/staging/src/k8s.io/client-go/tools/bootstrap/token/api/types.go

https://bitbucket.org/Jake-Qu/kubernetes-mirror · Go · 112 lines · 27 code · 23 blank · 62 comment · 0 complexity · fd5e7dba16928a9082e39ee653c7badf MD5 · raw file 

    

  1. /*
    2. 

  2. Copyright 2017 The Kubernetes Authors.
    3. 

    4. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

    8. 

  8.     http://www.apache.org/licenses/LICENSE-2.0
    9. 

    10. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package api
    18. 

  18. 

  19. import (
    20. 

  20. 	"k8s.io/api/core/v1"
    21. 

  21. )
    22. 

  22. 

  23. const (
    24. 

  24. 	// BootstrapTokenSecretPrefix is the prefix for bootstrap token names.
    25. 

  25. 	// Bootstrap tokens secrets must be named in the form
    26. 

  26. 	// `bootstrap-token-<token-id>`.  This is the prefix to be used before the
    27. 

  27. 	// token ID.
    28. 

  28. 	BootstrapTokenSecretPrefix = "bootstrap-token-"
    29. 

  29. 

  30. 	// SecretTypeBootstrapToken is used during the automated bootstrap process (first
    31. 

  31. 	// implemented by kubeadm). It stores tokens that are used to sign well known
    32. 

  32. 	// ConfigMaps. They may also eventually be used for authentication.
    33. 

  33. 	SecretTypeBootstrapToken v1.SecretType = "bootstrap.kubernetes.io/token"
    34. 

  34. 

  35. 	// BootstrapTokenIDKey is the id of this token. This can be transmitted in the
    36. 

  36. 	// clear and encoded in the name of the secret. It must be a random 6 character
    37. 

  37. 	// string that matches the regexp `^([a-z0-9]{6})$`. Required.
    38. 

  38. 	BootstrapTokenIDKey = "token-id"
    39. 

  39. 

  40. 	// BootstrapTokenSecretKey is the actual secret. It must be a random 16 character
    41. 

  41. 	// string that matches the regexp `^([a-z0-9]{16})$`. Required.
    42. 

  42. 	BootstrapTokenSecretKey = "token-secret"
    43. 

  43. 

  44. 	// BootstrapTokenExpirationKey is when this token should be expired and no
    45. 

  45. 	// longer used. A controller will delete this resource after this time. This
    46. 

  46. 	// is an absolute UTC time using RFC3339. If this cannot be parsed, the token
    47. 

  47. 	// should be considered invalid. Optional.
    48. 

  48. 	BootstrapTokenExpirationKey = "expiration"
    49. 

  49. 

  50. 	// BootstrapTokenDescriptionKey is a description in human-readable format that
    51. 

  51. 	// describes what the bootstrap token is used for. Optional.
    52. 

  52. 	BootstrapTokenDescriptionKey = "description"
    53. 

  53. 

  54. 	// BootstrapTokenExtraGroupsKey is a comma-separated list of group names.
    55. 

  55. 	// The  bootstrap token will authenticate as these groups in addition to the
    56. 

  56. 	// "system:bootstrappers" group.
    57. 

  57. 	BootstrapTokenExtraGroupsKey = "auth-extra-groups"
    58. 

  58. 

  59. 	// BootstrapTokenUsagePrefix is the prefix for the other usage constants that specifies different
    60. 

  60. 	// functions of a bootstrap token
    61. 

  61. 	BootstrapTokenUsagePrefix = "usage-bootstrap-"
    62. 

  62. 

  63. 	// BootstrapTokenUsageSigningKey signals that this token should be used to
    64. 

  64. 	// sign configs as part of the bootstrap process. Value must be "true". Any
    65. 

  65. 	// other value is assumed to be false. Optional.
    66. 

  66. 	BootstrapTokenUsageSigningKey = "usage-bootstrap-signing"
    67. 

  67. 

  68. 	// BootstrapTokenUsageAuthentication signals that this token should be used
    69. 

  69. 	// as a bearer token to authenticate against the Kubernetes API. The bearer
    70. 

  70. 	// token takes the form "<token-id>.<token-secret>" and authenticates as the
    71. 

  71. 	// user "system:bootstrap:<token-id>" in the "system:bootstrappers" group
    72. 

  72. 	// as well as any groups specified using BootstrapTokenExtraGroupsKey.
    73. 

  73. 	// Value must be "true". Any other value is assumed to be false. Optional.
    74. 

  74. 	BootstrapTokenUsageAuthentication = "usage-bootstrap-authentication"
    75. 

  75. 

  76. 	// ConfigMapClusterInfo defines the name for the ConfigMap where the information how to connect and trust the cluster exist
    77. 

  77. 	ConfigMapClusterInfo = "cluster-info"
    78. 

  78. 

  79. 	// KubeConfigKey defines at which key in the Data object of the ConfigMap the KubeConfig object is stored
    80. 

  80. 	KubeConfigKey = "kubeconfig"
    81. 

  81. 

  82. 	// JWSSignatureKeyPrefix defines what key prefix the JWS-signed tokens have
    83. 

  83. 	JWSSignatureKeyPrefix = "jws-kubeconfig-"
    84. 

  84. 

  85. 	// BootstrapUserPrefix is the username prefix bootstrapping bearer tokens
    86. 

  86. 	// authenticate as. The full username given is "system:bootstrap:<token-id>".
    87. 

  87. 	BootstrapUserPrefix = "system:bootstrap:"
    88. 

  88. 

  89. 	// BootstrapDefaultGroup is the default group for bootstrapping bearer
    90. 

  90. 	// tokens (in addition to any groups from BootstrapTokenExtraGroupsKey).
    91. 

  91. 	BootstrapDefaultGroup = "system:bootstrappers"
    92. 

  92. 

  93. 	// BootstrapGroupPattern is the valid regex pattern that all groups
    94. 

  94. 	// assigned to a bootstrap token by BootstrapTokenExtraGroupsKey must match.
    95. 

  95. 	// See also util.ValidateBootstrapGroupName()
    96. 

  96. 	BootstrapGroupPattern = `\Asystem:bootstrappers:[a-z0-9:-]{0,255}[a-z0-9]\z`
    97. 

  97. 

  98. 	// BootstrapTokenPattern defines the {id}.{secret} regular expression pattern
    99. 

  99. 	BootstrapTokenPattern = `\A([a-z0-9]{6})\.([a-z0-9]{16})\z`
    100. 

  100. 

  101. 	// BootstrapTokenIDPattern defines token's id regular expression pattern
    102. 

  102. 	BootstrapTokenIDPattern = `\A([a-z0-9]{6})\z`
    103. 

  103. 

  104. 	// BootstrapTokenIDBytes defines the number of bytes used for the Bootstrap Token's ID field
    105. 

  105. 	BootstrapTokenIDBytes = 6
    106. 

  106. 

  107. 	// BootstrapTokenSecretBytes defines the number of bytes used the Bootstrap Token's Secret field
    108. 

  108. 	BootstrapTokenSecretBytes = 16
    109. 

  109. )
    110. 

  110. 

  111. // KnownTokenUsages specifies the known functions a token will get.
    112. 

  112. var KnownTokenUsages = []string{"signing", "authentication"}
    113.