From c428098012eef1073f7e16e1dad48acebc954e95 Mon Sep 17 00:00:00 2001 From: Caleb Bron Date: Thu, 20 Feb 2020 16:03:51 -0700 Subject: [PATCH] token hashing --- config/context.go | 5 +++++ config/systemtokens/systemtokens.go | 5 +++++ user/manager.go | 4 ++-- 3 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 config/systemtokens/systemtokens.go diff --git a/config/context.go b/config/context.go index 11d8b2f6..9c8c292a 100644 --- a/config/context.go +++ b/config/context.go @@ -29,6 +29,7 @@ import ( rbacv1 "github.com/rancher/types/apis/rbac.authorization.k8s.io/v1" storagev1 "github.com/rancher/types/apis/storage.k8s.io/v1" "github.com/rancher/types/config/dialer" + "github.com/rancher/types/config/systemtokens" "github.com/rancher/types/peermanager" "github.com/rancher/types/user" "github.com/rancher/wrangler-api/pkg/generated/controllers/rbac" @@ -57,6 +58,7 @@ type ScaledContext struct { Schemas *types.Schemas AccessControl types.AccessControl Dialer dialer.Factory + SystemTokens systemtokens.Interface UserManager user.Manager PeerManager peermanager.PeerManager @@ -89,6 +91,8 @@ func (c *ScaledContext) NewManagementContext() (*ManagementContext, error) { } mgmt.Dialer = c.Dialer mgmt.UserManager = c.UserManager + mgmt.SystemTokens = c.SystemTokens + c.managementContext = mgmt return mgmt, nil } @@ -167,6 +171,7 @@ type ManagementContext struct { Scheme *runtime.Scheme Dialer dialer.Factory UserManager user.Manager + SystemTokens systemtokens.Interface Management managementv3.Interface Project projectv3.Interface diff --git a/config/systemtokens/systemtokens.go b/config/systemtokens/systemtokens.go new file mode 100644 index 00000000..90994330 --- /dev/null +++ b/config/systemtokens/systemtokens.go @@ -0,0 +1,5 @@ +package systemtokens + +type Interface interface { + EnsureSystemToken(name, description, kind, username string, overrideTTL *int64) (string, error) +} diff --git a/user/manager.go b/user/manager.go index 25fc1496..eaa0306d 100644 --- a/user/manager.go +++ b/user/manager.go @@ -9,8 +9,8 @@ import ( type Manager interface { SetPrincipalOnCurrentUser(apiContext *types.APIContext, principal v3.Principal) (*v3.User, error) GetUser(apiContext *types.APIContext) string - EnsureToken(tokenName, description, kind, userName string) (string, error) - EnsureClusterToken(clusterName, tokenName, description, kind, userName string) (string, error) + EnsureToken(tokenName, description, kind, userName string, ttl *int64) (string, error) + EnsureClusterToken(clusterName, tokenName, description, kind, userName string, ttl *int64) (string, error) EnsureUser(principalName, displayName string) (*v3.User, error) CheckAccess(accessMode string, allowedPrincipalIDs []string, userPrincipalID string, groups []v3.Principal) (bool, error) SetPrincipalOnCurrentUserByUserID(userID string, principal v3.Principal) (*v3.User, error)