From 87ac3f57d4ea050cfb45c60bc5d1c98887037a35 Mon Sep 17 00:00:00 2001 From: Shihang Zhang Date: Thu, 15 Apr 2021 09:50:43 -0700 Subject: [PATCH] allow multiple of --service-account-issuer Kubernetes-commit: 925900317e43e58435082f624f5969e3cfe25c67 --- pkg/authentication/authenticatorfactory/loopback.go | 4 ++-- pkg/server/config.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/authentication/authenticatorfactory/loopback.go b/pkg/authentication/authenticatorfactory/loopback.go index f31656529..fe51afcbc 100644 --- a/pkg/authentication/authenticatorfactory/loopback.go +++ b/pkg/authentication/authenticatorfactory/loopback.go @@ -24,6 +24,6 @@ import ( ) // NewFromTokens returns an authenticator.Request or an error -func NewFromTokens(tokens map[string]*user.DefaultInfo) authenticator.Request { - return bearertoken.New(tokenfile.New(tokens)) +func NewFromTokens(tokens map[string]*user.DefaultInfo, audiences authenticator.Audiences) authenticator.Request { + return bearertoken.New(authenticator.WrapAudienceAgnosticToken(audiences, tokenfile.New(tokens))) } diff --git a/pkg/server/config.go b/pkg/server/config.go index 12d18796e..5536e8cac 100644 --- a/pkg/server/config.go +++ b/pkg/server/config.go @@ -858,7 +858,7 @@ func AuthorizeClientBearerToken(loopback *restclient.Config, authn *Authenticati Groups: []string{user.SystemPrivilegedGroup}, } - tokenAuthenticator := authenticatorfactory.NewFromTokens(tokens) + tokenAuthenticator := authenticatorfactory.NewFromTokens(tokens, authn.APIAudiences) authn.Authenticator = authenticatorunion.New(tokenAuthenticator, authn.Authenticator) tokenAuthorizer := authorizerfactory.NewPrivilegedGroups(user.SystemPrivilegedGroup)