kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

allow multiple of --service-account-issuer 

Kubernetes-commit: 925900317e43e58435082f624f5969e3cfe25c67
This commit is contained in:
Shihang Zhang 2021-04-15 09:50:43 -07:00 committed by Kubernetes Publisher
parent 940c107184
commit 87ac3f57d4
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/authentication/authenticatorfactory/loopback.go
View File

@ -24,6 +24,6 @@ import (
) )
// NewFromTokens returns an authenticator.Request or an error // NewFromTokens returns an authenticator.Request or an error
func NewFromTokens(tokens map[string]*user.DefaultInfo) authenticator.Request { func NewFromTokens(tokens map[string]*user.DefaultInfo, audiences authenticator.Audiences) authenticator.Request {
return bearertoken.New(tokenfile.New(tokens)) return bearertoken.New(authenticator.WrapAudienceAgnosticToken(audiences, tokenfile.New(tokens)))
} }

2
pkg/server/config.go
View File

@ -858,7 +858,7 @@ func AuthorizeClientBearerToken(loopback *restclient.Config, authn *Authenticati
Groups: []string{user.SystemPrivilegedGroup}, Groups: []string{user.SystemPrivilegedGroup},
} }
tokenAuthenticator := authenticatorfactory.NewFromTokens(tokens) tokenAuthenticator := authenticatorfactory.NewFromTokens(tokens, authn.APIAudiences)
authn.Authenticator = authenticatorunion.New(tokenAuthenticator, authn.Authenticator) authn.Authenticator = authenticatorunion.New(tokenAuthenticator, authn.Authenticator)
tokenAuthorizer := authorizerfactory.NewPrivilegedGroups(user.SystemPrivilegedGroup) tokenAuthorizer := authorizerfactory.NewPrivilegedGroups(user.SystemPrivilegedGroup)