github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-17 07:03:31 +00:00
Code Issues Projects Releases Wiki Activity

add helper methods for SA token secret checks

Browse Source
This commit is contained in:
deads2k
2015-09-16 16:04:26 -04:00
parent e83bf49f86
commit 32a495acb6
3 changed files with 57 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
plugin/pkg/admission/serviceaccount/admission.go
View File

@@ -27,6 +27,7 @@ import (
"k8s.io/kubernetes/pkg/api/errors"
"k8s.io/kubernetes/pkg/client/cache"
client "k8s.io/kubernetes/pkg/client/unversioned"
"k8s.io/kubernetes/pkg/controller/serviceaccount"
"k8s.io/kubernetes/pkg/fields"
"k8s.io/kubernetes/pkg/kubelet"
"k8s.io/kubernetes/pkg/labels"
@@ -273,20 +274,10 @@ func (s *serviceAccount) getServiceAccountTokens(serviceAccount *api.ServiceAcco
tokens := []*api.Secret{}
for _, obj := range index {
token := obj.(*api.Secret)
if token.Type != api.SecretTypeServiceAccountToken {
continue
if serviceaccount.IsServiceAccountToken(token, serviceAccount) {
tokens = append(tokens, token)
}
name := token.Annotations[api.ServiceAccountNameKey]
uid := token.Annotations[api.ServiceAccountUIDKey]
if name != serviceAccount.Name {
// Name must match
continue
}
if len(uid) > 0 && uid != string(serviceAccount.UID) {
// If UID is set, it must match
continue
}
tokens = append(tokens, token)
}
return tokens, nil
}