github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-26 13:07:07 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #100055 from enj/enj/i/delegated_authn_client_ca

Browse Source 
delegated authn: allow client CA override based on non-empty opts
This commit is contained in:
Kubernetes Prow Robot 2021-03-10 22:42:23 -08:00 committed by GitHub
commit 98500aa6a5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
staging/src/k8s.io/apiserver/pkg/server/options/authentication.go
View File

@ -290,16 +290,16 @@ func (s *DelegatingAuthenticationOptions) ApplyTo(authenticationInfo *server.Aut
} }
// get the clientCA information // get the clientCA information
clientCAFileSpecified := len(s.ClientCert.ClientCA) > 0 clientCASpecified := s.ClientCert != ClientCertAuthenticationOptions{}
var clientCAProvider dynamiccertificates.CAContentProvider var clientCAProvider dynamiccertificates.CAContentProvider
if clientCAFileSpecified { if clientCASpecified {
clientCAProvider, err = s.ClientCert.GetClientCAContentProvider() clientCAProvider, err = s.ClientCert.GetClientCAContentProvider()
if err != nil { if err != nil {
return fmt.Errorf("unable to load client CA file %q: %v", s.ClientCert.ClientCA, err) return fmt.Errorf("unable to load client CA provider: %v", err)
} }
cfg.ClientCertificateCAContentProvider = clientCAProvider cfg.ClientCertificateCAContentProvider = clientCAProvider
if err = authenticationInfo.ApplyClientCert(cfg.ClientCertificateCAContentProvider, servingInfo); err != nil { if err = authenticationInfo.ApplyClientCert(cfg.ClientCertificateCAContentProvider, servingInfo); err != nil {
return fmt.Errorf("unable to assign client CA file: %v", err) return fmt.Errorf("unable to assign client CA provider: %v", err)
} }
} else if !s.SkipInClusterLookup { } else if !s.SkipInClusterLookup {