From 031075d149ca12dd66c16cc80d88d38086c2bbae Mon Sep 17 00:00:00 2001 From: Max Goltzsche Date: Thu, 2 Mar 2023 02:47:23 +0100 Subject: [PATCH] check jwt timestamp for zero value Co-authored-by: Jordan Liggitt --- pkg/serviceaccount/claims.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/serviceaccount/claims.go b/pkg/serviceaccount/claims.go index 19d92ab37ea..a6889d28293 100644 --- a/pkg/serviceaccount/claims.go +++ b/pkg/serviceaccount/claims.go @@ -198,7 +198,7 @@ func (v *validator) Validate(ctx context.Context, _ string, public *jwt.Claims, // Check special 'warnafter' field for projected service account token transition. warnafter := private.Kubernetes.WarnAfter - if warnafter != nil { + if warnafter != nil && *warnafter != 0 { if nowTime.After(warnafter.Time()) { secondsAfterWarn := nowTime.Unix() - warnafter.Time().Unix() auditInfo := fmt.Sprintf("subject: %s, seconds after warning threshold: %d", public.Subject, secondsAfterWarn)