Currently, token manager use keyFunc like: fmt.Sprintf("%q/%q/%#v", name, namespace, tr.Spec).

Since tr.Spec contains point fields, new token request would not reuse the cache at all. This patch fix this, also adds unit test. Signed-off-by: Mike Danese <mikedanese@google.com>
2018-08-31 16:04:02 +08:00
parent e5f55dd9d0
commit 794e665d7b
2 changed files with 201 additions and 6 deletions
--- a/pkg/kubelet/token/token_manager.go
+++ b/pkg/kubelet/token/token_manager.go
@@ -74,6 +74,7 @@ type Manager struct {
 // * If refresh fails and the old token is no longer valid, return an error
 func (m *Manager) GetServiceAccountToken(namespace, name string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error) {
 	key := keyFunc(name, namespace, tr)
+
 	ctr, ok := m.get(key)

 	if ok && !m.requiresRefresh(ctr) {
@@ -147,5 +148,15 @@ func (m *Manager) requiresRefresh(tr *authenticationv1.TokenRequest) bool {

 // keys should be nonconfidential and safe to log
 func keyFunc(name, namespace string, tr *authenticationv1.TokenRequest) string {
-	return fmt.Sprintf("%q/%q/%#v", name, namespace, tr.Spec)
+	var exp int64
+	if tr.Spec.ExpirationSeconds != nil {
+		exp = *tr.Spec.ExpirationSeconds
+	}
+
+	var ref authenticationv1.BoundObjectReference
+	if tr.Spec.BoundObjectRef != nil {
+		ref = *tr.Spec.BoundObjectRef
+	}
+
+	return fmt.Sprintf("%q/%q/%#v/%#v/%#v", name, namespace, tr.Spec.Audiences, exp, ref)
 }