const (
// LinkerdAudienceKey is the audience key used for the Linkerd token creation
// and review requests.
LinkerdAudienceKey = "identity.l5d.io"
)
func NewK8sTokenValidator(
ctx context.Context,
k8s k8s.Interface,
domain *TrustDomain,
) (identity.Validator, error)
NewK8sTokenValidator takes a kubernetes client and trust domain to create a K8sTokenValidator.
The kubernetes client is used immediately to validate that the client has sufficient privileges to perform token reviews. An error is returned if this access check fails.
K8sTokenValidator implements Validator for Kubernetes bearer tokens.
type K8sTokenValidator struct {
// contains filtered or unexported fields
}
func (k *K8sTokenValidator) Validate(ctx context.Context, tok []byte) (string, error)
Validate accepts kubernetes bearer tokens and returns a DNS-form linkerd ID.
TrustDomain is a namespace for identities.
type TrustDomain struct {
// contains filtered or unexported fields
}
func NewTrustDomain(controlNS, domain string) (*TrustDomain, error)
NewTrustDomain creates a new identity namespace.
func (d *TrustDomain) Identity(typ, nm, ns string) (string, error)
Identity formats the identity for a K8s user.