Skip to content

Commit

Permalink
Merge pull request #177 from vhurtevent/main
Browse files Browse the repository at this point in the history 
Make TokenReviewerServiceAccount optional in KubeAuthEngineConfig
  • Loading branch information
@raffaelespazzoli
raffaelespazzoli authored Jul 24, 2023
2 parents e9f3b8c + cf6b9b3 commit b01f5ac
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 9 deletions.
18 changes: 11 additions & 7 deletions api/v1alpha1/kubernetesauthengineconfig_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,7 @@ type KubernetesAuthEngineConfigSpec struct {
KAECConfig `json:",inline"`

// TokenReviewerServiceAccount A service account JWT used to access the TokenReview API to validate other JWTs during login. If not set, the JWT submitted in the login payload will be used to access the Kubernetes TokenReview API.
// +kubebuilder:validation:Required
// +kubebuilder:default={"name": "default"}
// +kubebuilder:validation:Optional
TokenReviewerServiceAccount *corev1.LocalObjectReference `json:"tokenReviewerServiceAccount,omitempty"`
}

Expand Down Expand Up @@ -79,12 +78,17 @@ func (d *KubernetesAuthEngineConfig) IsInitialized() bool {

func (d *KubernetesAuthEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error {
log := log.FromContext(context)
jwt, err := d.getJWTToken(context)
if err != nil {
log.Error(err, "unable retrieve jwt token for ", "service account", d.Namespace+"/"+d.Spec.TokenReviewerServiceAccount.Name)
return err

// Check if TokenReviewerServiceAccount exists before calling getJWTToken
if d.Spec.TokenReviewerServiceAccount != nil {
jwt, err := d.getJWTToken(context)
if err != nil {
log.Error(err, "unable to retrieve jwt token for service account", "service account", d.Namespace+"/"+d.Spec.TokenReviewerServiceAccount.Name)
return err
}
d.Spec.retrievedTokenReviewerJWT = jwt
}
d.Spec.retrievedTokenReviewerJWT = jwt

return nil
}

Expand Down
2 changes: 0 additions & 2 deletions config/crd/bases/redhatcop.redhat.io_kubernetesauthengineconfigs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,8 +164,6 @@ spec:
pattern: ^(?:/?[\w;:@&=\$-\.\+]*)+/?
type: string
tokenReviewerServiceAccount:
default:
name: default
description: TokenReviewerServiceAccount A service account JWT used
to access the TokenReview API to validate other JWTs during login.
If not set, the JWT submitted in the login payload will be used
Expand Down

0 comments on commit b01f5ac

Please sign in to comment.