Merge pull request #114523 from zshihang/token

graduate LegacyServiceAccountTokenTracking to beta
2025-09-20 09:33:52 +00:00 · 2023-01-18 07:12:33 -08:00
parent d3f881f750 e878bc17e6
commit 4b2b4e19cc
4 changed files with 26 additions and 5 deletions
--- a/pkg/kubeapiserver/authenticator/config.go
+++ b/pkg/kubeapiserver/authenticator/config.go
@@ -18,6 +18,7 @@ package authenticator

 import (
 	"errors"
+	"fmt"
 	"time"

 	utilnet "k8s.io/apimachinery/pkg/util/net"
@@ -277,8 +278,12 @@ func newLegacyServiceAccountAuthenticator(keyfiles []string, lookup bool, apiAud
 		}
 		allPublicKeys = append(allPublicKeys, publicKeys...)
 	}
+	validator, err := serviceaccount.NewLegacyValidator(lookup, serviceAccountGetter, secretsWriter)
+	if err != nil {
+		return nil, fmt.Errorf("while creating legacy validator, err: %w", err)
+	}

-	tokenAuthenticator := serviceaccount.JWTTokenAuthenticator([]string{serviceaccount.LegacyIssuer}, allPublicKeys, apiAudiences, serviceaccount.NewLegacyValidator(lookup, serviceAccountGetter, secretsWriter))
+	tokenAuthenticator := serviceaccount.JWTTokenAuthenticator([]string{serviceaccount.LegacyIssuer}, allPublicKeys, apiAudiences, validator)
 	return tokenAuthenticator, nil
 }