allow multiple of --service-account-issuer

2025-09-03 02:07:38 +00:00 · 2021-04-15 09:50:43 -07:00
parent 4925cb66c9
commit 925900317e
18 changed files with 267 additions and 72 deletions
--- a/test/integration/auth/dynamic_client_test.go
+++ b/test/integration/auth/dynamic_client_test.go
@@ -69,7 +69,7 @@ func TestDynamicClientBuilder(t *testing.T) {
 			if opts.Authentication.ServiceAccounts == nil {
 				opts.Authentication.ServiceAccounts = &kubeoptions.ServiceAccountAuthenticationOptions{}
 			}
-			opts.Authentication.ServiceAccounts.Issuer = iss
+			opts.Authentication.ServiceAccounts.Issuers = []string{iss}
 			opts.Authentication.ServiceAccounts.KeyFiles = []string{tmpfile.Name()}
 		},
 		ModifyServerConfig: func(config *controlplane.Config) {
--- a/test/integration/auth/svcaccttoken_test.go
+++ b/test/integration/auth/svcaccttoken_test.go
@@ -54,6 +54,7 @@ import (
 	"k8s.io/kubernetes/test/integration/framework"
 )

+// This key is for testing purposes only and is not considered secure.
 const ecdsaPrivateKey = `-----BEGIN EC PRIVATE KEY-----
 MHcCAQEEIEZmTmUhuanLjPA2CLquXivuwBDHTt5XYwgIr/kA1LtRoAoGCCqGSM49
 AwEHoUQDQgAEH6cuzP8XuD5wal6wf9M6xDljTOPLX2i8uIp/C/ASqiIGUeeKQtX0
@@ -87,7 +88,7 @@ func TestServiceAccountTokenCreate(t *testing.T) {
 	masterConfig.GenericConfig.Authentication.APIAudiences = aud
 	masterConfig.GenericConfig.Authentication.Authenticator = bearertoken.New(
 		serviceaccount.JWTTokenAuthenticator(
-			iss,
+			[]string{iss},
 			[]interface{}{&pk},
 			aud,
 			serviceaccount.NewValidator(serviceaccountgetter.NewGetterFromClient(