github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-06 19:52:42 +00:00
Code Issues Projects Releases Wiki Activity

Rename pod.spec.serviceAccount -> pod.spec.serviceAccountName for v1

Browse Source
This commit is contained in:
Jordan Liggitt
2015-06-18 22:35:42 -04:00
parent d8e5225144
commit 68a8a25494
11 changed files with 34 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
plugin/pkg/admission/serviceaccount/admission.go
View File

@@ -150,7 +150,7 @@ func (s *serviceAccount) Admit(a admission.Attributes) (err error) {
// That makes the kubelet very angry and confused, and it immediately deletes the pod (because the spec doesn't match)
// That said, don't allow mirror pods to reference ServiceAccounts or SecretVolumeSources either
if _, isMirrorPod := pod.Annotations[kubelet.ConfigMirrorAnnotationKey]; isMirrorPod {
if len(pod.Spec.ServiceAccount) != 0 {
if len(pod.Spec.ServiceAccountName) != 0 {
return admission.NewForbidden(a, fmt.Errorf("A mirror pod may not reference service accounts"))
}
for _, volume := range pod.Spec.Volumes {
@@ -162,17 +162,17 @@ func (s *serviceAccount) Admit(a admission.Attributes) (err error) {
}
// Set the default service account if needed
if len(pod.Spec.ServiceAccount) == 0 {
pod.Spec.ServiceAccount = DefaultServiceAccountName
if len(pod.Spec.ServiceAccountName) == 0 {
pod.Spec.ServiceAccountName = DefaultServiceAccountName
}
// Ensure the referenced service account exists
serviceAccount, err := s.getServiceAccount(a.GetNamespace(), pod.Spec.ServiceAccount)
serviceAccount, err := s.getServiceAccount(a.GetNamespace(), pod.Spec.ServiceAccountName)
if err != nil {
return admission.NewForbidden(a, fmt.Errorf("Error looking up service account %s/%s: %v", a.GetNamespace(), pod.Spec.ServiceAccount, err))
return admission.NewForbidden(a, fmt.Errorf("Error looking up service account %s/%s: %v", a.GetNamespace(), pod.Spec.ServiceAccountName, err))
}
if serviceAccount == nil {
return admission.NewForbidden(a, fmt.Errorf("Missing service account %s/%s: %v", a.GetNamespace(), pod.Spec.ServiceAccount, err))
return admission.NewForbidden(a, fmt.Errorf("Missing service account %s/%s: %v", a.GetNamespace(), pod.Spec.ServiceAccountName, err))
}
if s.LimitSecretReferences {

18
plugin/pkg/admission/serviceaccount/admission_test.go
View File

@@ -93,7 +93,7 @@ func TestRejectsMirrorPodWithServiceAccount(t *testing.T) {
},
},
Spec: api.PodSpec{
ServiceAccount: "default",
ServiceAccountName: "default",
},
}
attrs := admission.NewAttributesRecord(pod, "Pod", "myns", string(api.ResourcePods), admission.Create, nil)
@@ -143,8 +143,8 @@ func TestAssignsDefaultServiceAccountAndToleratesMissingAPIToken(t *testing.T) {
if err != nil {
t.Errorf("Unexpected error: %v", err)
}
if pod.Spec.ServiceAccount != DefaultServiceAccountName {
t.Errorf("Expected service account %s assigned, got %s", DefaultServiceAccountName, pod.Spec.ServiceAccount)
if pod.Spec.ServiceAccountName != DefaultServiceAccountName {
t.Errorf("Expected service account %s assigned, got %s", DefaultServiceAccountName, pod.Spec.ServiceAccountName)
}
}
@@ -167,8 +167,8 @@ func TestFetchesUncachedServiceAccount(t *testing.T) {
if err != nil {
t.Errorf("Unexpected error: %v", err)
}
if pod.Spec.ServiceAccount != DefaultServiceAccountName {
t.Errorf("Expected service account %s assigned, got %s", DefaultServiceAccountName, pod.Spec.ServiceAccount)
if pod.Spec.ServiceAccountName != DefaultServiceAccountName {
t.Errorf("Expected service account %s assigned, got %s", DefaultServiceAccountName, pod.Spec.ServiceAccountName)
}
}
@@ -248,8 +248,8 @@ func TestAutomountsAPIToken(t *testing.T) {
if err != nil {
t.Errorf("Unexpected error: %v", err)
}
if pod.Spec.ServiceAccount != DefaultServiceAccountName {
t.Errorf("Expected service account %s assigned, got %s", DefaultServiceAccountName, pod.Spec.ServiceAccount)
if pod.Spec.ServiceAccountName != DefaultServiceAccountName {
t.Errorf("Expected service account %s assigned, got %s", DefaultServiceAccountName, pod.Spec.ServiceAccountName)
}
if len(pod.Spec.Volumes) != 1 {
t.Fatalf("Expected 1 volume, got %d", len(pod.Spec.Volumes))
@@ -326,8 +326,8 @@ func TestRespectsExistingMount(t *testing.T) {
if err != nil {
t.Errorf("Unexpected error: %v", err)
}
if pod.Spec.ServiceAccount != DefaultServiceAccountName {
t.Errorf("Expected service account %s assigned, got %s", DefaultServiceAccountName, pod.Spec.ServiceAccount)
if pod.Spec.ServiceAccountName != DefaultServiceAccountName {
t.Errorf("Expected service account %s assigned, got %s", DefaultServiceAccountName, pod.Spec.ServiceAccountName)
}
if len(pod.Spec.Volumes) != 0 {
t.Fatalf("Expected 0 volumes (shouldn't create a volume for a secret we don't need), got %d", len(pod.Spec.Volumes))