From dc0bcd62e36f5206bc09b8372b5334b7af7ee3d1 Mon Sep 17 00:00:00 2001
From: "Dr. Stefan Schimanski" <stefan.schimanski@gmail.com>
Date: Sun, 21 Jul 2024 22:02:52 +0200
Subject: [PATCH] options/authentication: revert extra serviceaccount
 TokenGetter function silently enabling serviceaccounts

Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
---
 pkg/kubeapiserver/options/authentication.go      | 9 ---------
 pkg/kubeapiserver/options/authentication_test.go | 7 ++-----
 2 files changed, 2 insertions(+), 14 deletions(-)

diff --git a/pkg/kubeapiserver/options/authentication.go b/pkg/kubeapiserver/options/authentication.go
index c2d66d61e8e..61335b58fc3 100644
--- a/pkg/kubeapiserver/options/authentication.go
+++ b/pkg/kubeapiserver/options/authentication.go
@@ -218,15 +218,6 @@ func (o *BuiltInAuthenticationOptions) WithServiceAccounts() *BuiltInAuthenticat
 	return o
 }
 
-// WithTokenGetterFunction set optional service account token getter function
-func (o *BuiltInAuthenticationOptions) WithTokenGetterFunction(f func(factory informers.SharedInformerFactory) serviceaccount.ServiceAccountTokenGetter) *BuiltInAuthenticationOptions {
-	if o.ServiceAccounts == nil {
-		o.ServiceAccounts = &ServiceAccountAuthenticationOptions{}
-	}
-	o.ServiceAccounts.OptionalTokenGetter = f
-	return o
-}
-
 // WithTokenFile set default value for token file authentication
 func (o *BuiltInAuthenticationOptions) WithTokenFile() *BuiltInAuthenticationOptions {
 	o.TokenFile = &TokenFileAuthenticationOptions{}
diff --git a/pkg/kubeapiserver/options/authentication_test.go b/pkg/kubeapiserver/options/authentication_test.go
index 3070ba705ec..7185f385c7a 100644
--- a/pkg/kubeapiserver/options/authentication_test.go
+++ b/pkg/kubeapiserver/options/authentication_test.go
@@ -494,16 +494,13 @@ func TestWithTokenGetterFunction(t *testing.T) {
 			called = true
 			return nil
 		}
-		opts := NewBuiltInAuthenticationOptions().WithTokenGetterFunction(f)
+		opts := NewBuiltInAuthenticationOptions().WithServiceAccounts()
+		opts.ServiceAccounts.OptionalTokenGetter = f
 		err := opts.ApplyTo(context.Background(), &genericapiserver.AuthenticationInfo{}, nil, nil, &openapicommon.Config{}, nil, fakeClientset, versionedInformer, "")
 		if err != nil {
 			t.Fatal(err)
 		}
 
-		if opts.ServiceAccounts.OptionalTokenGetter == nil {
-			t.Fatal("expected token getter function to be set")
-		}
-
 		if !called {
 			t.Fatal("expected token getter function to be called")
 		}