vendor/k8s.io/kubernetes/staging/src/k8s.io/cluster-bootstrap/token/api/types.go - cloudstack-kubernetes-provider - Git at Google

 /*
 Copyright 2017 The Kubernetes Authors.

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at

     http://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */

 package api

 import (
 	"k8s.io/api/core/v1"
 )

 const (
 	// BootstrapTokenSecretPrefix is the prefix for bootstrap token names.
 	// Bootstrap tokens secrets must be named in the form
 	// `bootstrap-token-<token-id>`.  This is the prefix to be used before the
 	// token ID.
 	BootstrapTokenSecretPrefix = "bootstrap-token-"

 	// SecretTypeBootstrapToken is used during the automated bootstrap process (first
 	// implemented by kubeadm). It stores tokens that are used to sign well known
 	// ConfigMaps. They may also eventually be used for authentication.
 	SecretTypeBootstrapToken v1.SecretType = "bootstrap.kubernetes.io/token"

 	// BootstrapTokenIDKey is the id of this token. This can be transmitted in the
 	// clear and encoded in the name of the secret. It must be a random 6 character
 	// string that matches the regexp `^([a-z0-9]{6})$`. Required.
 	BootstrapTokenIDKey = "token-id"

 	// BootstrapTokenSecretKey is the actual secret. It must be a random 16 character
 	// string that matches the regexp `^([a-z0-9]{16})$`. Required.
 	BootstrapTokenSecretKey = "token-secret"

 	// BootstrapTokenExpirationKey is when this token should be expired and no
 	// longer used. A controller will delete this resource after this time. This
 	// is an absolute UTC time using RFC3339. If this cannot be parsed, the token
 	// should be considered invalid. Optional.
 	BootstrapTokenExpirationKey = "expiration"

 	// BootstrapTokenDescriptionKey is a description in human-readable format that
 	// describes what the bootstrap token is used for. Optional.
 	BootstrapTokenDescriptionKey = "description"

 	// BootstrapTokenExtraGroupsKey is a comma-separated list of group names.
 	// The  bootstrap token will authenticate as these groups in addition to the
 	// "system:bootstrappers" group.
 	BootstrapTokenExtraGroupsKey = "auth-extra-groups"

 	// BootstrapTokenUsagePrefix is the prefix for the other usage constants that specifies different
 	// functions of a bootstrap token
 	BootstrapTokenUsagePrefix = "usage-bootstrap-"

 	// BootstrapTokenUsageSigningKey signals that this token should be used to
 	// sign configs as part of the bootstrap process. Value must be "true". Any
 	// other value is assumed to be false. Optional.
 	BootstrapTokenUsageSigningKey = "usage-bootstrap-signing"

 	// BootstrapTokenUsageAuthentication signals that this token should be used
 	// as a bearer token to authenticate against the Kubernetes API. The bearer
 	// token takes the form "<token-id>.<token-secret>" and authenticates as the
 	// user "system:bootstrap:<token-id>" in the "system:bootstrappers" group
 	// as well as any groups specified using BootstrapTokenExtraGroupsKey.
 	// Value must be "true". Any other value is assumed to be false. Optional.
 	BootstrapTokenUsageAuthentication = "usage-bootstrap-authentication"

 	// ConfigMapClusterInfo defines the name for the ConfigMap where the information how to connect and trust the cluster exist
 	ConfigMapClusterInfo = "cluster-info"

 	// KubeConfigKey defines at which key in the Data object of the ConfigMap the KubeConfig object is stored
 	KubeConfigKey = "kubeconfig"

 	// JWSSignatureKeyPrefix defines what key prefix the JWS-signed tokens have
 	JWSSignatureKeyPrefix = "jws-kubeconfig-"

 	// BootstrapUserPrefix is the username prefix bootstrapping bearer tokens
 	// authenticate as. The full username given is "system:bootstrap:<token-id>".
 	BootstrapUserPrefix = "system:bootstrap:"

 	// BootstrapDefaultGroup is the default group for bootstrapping bearer
 	// tokens (in addition to any groups from BootstrapTokenExtraGroupsKey).
 	BootstrapDefaultGroup = "system:bootstrappers"

 	// BootstrapGroupPattern is the valid regex pattern that all groups
 	// assigned to a bootstrap token by BootstrapTokenExtraGroupsKey must match.
 	// See also util.ValidateBootstrapGroupName()
 	BootstrapGroupPattern = `\Asystem:bootstrappers:[a-z0-9:-]{0,255}[a-z0-9]\z`

 	// BootstrapTokenPattern defines the {id}.{secret} regular expression pattern
 	BootstrapTokenPattern = `\A([a-z0-9]{6})\.([a-z0-9]{16})\z`

 	// BootstrapTokenIDPattern defines token's id regular expression pattern
 	BootstrapTokenIDPattern = `\A([a-z0-9]{6})\z`

 	// BootstrapTokenIDBytes defines the number of bytes used for the Bootstrap Token's ID field
 	BootstrapTokenIDBytes = 6

 	// BootstrapTokenSecretBytes defines the number of bytes used the Bootstrap Token's Secret field
 	BootstrapTokenSecretBytes = 16
 )

 // KnownTokenUsages specifies the known functions a token will get.
 var KnownTokenUsages = []string{"signing", "authentication"}
	/*
	Copyright 2017 The Kubernetes Authors.

