github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 11:50:44 +00:00
Code Issues Projects Releases Wiki Activity

delegated authn: allow client CA override based on non-empty opts

Browse Source 
Signed-off-by: Monis Khan <mok@vmware.com>
This commit is contained in:
Monis Khan 2021-03-09 22:53:04 -05:00
parent f17004981b
commit 6686d8b846
No known key found for this signature in database
GPG Key ID: 52C90ADA01B269B8
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
staging/src/k8s.io/apiserver/pkg/server/options/authentication.go
View File

@ -290,16 +290,16 @@ func (s *DelegatingAuthenticationOptions) ApplyTo(authenticationInfo *server.Aut
}
// get the clientCA information
clientCAFileSpecified := len(s.ClientCert.ClientCA) > 0
clientCASpecified := s.ClientCert != ClientCertAuthenticationOptions{}
var clientCAProvider dynamiccertificates.CAContentProvider
if clientCAFileSpecified {
if clientCASpecified {
clientCAProvider, err = s.ClientCert.GetClientCAContentProvider()
if err != nil {
return fmt.Errorf("unable to load client CA file %q: %v", s.ClientCert.ClientCA, err)
return fmt.Errorf("unable to load client CA provider: %v", err)
}
cfg.ClientCertificateCAContentProvider = clientCAProvider
if err = authenticationInfo.ApplyClientCert(cfg.ClientCertificateCAContentProvider, servingInfo); err != nil {
return fmt.Errorf("unable to assign client CA file: %v", err)
return fmt.Errorf("unable to assign client CA provider: %v", err)
}
} else if !s.SkipInClusterLookup {