djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0b300cbe42
ContainerImage.Pinniped/internal
History
Ryan Richard 0b300cbe42 Use TokenCredentialRequest instead of base64 token with impersonator 
To make an impersonation request, first make a TokenCredentialRequest
to get a certificate. That cert will either be issued by the Kube
API server's CA or by a new CA specific to the impersonator. Either
way, you can then make a request to the impersonator and present
that client cert for auth and the impersonator will accept it and
make the impesonation call on your behalf.

The impersonator http handler now borrows some Kube library code
to handle request processing. This will allow us to more closely
mimic the behavior of a real API server, e.g. the client cert
auth will work exactly like the real API server.

Signed-off-by: Monis Khan <mok@vmware.com>
2021-03-10 10:30:06 -08:00
..
apiserviceref Use API service as owner ref for cluster scoped resources 2021-02-10 21:52:08 -05:00
certauthority Use TokenCredentialRequest instead of base64 token with impersonator 2021-03-10 10:30:06 -08:00
clusterhost Introduce clusterhost package to determine whether a cluster has control plane nodes 2021-02-09 11:16:01 -08:00
concierge Use TokenCredentialRequest instead of base64 token with impersonator 2021-03-10 10:30:06 -08:00
config Use TokenCredentialRequest instead of base64 token with impersonator 2021-03-10 10:30:06 -08:00
constable Save 2 lines by using inline-style comments for Copyright 2020-09-16 10:35:19 -04:00
controller Use TokenCredentialRequest instead of base64 token with impersonator 2021-03-10 10:30:06 -08:00
controllerlib Allow multiple Pinnipeds to work on same cluster 2021-02-02 15:18:41 -08:00
controllermanager Use TokenCredentialRequest instead of base64 token with impersonator 2021-03-10 10:30:06 -08:00
crud Supervisor storage garbage collection controller enabled in production 2020-12-11 15:21:34 -08:00
deploymentref Use API service as owner ref for cluster scoped resources 2021-02-10 21:52:08 -05:00
downward internal/downward: add support for (optional) pod name 2020-12-11 11:49:27 -05:00
dynamiccert Use TokenCredentialRequest instead of base64 token with impersonator 2021-03-10 10:30:06 -08:00
fositestorage Update ExpectedAuthorizeCodeSessionJSONFromFuzzing. 2020-12-17 16:31:08 -06:00
groupsuffix Add WhoAmIRequest Aggregated Virtual REST API 2021-02-22 20:02:41 -05:00
here Save 2 lines by using inline-style comments for Copyright 2020-09-16 10:35:19 -04:00
httputil All controller unit tests should not cancel context until test is over 2021-03-04 17:26:01 -08:00
issuer Use TokenCredentialRequest instead of base64 token with impersonator 2021-03-10 10:30:06 -08:00
kubeclient Add WhoAmIRequest Aggregated Virtual REST API 2021-02-22 20:02:41 -05:00
mocks Regenerate gomock mocks with v1.5.0. 2021-03-01 11:44:27 -06:00
oidc oidc discovery: encode metadata once and reuse 2021-03-03 13:37:43 -05:00
ownerref internal/groupsuffix: mutate TokenCredentialRequest's Authenticator 2021-02-10 15:53:44 -05:00
plog internal/plog: add KObj() and KRef() 2021-02-10 14:25:39 -05:00
registry Use TokenCredentialRequest instead of base64 token with impersonator 2021-03-10 10:30:06 -08:00
secret All controller unit tests should not cancel context until test is over 2021-03-04 17:26:01 -08:00
testutil Use TokenCredentialRequest instead of base64 token with impersonator 2021-03-10 10:30:06 -08:00
upstreamoidc Upgrade to github.com/coreos/go-oidc v3.0.0. 2021-01-21 12:08:14 -06:00