options/authentication: fix serviceaccount TokenGetter with ServiceAccountTokenNodeBindingValidation
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
This commit is contained in:
Dr. Stefan Schimanski
@@ -676,15 +676,15 @@ func (o *BuiltInAuthenticationOptions) ApplyTo(
|
|||||||
authInfo.APIAudiences = authenticator.Audiences(o.ServiceAccounts.Issuers)
|
authInfo.APIAudiences = authenticator.Audiences(o.ServiceAccounts.Issuers)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If the optional token getter function is set, use it. Otherwise, use the default token getter.
|
||||||
|
if o.ServiceAccounts != nil && o.ServiceAccounts.OptionalTokenGetter != nil {
|
||||||
|
authenticatorConfig.ServiceAccountTokenGetter = o.ServiceAccounts.OptionalTokenGetter(versionedInformer)
|
||||||
|
} else {
|
||||||
var nodeLister v1listers.NodeLister
|
var nodeLister v1listers.NodeLister
|
||||||
if utilfeature.DefaultFeatureGate.Enabled(features.ServiceAccountTokenNodeBindingValidation) {
|
if utilfeature.DefaultFeatureGate.Enabled(features.ServiceAccountTokenNodeBindingValidation) {
|
||||||
nodeLister = versionedInformer.Core().V1().Nodes().Lister()
|
nodeLister = versionedInformer.Core().V1().Nodes().Lister()
|
||||||
}
|
}
|
||||||
|
|
||||||
// If the optional token getter function is set, use it. Otherwise, use the default token getter.
|
|
||||||
if o.ServiceAccounts != nil && o.ServiceAccounts.OptionalTokenGetter != nil {
|
|
||||||
authenticatorConfig.ServiceAccountTokenGetter = o.ServiceAccounts.OptionalTokenGetter(versionedInformer)
|
|
||||||
} else {
|
|
||||||
authenticatorConfig.ServiceAccountTokenGetter = serviceaccountcontroller.NewGetterFromClient(
|
authenticatorConfig.ServiceAccountTokenGetter = serviceaccountcontroller.NewGetterFromClient(
|
||||||
extclient,
|
extclient,
|
||||||
versionedInformer.Core().V1().Secrets().Lister(),
|
versionedInformer.Core().V1().Secrets().Lister(),
|
||||||
|
|||||||
Reference in New Issue
Block a user