Merge pull request #116681 from stlaz/webhook_impersonate_uid

don't ignore UID impersonation in webhook clients

staging/src/k8s.io/apiserver/pkg/util/webhook/authentication.go

@@ -243,6 +243,7 @@ func restConfigFromKubeconfig(configAuthInfo *clientcmdapi.AuthInfo) (*rest.Conf
 	if len(configAuthInfo.Impersonate) > 0 {
 		config.Impersonate = rest.ImpersonationConfig{
 			UserName: configAuthInfo.Impersonate,
+			UID:      configAuthInfo.ImpersonateUID,
 			Groups:   configAuthInfo.ImpersonateGroups,
 			Extra:    configAuthInfo.ImpersonateUserExtra,
 		}

staging/src/k8s.io/apiserver/pkg/util/webhook/authentication_test.go

@@ -64,6 +64,30 @@ func TestAuthenticationDetection(t *testing.T) {
 			},
 			expected: rest.Config{BearerToken: "foo"},
 		},
+		{
+			name:       "match with impersonation",
+			serverName: "foo.com",
+			kubeconfig: clientcmdapi.Config{
+				AuthInfos: map[string]*clientcmdapi.AuthInfo{
+					"foo.com": {
+						Token:                "foo",
+						Impersonate:          "user-a",
+						ImpersonateUID:       "user-a-uid-1111",
+						ImpersonateGroups:    []string{"user-a-group1", "user-a-group2"},
+						ImpersonateUserExtra: map[string][]string{"foo": {"bar", "baz", "etc"}},
+					},
+				},
+			},
+			expected: rest.Config{
+				BearerToken: "foo",
+				Impersonate: rest.ImpersonationConfig{
+					UserName: "user-a",
+					UID:      "user-a-uid-1111",
+					Groups:   []string{"user-a-group1", "user-a-group2"},
+					Extra:    map[string][]string{"foo": {"bar", "baz", "etc"}},
+				},
+			},
+		},
 		{
 			name:       "partial star match",
 			serverName: "foo.com",