	Licensed under the Apache License, Version 2.0 (the "License");
	you may not use this file except in compliance with the License.
	You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	*/

	package api

	import (
	"k8s.io/api/core/v1"
	)

	const (
	// BootstrapTokenSecretPrefix is the prefix for bootstrap token names.
	// Bootstrap tokens secrets must be named in the form
	// `bootstrap-token-<token-id>`. This is the prefix to be used before the
	// token ID.
	BootstrapTokenSecretPrefix = "bootstrap-token-"

	// SecretTypeBootstrapToken is used during the automated bootstrap process (first
	// implemented by kubeadm). It stores tokens that are used to sign well known
	// ConfigMaps. They may also eventually be used for authentication.
	SecretTypeBootstrapToken v1.SecretType = "bootstrap.kubernetes.io/token"

	// BootstrapTokenIDKey is the id of this token. This can be transmitted in the
	// clear and encoded in the name of the secret. It must be a random 6 character
	// string that matches the regexp `^([a-z0-9]{6})$`. Required.
	BootstrapTokenIDKey = "token-id"

	// BootstrapTokenSecretKey is the actual secret. It must be a random 16 character
	// string that matches the regexp `^([a-z0-9]{16})$`. Required.
	BootstrapTokenSecretKey = "token-secret"

	// BootstrapTokenExpirationKey is when this token should be expired and no
	// longer used. A controller will delete this resource after this time. This
	// is an absolute UTC time using RFC3339. If this cannot be parsed, the token
	// should be considered invalid. Optional.
	BootstrapTokenExpirationKey = "expiration"

	// BootstrapTokenDescriptionKey is a description in human-readable format that
	// describes what the bootstrap token is used for. Optional.
	BootstrapTokenDescriptionKey = "description"

	// BootstrapTokenExtraGroupsKey is a comma-separated list of group names.
	// The bootstrap token will authenticate as these groups in addition to the
	// "system:bootstrappers" group.
	BootstrapTokenExtraGroupsKey = "auth-extra-groups"

	// BootstrapTokenUsagePrefix is the prefix for the other usage constants that specifies different
	// functions of a bootstrap token
	BootstrapTokenUsagePrefix = "usage-bootstrap-"

	// BootstrapTokenUsageSigningKey signals that this token should be used to
	// sign configs as part of the bootstrap process. Value must be "true". Any
	// other value is assumed to be false. Optional.
	BootstrapTokenUsageSigningKey = "usage-bootstrap-signing"

	// BootstrapTokenUsageAuthentication signals that this token should be used
	// as a bearer token to authenticate against the Kubernetes API. The bearer
	// token takes the form "<token-id>.<token-secret>" and authenticates as the
	// user "system:bootstrap:<token-id>" in the "system:bootstrappers" group
	// as well as any groups specified using BootstrapTokenExtraGroupsKey.
	// Value must be "true". Any other value is assumed to be false. Optional.
	BootstrapTokenUsageAuthentication = "usage-bootstrap-authentication"

	// ConfigMapClusterInfo defines the name for the ConfigMap where the information how to connect and trust the cluster exist
	ConfigMapClusterInfo = "cluster-info"

	// KubeConfigKey defines at which key in the Data object of the ConfigMap the KubeConfig object is stored
	KubeConfigKey = "kubeconfig"

	// JWSSignatureKeyPrefix defines what key prefix the JWS-signed tokens have
	JWSSignatureKeyPrefix = "jws-kubeconfig-"

	// BootstrapUserPrefix is the username prefix bootstrapping bearer tokens
	// authenticate as. The full username given is "system:bootstrap:<token-id>".
	BootstrapUserPrefix = "system:bootstrap:"

	// BootstrapDefaultGroup is the default group for bootstrapping bearer
	// tokens (in addition to any groups from BootstrapTokenExtraGroupsKey).
	BootstrapDefaultGroup = "system:bootstrappers"

	// BootstrapGroupPattern is the valid regex pattern that all groups
	// assigned to a bootstrap token by BootstrapTokenExtraGroupsKey must match.
	// See also util.ValidateBootstrapGroupName()
	BootstrapGroupPattern = `\Asystem:bootstrappers:[a-z0-9:-]{0,255}[a-z0-9]\z`

	// BootstrapTokenPattern defines the {id}.{secret} regular expression pattern
	BootstrapTokenPattern = `\A([a-z0-9]{6})\.([a-z0-9]{16})\z`

	// BootstrapTokenIDPattern defines token's id regular expression pattern
	BootstrapTokenIDPattern = `\A([a-z0-9]{6})\z`

	// BootstrapTokenIDBytes defines the number of bytes used for the Bootstrap Token's ID field
	BootstrapTokenIDBytes = 6

	// BootstrapTokenSecretBytes defines the number of bytes used the Bootstrap Token's Secret field
	BootstrapTokenSecretBytes = 16
	)

	// KnownTokenUsages specifies the known functions a token will get.
	var KnownTokenUsages = []string{"signing", "authentication"}