Merge pull request #1104 from cbron/token-hashing

Token Hashing
2025-06-21 11:21:54 +00:00 · 2020-03-02 19:53:39 -07:00 · 2020-03-02 19:53:39 -07:00 · b56ddaf96b
commit b56ddaf96b
parent da0de2cf9d c428098012
3 changed files with 12 additions and 2 deletions
--- a/config/context.go
+++ b/config/context.go
@ -29,6 +29,7 @@ import (
 	rbacv1 "github.com/rancher/types/apis/rbac.authorization.k8s.io/v1"
 	storagev1 "github.com/rancher/types/apis/storage.k8s.io/v1"
 	"github.com/rancher/types/config/dialer"
+	"github.com/rancher/types/config/systemtokens"
 	"github.com/rancher/types/peermanager"
 	"github.com/rancher/types/user"
 	"github.com/rancher/wrangler-api/pkg/generated/controllers/rbac"
@ -57,6 +58,7 @@ type ScaledContext struct {
 	Schemas           *types.Schemas
 	AccessControl     types.AccessControl
 	Dialer            dialer.Factory
+	SystemTokens      systemtokens.Interface
 	UserManager       user.Manager
 	PeerManager       peermanager.PeerManager

@ -89,6 +91,8 @@ func (c *ScaledContext) NewManagementContext() (*ManagementContext, error) {
 	}
 	mgmt.Dialer = c.Dialer
 	mgmt.UserManager = c.UserManager
+	mgmt.SystemTokens = c.SystemTokens
+
 	c.managementContext = mgmt
 	return mgmt, nil
 }
@ -167,6 +171,7 @@ type ManagementContext struct {
 	Scheme            *runtime.Scheme
 	Dialer            dialer.Factory
 	UserManager       user.Manager
+	SystemTokens      systemtokens.Interface

 	Management managementv3.Interface
 	Project    projectv3.Interface
--- a/config/systemtokens/systemtokens.go
+++ b/config/systemtokens/systemtokens.go
@ -0,0 +1,5 @@
+package systemtokens
+
+type Interface interface {
+	EnsureSystemToken(name, description, kind, username string, overrideTTL *int64) (string, error)
+}
--- a/user/manager.go
+++ b/user/manager.go
@ -9,8 +9,8 @@ import (
 type Manager interface {
 	SetPrincipalOnCurrentUser(apiContext *types.APIContext, principal v3.Principal) (*v3.User, error)
 	GetUser(apiContext *types.APIContext) string
-	EnsureToken(tokenName, description, kind, userName string) (string, error)
-	EnsureClusterToken(clusterName, tokenName, description, kind, userName string) (string, error)
+	EnsureToken(tokenName, description, kind, userName string, ttl *int64) (string, error)
+	EnsureClusterToken(clusterName, tokenName, description, kind, userName string, ttl *int64) (string, error)
 	EnsureUser(principalName, displayName string) (*v3.User, error)
 	CheckAccess(accessMode string, allowedPrincipalIDs []string, userPrincipalID string, groups []v3.Principal) (bool, error)
 	SetPrincipalOnCurrentUserByUserID(userID string, principal v3.Principal) (*v3.User, error)