feat: kubesphere 4.0 (#6115)
* feat: kubesphere 4.0 Signed-off-by: ci-bot <ci-bot@kubesphere.io> * feat: kubesphere 4.0 Signed-off-by: ci-bot <ci-bot@kubesphere.io> --------- Signed-off-by: ci-bot <ci-bot@kubesphere.io> Co-authored-by: ks-ci-bot <ks-ci-bot@example.com> Co-authored-by: joyceliu <joyceliu@yunify.com>
This commit is contained in:
KubeSphere CI Bot
committed by
GitHub
GitHub
parent
b5015ec7b9
commit
447a51f08b
66
pkg/utils/serviceaccount/serviceaccount_util.go
Normal file
66
pkg/utils/serviceaccount/serviceaccount_util.go
Normal file
@@ -0,0 +1,66 @@
|
||||
/*
|
||||
* Please refer to the LICENSE file in the root directory of the project.
|
||||
* https://github.com/kubesphere/kubesphere/blob/master/LICENSE
|
||||
*/
|
||||
|
||||
package serviceaccount
|
||||
|
||||
import (
|
||||
"strings"
|
||||
|
||||
"k8s.io/apiserver/pkg/authentication/user"
|
||||
corev1alpha1 "kubesphere.io/api/core/v1alpha1"
|
||||
)
|
||||
|
||||
func IsServiceAccountToken(subjectName string) bool {
|
||||
if !strings.HasPrefix(subjectName, corev1alpha1.ServiceAccountTokenPrefix) {
|
||||
return false
|
||||
}
|
||||
split := strings.Split(subjectName, ":")
|
||||
|
||||
return len(split) == 4
|
||||
}
|
||||
|
||||
func GetSecretName(info user.Info) (name, namespace string) {
|
||||
extra := info.GetExtra()
|
||||
if value, ok := extra[corev1alpha1.ServiceAccountTokenExtraSecretName]; ok {
|
||||
name = value[0]
|
||||
}
|
||||
|
||||
if value, ok := extra[corev1alpha1.ServiceAccountTokenExtraSecretNamespace]; ok {
|
||||
namespace = value[0]
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
func SplitUsername(username string) (name, namespace string) {
|
||||
if !strings.HasPrefix(username, corev1alpha1.ServiceAccountTokenPrefix) {
|
||||
return "", ""
|
||||
}
|
||||
split := strings.Split(username, ":")
|
||||
if len(split) != 4 {
|
||||
return "", ""
|
||||
}
|
||||
return split[3], split[2]
|
||||
}
|
||||
|
||||
// MatchesUsername checks whether the provided username matches the namespace and name without
|
||||
// allocating. Use this when checking a service account namespace and name against a known string.
|
||||
func MatchesUsername(namespace, name string, username string) bool {
|
||||
if !strings.HasPrefix(username, corev1alpha1.ServiceAccountTokenPrefix) {
|
||||
return false
|
||||
}
|
||||
username = username[len(corev1alpha1.ServiceAccountTokenPrefix):]
|
||||
|
||||
if !strings.HasPrefix(username, namespace) {
|
||||
return false
|
||||
}
|
||||
username = username[len(namespace):]
|
||||
|
||||
if !strings.HasPrefix(username, ":") {
|
||||
return false
|
||||
}
|
||||
username = username[len(":"):]
|
||||
|
||||
return username == name
|
||||
}
|
||||
Reference in New Issue
Block a user