github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-03 09:22:44 +00:00
Code Issues Projects Releases Wiki Activity

Define type alias for getServiceAccount function

Browse Source 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
This commit is contained in:
Anish Ramasekar 2025-03-12 09:32:21 -07:00
parent fb98a599a6
commit b27735be2e
No known key found for this signature in database
GPG Key ID: E96F745A34A409C2
2 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
pkg/credentialprovider/plugin/plugin.go
View File

@ -73,6 +73,12 @@ var (
} }
) )
// GetServiceAccountFunc is a function type that returns a service account token for the given namespace and name.
type GetServiceAccountFunc func(namespace, name string) (*v1.ServiceAccount, error)
// getServiceAccountTokenFunc is a function type that returns a service account token for the given namespace and name.
type getServiceAccountTokenFunc func(namespace, name string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error)
func init() { func init() {
install.Install(scheme) install.Install(scheme)
kubeletconfig.AddToScheme(scheme) kubeletconfig.AddToScheme(scheme)
@ -84,8 +90,8 @@ func init() {
// RegisterCredentialProviderPlugins is called from kubelet to register external credential provider // RegisterCredentialProviderPlugins is called from kubelet to register external credential provider
// plugins according to the CredentialProviderConfig config file. // plugins according to the CredentialProviderConfig config file.
func RegisterCredentialProviderPlugins(pluginConfigFile, pluginBinDir string, func RegisterCredentialProviderPlugins(pluginConfigFile, pluginBinDir string,
getServiceAccountToken func(namespace, name string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error), getServiceAccountToken getServiceAccountTokenFunc,
getServiceAccount func(namespace, name string) (*v1.ServiceAccount, error), getServiceAccount GetServiceAccountFunc,
) error { ) error {
if _, err := os.Stat(pluginBinDir); err != nil { if _, err := os.Stat(pluginBinDir); err != nil {
if os.IsNotExist(err) { if os.IsNotExist(err) {
@ -133,8 +139,8 @@ func RegisterCredentialProviderPlugins(pluginConfigFile, pluginBinDir string,
// newPluginProvider returns a new pluginProvider based on the credential provider config. // newPluginProvider returns a new pluginProvider based on the credential provider config.
func newPluginProvider(pluginBinDir string, provider kubeletconfig.CredentialProvider, func newPluginProvider(pluginBinDir string, provider kubeletconfig.CredentialProvider,
getServiceAccountToken func(namespace, name string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error), getServiceAccountToken getServiceAccountTokenFunc,
getServiceAccount func(namespace, name string) (*v1.ServiceAccount, error), getServiceAccount GetServiceAccountFunc,
) (*pluginProvider, error) { ) (*pluginProvider, error) {
mediaType := "application/json" mediaType := "application/json"
info, ok := runtime.SerializerInfoForMediaType(codecs.SupportedMediaTypes(), mediaType) info, ok := runtime.SerializerInfoForMediaType(codecs.SupportedMediaTypes(), mediaType)
@ -200,16 +206,16 @@ type pluginProvider struct {
type serviceAccountProvider struct { type serviceAccountProvider struct {
audience string audience string
requireServiceAccount bool requireServiceAccount bool
getServiceAccountFunc func(namespace, name string) (*v1.ServiceAccount, error) getServiceAccountFunc GetServiceAccountFunc
getServiceAccountTokenFunc func(podNamespace, serviceAccountName string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error) getServiceAccountTokenFunc getServiceAccountTokenFunc
requiredServiceAccountAnnotationKeys []string requiredServiceAccountAnnotationKeys []string
optionalServiceAccountAnnotationKeys []string optionalServiceAccountAnnotationKeys []string
} }
func newServiceAccountProvider( func newServiceAccountProvider(
provider kubeletconfig.CredentialProvider, provider kubeletconfig.CredentialProvider,
getServiceAccount func(namespace, name string) (*v1.ServiceAccount, error), getServiceAccount GetServiceAccountFunc,
getServiceAccountToken func(namespace, name string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error), getServiceAccountToken getServiceAccountTokenFunc,
) *serviceAccountProvider { ) *serviceAccountProvider {
featureGateEnabled := utilfeature.DefaultFeatureGate.Enabled(features.KubeletServiceAccountTokenForCredentialProviders) featureGateEnabled := utilfeature.DefaultFeatureGate.Enabled(features.KubeletServiceAccountTokenForCredentialProviders)
serviceAccountTokenAudienceSet := provider.TokenAttributes != nil && len(provider.TokenAttributes.ServiceAccountTokenAudience) > 0 serviceAccountTokenAudienceSet := provider.TokenAttributes != nil && len(provider.TokenAttributes.ServiceAccountTokenAudience) > 0

2
pkg/kubelet/kuberuntime/kuberuntime_manager.go
View File

@ -224,7 +224,7 @@ func NewKubeGenericRuntimeManager(
podPullingTimeRecorder images.ImagePodPullingTimeRecorder, podPullingTimeRecorder images.ImagePodPullingTimeRecorder,
tracerProvider trace.TracerProvider, tracerProvider trace.TracerProvider,
tokenManager *token.Manager, tokenManager *token.Manager,
getServiceAccount func(string, string) (*v1.ServiceAccount, error), getServiceAccount plugin.GetServiceAccountFunc,
) (KubeGenericRuntime, error) { ) (KubeGenericRuntime, error) {
ctx := context.Background() ctx := context.Background()
runtimeService = newInstrumentedRuntimeService(runtimeService) runtimeService = newInstrumentedRuntimeService(runtimeService)