mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 19:56:01 +00:00
Merge pull request #100055 from enj/enj/i/delegated_authn_client_ca
delegated authn: allow client CA override based on non-empty opts
This commit is contained in:
commit
98500aa6a5
@ -290,16 +290,16 @@ func (s *DelegatingAuthenticationOptions) ApplyTo(authenticationInfo *server.Aut
|
|||||||
}
|
}
|
||||||
|
|
||||||
// get the clientCA information
|
// get the clientCA information
|
||||||
clientCAFileSpecified := len(s.ClientCert.ClientCA) > 0
|
clientCASpecified := s.ClientCert != ClientCertAuthenticationOptions{}
|
||||||
var clientCAProvider dynamiccertificates.CAContentProvider
|
var clientCAProvider dynamiccertificates.CAContentProvider
|
||||||
if clientCAFileSpecified {
|
if clientCASpecified {
|
||||||
clientCAProvider, err = s.ClientCert.GetClientCAContentProvider()
|
clientCAProvider, err = s.ClientCert.GetClientCAContentProvider()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("unable to load client CA file %q: %v", s.ClientCert.ClientCA, err)
|
return fmt.Errorf("unable to load client CA provider: %v", err)
|
||||||
}
|
}
|
||||||
cfg.ClientCertificateCAContentProvider = clientCAProvider
|
cfg.ClientCertificateCAContentProvider = clientCAProvider
|
||||||
if err = authenticationInfo.ApplyClientCert(cfg.ClientCertificateCAContentProvider, servingInfo); err != nil {
|
if err = authenticationInfo.ApplyClientCert(cfg.ClientCertificateCAContentProvider, servingInfo); err != nil {
|
||||||
return fmt.Errorf("unable to assign client CA file: %v", err)
|
return fmt.Errorf("unable to assign client CA provider: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
} else if !s.SkipInClusterLookup {
|
} else if !s.SkipInClusterLookup {
|
||||||
|
Loading…
Reference in New Issue
Block a user