github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-29 06:27:05 +00:00
Code Issues Projects Releases Wiki Activity

Define type alias for getServiceAccount function

Browse Source 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
This commit is contained in:
Anish Ramasekar 2025-03-12 09:32:21 -07:00
parent fb98a599a6
commit b27735be2e
No known key found for this signature in database
GPG Key ID: E96F745A34A409C2
2 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
pkg/credentialprovider/plugin/plugin.go
View File

@ -73,6 +73,12 @@ var (
}
)
// GetServiceAccountFunc is a function type that returns a service account token for the given namespace and name.
type GetServiceAccountFunc func(namespace, name string) (*v1.ServiceAccount, error)
// getServiceAccountTokenFunc is a function type that returns a service account token for the given namespace and name.
type getServiceAccountTokenFunc func(namespace, name string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error)
func init() {
install.Install(scheme)
kubeletconfig.AddToScheme(scheme)
@ -84,8 +90,8 @@ func init() {
// RegisterCredentialProviderPlugins is called from kubelet to register external credential provider
// plugins according to the CredentialProviderConfig config file.
func RegisterCredentialProviderPlugins(pluginConfigFile, pluginBinDir string,
getServiceAccountToken func(namespace, name string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error),
getServiceAccount func(namespace, name string) (*v1.ServiceAccount, error),
getServiceAccountToken getServiceAccountTokenFunc,
getServiceAccount GetServiceAccountFunc,
) error {
if _, err := os.Stat(pluginBinDir); err != nil {
if os.IsNotExist(err) {
@ -133,8 +139,8 @@ func RegisterCredentialProviderPlugins(pluginConfigFile, pluginBinDir string,
// newPluginProvider returns a new pluginProvider based on the credential provider config.
func newPluginProvider(pluginBinDir string, provider kubeletconfig.CredentialProvider,
getServiceAccountToken func(namespace, name string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error),
getServiceAccount func(namespace, name string) (*v1.ServiceAccount, error),
getServiceAccountToken getServiceAccountTokenFunc,
getServiceAccount GetServiceAccountFunc,
) (*pluginProvider, error) {
mediaType := "application/json"
info, ok := runtime.SerializerInfoForMediaType(codecs.SupportedMediaTypes(), mediaType)
@ -200,16 +206,16 @@ type pluginProvider struct {
type serviceAccountProvider struct {
audience string
requireServiceAccount bool
getServiceAccountFunc func(namespace, name string) (*v1.ServiceAccount, error)
getServiceAccountTokenFunc func(podNamespace, serviceAccountName string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error)
getServiceAccountFunc GetServiceAccountFunc
getServiceAccountTokenFunc getServiceAccountTokenFunc
requiredServiceAccountAnnotationKeys []string
optionalServiceAccountAnnotationKeys []string
}
func newServiceAccountProvider(
provider kubeletconfig.CredentialProvider,
getServiceAccount func(namespace, name string) (*v1.ServiceAccount, error),
getServiceAccountToken func(namespace, name string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error),
getServiceAccount GetServiceAccountFunc,
getServiceAccountToken getServiceAccountTokenFunc,
) *serviceAccountProvider {
featureGateEnabled := utilfeature.DefaultFeatureGate.Enabled(features.KubeletServiceAccountTokenForCredentialProviders)
serviceAccountTokenAudienceSet := provider.TokenAttributes != nil && len(provider.TokenAttributes.ServiceAccountTokenAudience) > 0

2
pkg/kubelet/kuberuntime/kuberuntime_manager.go
View File

@ -224,7 +224,7 @@ func NewKubeGenericRuntimeManager(
podPullingTimeRecorder images.ImagePodPullingTimeRecorder,
tracerProvider trace.TracerProvider,
tokenManager *token.Manager,
getServiceAccount func(string, string) (*v1.ServiceAccount, error),
getServiceAccount plugin.GetServiceAccountFunc,
) (KubeGenericRuntime, error) {
ctx := context.Background()
runtimeService = newInstrumentedRuntimeService(runtimeService)