svcacct: move claim generation out of TokenGenerator

2025-09-23 02:47:57 +00:00 · 2018-02-05 20:07:50 -08:00
parent c02b784b76
commit 7d74c35963
7 changed files with 71 additions and 36 deletions
--- a/pkg/controller/serviceaccount/BUILD
+++ b/pkg/controller/serviceaccount/BUILD
@@ -58,6 +58,7 @@ go_test(
        "//pkg/controller:go_default_library",
        "//vendor/github.com/davecgh/go-spew/spew:go_default_library",
        "//vendor/github.com/golang/glog:go_default_library",
+        "//vendor/gopkg.in/square/go-jose.v2/jwt:go_default_library",
        "//vendor/k8s.io/api/core/v1:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
--- a/pkg/controller/serviceaccount/tokens_controller.go
+++ b/pkg/controller/serviceaccount/tokens_controller.go
@@ -395,7 +395,7 @@ func (e *TokensController) ensureReferencedToken(serviceAccount *v1.ServiceAccou
 	}

 	// Generate the token
-	token, err := e.token.GenerateToken(*serviceAccount, *secret)
+	token, err := e.token.GenerateToken(serviceaccount.LegacyClaims(*serviceAccount, *secret))
 	if err != nil {
 		// retriable error
 		return true, err
@@ -551,7 +551,7 @@ func (e *TokensController) generateTokenIfNeeded(serviceAccount *v1.ServiceAccou

 	// Generate the token
 	if needsToken {
-		token, err := e.token.GenerateToken(*serviceAccount, *liveSecret)
+		token, err := e.token.GenerateToken(serviceaccount.LegacyClaims(*serviceAccount, *liveSecret))
 		if err != nil {
 			return false, err
 		}
--- a/pkg/controller/serviceaccount/tokens_controller_test.go
+++ b/pkg/controller/serviceaccount/tokens_controller_test.go
@@ -24,6 +24,7 @@ import (

 	"github.com/davecgh/go-spew/spew"
 	"github.com/golang/glog"
+	"gopkg.in/square/go-jose.v2/jwt"

 	"k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -39,15 +40,11 @@ import (
 )

 type testGenerator struct {
-	GeneratedServiceAccounts []v1.ServiceAccount
-	GeneratedSecrets         []v1.Secret
-	Token                    string
-	Err                      error
+	Token string
+	Err   error
 }

-func (t *testGenerator) GenerateToken(serviceAccount v1.ServiceAccount, secret v1.Secret) (string, error) {
-	t.GeneratedSecrets = append(t.GeneratedSecrets, secret)
-	t.GeneratedServiceAccounts = append(t.GeneratedServiceAccounts, serviceAccount)
+func (t *testGenerator) GenerateToken(sc *jwt.Claims, pc interface{}) (string, error) {
 	return t.Token, t.Err
 }