github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

promote --service-account-api-audiences to top level kube-apiserver config

Browse Source 
The service account authenticator isn't the only authenticator that
should respect API audience. The authentication config structure should
reflect that.
This commit is contained in:
Mike Danese
2018-10-22 18:01:40 -07:00
parent 1af393d58e
commit 371b1e7fed
6 changed files with 24 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
test/integration/auth/svcaccttoken_test.go
View File

@@ -27,6 +27,7 @@ import (
"time"
"gopkg.in/square/go-jose.v2/jwt"
authenticationv1 "k8s.io/api/authentication/v1"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -87,8 +88,8 @@ func TestServiceAccountTokenCreate(t *testing.T) {
t.Fatalf("err: %v", err)
}
masterConfig.ExtraConfig.ServiceAccountIssuer = tokenGenerator
masterConfig.ExtraConfig.ServiceAccountAPIAudiences = aud
masterConfig.ExtraConfig.ServiceAccountMaxExpiration = maxExpirationDuration
masterConfig.ExtraConfig.APIAudiences = aud
master, _, closeFn := framework.RunAMaster(masterConfig)
defer closeFn()