From b27735be2ee63fb5730f6deb2b9cd9f992512813 Mon Sep 17 00:00:00 2001 From: Anish Ramasekar Date: Wed, 12 Mar 2025 09:32:21 -0700 Subject: [PATCH] Define type alias for getServiceAccount function Signed-off-by: Anish Ramasekar --- pkg/credentialprovider/plugin/plugin.go | 22 ++++++++++++------- .../kuberuntime/kuberuntime_manager.go | 2 +- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/pkg/credentialprovider/plugin/plugin.go b/pkg/credentialprovider/plugin/plugin.go index 2a6ce7b9441..60cd5859fa8 100644 --- a/pkg/credentialprovider/plugin/plugin.go +++ b/pkg/credentialprovider/plugin/plugin.go @@ -73,6 +73,12 @@ var ( } ) +// GetServiceAccountFunc is a function type that returns a service account token for the given namespace and name. +type GetServiceAccountFunc func(namespace, name string) (*v1.ServiceAccount, error) + +// getServiceAccountTokenFunc is a function type that returns a service account token for the given namespace and name. +type getServiceAccountTokenFunc func(namespace, name string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error) + func init() { install.Install(scheme) kubeletconfig.AddToScheme(scheme) @@ -84,8 +90,8 @@ func init() { // RegisterCredentialProviderPlugins is called from kubelet to register external credential provider // plugins according to the CredentialProviderConfig config file. func RegisterCredentialProviderPlugins(pluginConfigFile, pluginBinDir string, - getServiceAccountToken func(namespace, name string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error), - getServiceAccount func(namespace, name string) (*v1.ServiceAccount, error), + getServiceAccountToken getServiceAccountTokenFunc, + getServiceAccount GetServiceAccountFunc, ) error { if _, err := os.Stat(pluginBinDir); err != nil { if os.IsNotExist(err) { @@ -133,8 +139,8 @@ func RegisterCredentialProviderPlugins(pluginConfigFile, pluginBinDir string, // newPluginProvider returns a new pluginProvider based on the credential provider config. func newPluginProvider(pluginBinDir string, provider kubeletconfig.CredentialProvider, - getServiceAccountToken func(namespace, name string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error), - getServiceAccount func(namespace, name string) (*v1.ServiceAccount, error), + getServiceAccountToken getServiceAccountTokenFunc, + getServiceAccount GetServiceAccountFunc, ) (*pluginProvider, error) { mediaType := "application/json" info, ok := runtime.SerializerInfoForMediaType(codecs.SupportedMediaTypes(), mediaType) @@ -200,16 +206,16 @@ type pluginProvider struct { type serviceAccountProvider struct { audience string requireServiceAccount bool - getServiceAccountFunc func(namespace, name string) (*v1.ServiceAccount, error) - getServiceAccountTokenFunc func(podNamespace, serviceAccountName string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error) + getServiceAccountFunc GetServiceAccountFunc + getServiceAccountTokenFunc getServiceAccountTokenFunc requiredServiceAccountAnnotationKeys []string optionalServiceAccountAnnotationKeys []string } func newServiceAccountProvider( provider kubeletconfig.CredentialProvider, - getServiceAccount func(namespace, name string) (*v1.ServiceAccount, error), - getServiceAccountToken func(namespace, name string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error), + getServiceAccount GetServiceAccountFunc, + getServiceAccountToken getServiceAccountTokenFunc, ) *serviceAccountProvider { featureGateEnabled := utilfeature.DefaultFeatureGate.Enabled(features.KubeletServiceAccountTokenForCredentialProviders) serviceAccountTokenAudienceSet := provider.TokenAttributes != nil && len(provider.TokenAttributes.ServiceAccountTokenAudience) > 0 diff --git a/pkg/kubelet/kuberuntime/kuberuntime_manager.go b/pkg/kubelet/kuberuntime/kuberuntime_manager.go index 55f6c086094..9eeee3b13ef 100644 --- a/pkg/kubelet/kuberuntime/kuberuntime_manager.go +++ b/pkg/kubelet/kuberuntime/kuberuntime_manager.go @@ -224,7 +224,7 @@ func NewKubeGenericRuntimeManager( podPullingTimeRecorder images.ImagePodPullingTimeRecorder, tracerProvider trace.TracerProvider, tokenManager *token.Manager, - getServiceAccount func(string, string) (*v1.ServiceAccount, error), + getServiceAccount plugin.GetServiceAccountFunc, ) (KubeGenericRuntime, error) { ctx := context.Background() runtimeService = newInstrumentedRuntimeService(runtimeService)