for use in a
// users 'extra' info.
func CredentialIDForJTI(jti string) string {
if len(jti) == 0 {
return ""
}
return "JTI=" + jti
}
// IsServiceAccountToken returns true if the secret is a valid api token for the service account
func IsServiceAccountToken(secret *v1.Secret, sa *v1.ServiceAccount) bool {
if secret.Type != v1.SecretTypeServiceAccountToken {