github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-20 10:20:51 +00:00
Code Issues Projects Releases Wiki Activity

authenticator config: use static CA reader for OIDC CA

Browse Source
This commit is contained in:
Stanislav Laznicka 2023-02-14 13:37:21 +01:00
parent fa294f3e4e
commit 4ae4266c91
No known key found for this signature in database
GPG Key ID: C98C414936B1A7F3
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/kubeapiserver/authenticator/config.go
View File

@ -19,6 +19,7 @@ package authenticator
import ( import (
"errors" "errors"
"fmt" "fmt"
"os"
"time" "time"
utilnet "k8s.io/apimachinery/pkg/util/net" utilnet "k8s.io/apimachinery/pkg/util/net"
@ -158,7 +159,7 @@ func (config Config) New() (authenticator.Request, *spec.SecurityDefinitions, er
var oidcCAContent oidc.CAContentProvider var oidcCAContent oidc.CAContentProvider
if len(config.OIDCCAFile) != 0 { if len(config.OIDCCAFile) != 0 {
var oidcCAErr error var oidcCAErr error
oidcCAContent, oidcCAErr = dynamiccertificates.NewDynamicCAContentFromFile("oidc-authenticator", config.OIDCCAFile) oidcCAContent, oidcCAErr = staticCAContentProviderFromFile("oidc-authenticator", config.OIDCCAFile)
if oidcCAErr != nil { if oidcCAErr != nil {
return nil, nil, oidcCAErr return nil, nil, oidcCAErr
} }
@ -318,3 +319,12 @@ func newWebhookTokenAuthenticator(config Config) (authenticator.Token, error) {
return tokencache.New(webhookTokenAuthenticator, false, config.WebhookTokenAuthnCacheTTL, config.WebhookTokenAuthnCacheTTL), nil return tokencache.New(webhookTokenAuthenticator, false, config.WebhookTokenAuthnCacheTTL, config.WebhookTokenAuthnCacheTTL), nil
} }
func staticCAContentProviderFromFile(purpose, filename string) (dynamiccertificates.CAContentProvider, error) {
fileBytes, err := os.ReadFile(filename)
if err != nil {
return nil, err
}
return dynamiccertificates.NewStaticCAContent(purpose, fileBytes)
}